SekritFerret is a module for securely storing and sharing sensitive information; the primary usage is passwords, but it is intended to accommodate other information as well.
A key mechanism is that all sensitive information is encrypted using a public key, where the private key is never stored on the server. Each user has their own public/private key. The user enters it manually when decryption is needed. (Optionally, we might have a mode where the private key is stored on the browser as a cookie, allowing the server to automatically decrypt things without the user having to repeatedly enter it.)
When a user (Alice) wishes to share selected sensitive information with another user (Betty), the server decrypts Alice's information with Alice's submitted private key, then encrypts it using Betty's public key (stored on the server) and saves the result alongside the original user's encrypted value. This prevents the data from ever being stored on the server in a way that would permit decrypting with no additional information.
- data is key-value pairs
- user must be able to choose which pairs should be stored encrypted
- user must be able to organize pairs in a hierarchy
- e.g. under a site name, there may be multiple user accounts; each user account would have a single password and possibly other information
- ideally, values should support other types of information such as dates, URLs
- users should be able to share any given pair with other designated users/groups
- subordinate (child) pairs would be shared by default as well
- user may also protect any pair (and, by default, its subordinates) from being included as a subordinate share
- should maintain an edit history for each pair
- When one user changes a value, the value must be re-encrypted for all users who have access to it so everyone has the new value.
- Ideally, users should be able to change their public/private keypair in case their private key becomes compromised.