Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/marchof/credential-store
OpenSSL Based Credential Store
https://github.com/marchof/credential-store
Last synced: 7 days ago
JSON representation
OpenSSL Based Credential Store
- Host: GitHub
- URL: https://github.com/marchof/credential-store
- Owner: marchof
- Created: 2015-10-14T20:32:51.000Z (about 9 years ago)
- Default Branch: master
- Last Pushed: 2015-10-15T05:14:55.000Z (about 9 years ago)
- Last Synced: 2024-10-28T21:09:29.747Z (about 2 months ago)
- Language: Shell
- Size: 125 KB
- Stars: 0
- Watchers: 3
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
OpenSSL Based Credential Store
==============================Collection of scripts to manage a store of encrypted credentials. Multiple
credentials can be encrypted with multiple public/private key pairs.Use Cases
---------* Add/update entry
* Remove entry
* Get entry (any private key required)
* Get all entries (any private key required)
* Add public key (any existing private key required to re-encrypt entries)Design and Algorithms
---------------------Every credential is encrypted and stored in a separate file. This allows simple
addition, removal and modification without encrypting/decrypting other
credentials.To allow credentials of arbitrary size credentials are encrypted with the
symmetric scheme AES-256-CBC.A different random key is used for every credential which in turn is encrypted
with the the asymmetric RSA scheme using a 4096 bit key. This allows adding and
updating credentials without knowing any existing private keys. The random key
for the new entry is encrypted with all existing public keys know in the store.File System Layout
------------------The scripts use a fixed file system layout under a folder containing the store.
All encrypted credentials are directly stored in the store directory, using the
entry name as the file name.For every public key a directory with the name 'key-' exists. The
directory contains the public key itself (public.pem) and the encrypted key for
every credential.Example:
```
/
+-- keys-330dedf821800d8425cfaedfd977f61c67084f02/
| +-- public.pem
| +-- com.example.credential1.key
| +-- com.example.credential2.key
+-- keys-556fe76662da271eadcf34704b86ad793b56cc11/
| +-- public.pem
| +-- com.example.credential1.key
| +-- com.example.credential2.key
+-- keys-803972b8eb835d6d661d2de4675e7e5964326362/
| +-- public.pem
| +-- com.example.credential1.key
| +-- com.example.credential2.key
+-- com.example.credential1
+-- com.example.credential2
```Test Execution
--------------Run the following command to execute the test scenario:
```
sh src/test/scripts/runtests.sh
```