Add doc details on security

[myrho]

Since this tool is dealing with very sensitive data, I'd like to see more documentation details on the other security measures apart from the group password.

Eg.

• Where does my private/public key pair come from?
• How do you verify a public key? Is there anything like certificates in action?
• How are passwords propagated and stored?
• What data exactly flows through the server?
• How could I setup and use my own server?

[Zinggi]

Great questions! I'll certainly answer those questions, but it will take some time. Meanwhile, have you seen the link to the project report? It gives more details, which might clarify some of the questions.

But in any case, I will answer all those questions separately as good as possible.

[myrho]

Thx! I missed this one. I'll have a look.

[Zinggi]

Where does my private/public key pair come from? How do you verify a public key? Is there anything like certificates in action?

Every device has two RSA private/public key pairs. One for signing/verifying messages, the other to encrypt/decrypt sensitive data. The keys are generated at first use using the Web Crypto API. The actual code is here.

When pairing a device, the devices add the public key of the other device on their list of trusted devices. This is how trust between devices is established. There are no certificates, as it doesn't make sense in this scenario.

[Zinggi]

How are passwords propagated and stored?

When first storing a password with a certain security level, a 256bit group key is generated. This key will be used to encrypt the password using AES. This key is never stored anywhere directly. Instead, the group key is split into multiple parts using Shamir's Secret Sharing. The resulting key shares are then encrypted using the public key of the receiving device and sent to them. The encrypted password is inserted into the shared state and is synchronized with the other devices like any other synchronized data.

So after the sync is complete, each paired device will have a key share plus the encrypted passwords.

When you need a password, your device asks the other devices for their key share and if you give the confirmation they will send their key share encrypted with the public key of the device that asked for the passwords. Once enough key shares have been gathered, this device can than recover the group password and decrypt your saved passwords.

[Zinggi]

What data exactly flows through the server?

The devices exchange state information to synchronize their shared state.
This shared state contains the encrypted passwords, the encrypted key shares that have not been collected yet, the stored accounts, which devices are trusted and shared settings.

Most of these are not encrypted, so the server could read which accounts you are using, e.g. site URLs and corresponding user name. My server doesn't store anything, but if I'd be lying I could store this information.

The server is not able to manipulate messages and can't read any passwords.

Ideally, I'd like to implement WebRTC in the future to enable direct peer to peer communication without any middleman.

[Zinggi]

How could I setup and use my own server?

Basically by following this readme. However, it's mostly written for myself, so it might not be very easy to follow. But if someone really wants to setup their own server, please let me know and I can help out and at the same time make the readme better.

To make use of your own server you'd also have to change the url here and here and compile your own clients.

This process could probably be made a bit easier, but I think if you have the knowledge to host your own server, you probably don't mind having to fiddle a bit with the code as well.

[Zinggi]

If something isn't clear, feel free to ask clarifying questions. I answered each one separately such that I can link to them from the readme.