Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/marchof/credential-store

OpenSSL Based Credential Store
https://github.com/marchof/credential-store

Last synced: 7 days ago
JSON representation

OpenSSL Based Credential Store

Awesome Lists containing this project

README

        

OpenSSL Based Credential Store
==============================

Collection of scripts to manage a store of encrypted credentials. Multiple
credentials can be encrypted with multiple public/private key pairs.

Use Cases
---------

* Add/update entry
* Remove entry
* Get entry (any private key required)
* Get all entries (any private key required)
* Add public key (any existing private key required to re-encrypt entries)

Design and Algorithms
---------------------

Every credential is encrypted and stored in a separate file. This allows simple
addition, removal and modification without encrypting/decrypting other
credentials.

To allow credentials of arbitrary size credentials are encrypted with the
symmetric scheme AES-256-CBC.

A different random key is used for every credential which in turn is encrypted
with the the asymmetric RSA scheme using a 4096 bit key. This allows adding and
updating credentials without knowing any existing private keys. The random key
for the new entry is encrypted with all existing public keys know in the store.

File System Layout
------------------

The scripts use a fixed file system layout under a folder containing the store.

All encrypted credentials are directly stored in the store directory, using the
entry name as the file name.

For every public key a directory with the name 'key-' exists. The
directory contains the public key itself (public.pem) and the encrypted key for
every credential.

Example:

```
/
+-- keys-330dedf821800d8425cfaedfd977f61c67084f02/
| +-- public.pem
| +-- com.example.credential1.key
| +-- com.example.credential2.key
+-- keys-556fe76662da271eadcf34704b86ad793b56cc11/
| +-- public.pem
| +-- com.example.credential1.key
| +-- com.example.credential2.key
+-- keys-803972b8eb835d6d661d2de4675e7e5964326362/
| +-- public.pem
| +-- com.example.credential1.key
| +-- com.example.credential2.key
+-- com.example.credential1
+-- com.example.credential2
```

Test Execution
--------------

Run the following command to execute the test scenario:

```
sh src/test/scripts/runtests.sh
```