user gone and expiring access
Jake Yip
jake.yip at ardc.edu.au
Fri Feb 22 02:04:38 CET 2019
On Fri, Feb 22, 2019 at 9:37 AM higuita <higuita at gmx.net> wrote:
>
> Of course i'm not talking about a malicious user directly, those can dump
> everything as plain text, it's more protecting "personal" backups and
> copies
> stored in other places that we may not trust in a long run.
>
>
This means NOT storing your encrypted keys on a local device, but storing
them in a (online) place where you can easily revoke access to. I have
found keybase and their keybase filesystem to work for me (
https://keybase.io/docs/kbfs).
> Maybe pass could generate a key that expires after x days and double
> encrypt
> everything using first the key with the expiration date and then the user
> key.
> A small deamon (or even a cron) could keep the expiration key valid by
> generating
> a new one and reencrypt. Users that still have access can do a git pull and
> get the updated info. Users that fail to update will be unable to decrypt
> the
> content after the key was expired.
>
> Pass could remove the expired key automatically if expired, to avoid the
> faketime
> loophole of timetravel back to when the key was still valid.
>
It works similarly to your double encrypt idea. The encrypted pass files on
KBFS is encrypted again with a device specific key. The pass files are
streamed to your machine and decrypted when needed. You can revoke a device
and it will not be able to get the encrypted pass files anymore.
Regards,
--
Jake Yip
DevOps Engineer
M +61 383 443 669 <+61+383+443+669>
jake.yip at ardc.edu.au <tsuey.cham at ardc.edu.au>
ardc.edu.au <http://www.ardc.edu.au>
[image: ardc.edu.au] <http://ardc.edu.au>
<https://twitter.com/ands_nectar_rds>
<https://www.youtube.com/user/andsdata>
ARDC acknowledges the Traditional Owners of the lands
that we live and work on across Australia and pays its respect
to Elders past and present.
Please consider the environment before printing this e-mail.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20190222/205d6279/attachment.html>
More information about the Password-Store
mailing list