search

lastpass / lastpass-cli

LastPass command line interface tool
GNU General Public License v2.0
2.85k stars 292 forks source link

Ability to verify public keys before adding a user to a shared folder. #467

Closed astral303 closed 4 months ago

astral303 commented 5 years ago

This is required in to ensure that you are not being MITM'd when adding new users to your shared folders. This enables truly secure shared folders.

Improve security by checking for key consistency on share usercreate. "share usercreate" now verifies that pubkey from the Lastpass servers is for the correct private key.

Fingerprint is SHA-256 of the public key's modulus.

CLI changes: "status -k" will print your sharing key fingerprint, as based on your private key inside your vault. "share useradd -k" will print the fingerprints of keys returned from the Lastpass servers and will wait for confirmation before adding the specified user to the shared folder.

An environment variable can be used to force key confirmation.

Signed-off-by: Oleg Rekutin orekutin@evergage.com

majid021 commented 5 years ago

Hi Oleg,

Just wondering if this fix would solve the issue #464 Unable to add the group to shared folder ? ( i.e., whenever we try to add the group to a shared folder, the following error is displayed, Unable to encrypt sharing key with pubkey (-1))

Please advice.

astral303 commented 5 years ago

Just wondering if this fix would solve the issue #464 Unable to add the group to shared folder ?

Nope, it would not solve it. This code does not alter pub key encryption logic.

dimic00l commented 5 years ago

I desperately need this fix in order to add group permissions to shared folders. Can someone tell me how to get this ?? (I need to script more than 100 folders.. otherwise this needs to be done via the UI !! :-| )

edit: ok, I should have read the comment above more closely :(

mateusmartins-lp commented 3 months ago

Regrettably, your PR submission was unintentionally closed during an operation, before we could complete our review and respond accordingly. Unable to revert it to 'Open' status, we invite you to resubmit your contribution at your earliest convenience. We apologize for this mishap. Rest assured, we value all contributions and remain dedicated to providing transparency and closure to the community. Thank you for your understanding.