I gotta ask... --generate creates world-readable key files?

nrser commented 6 years ago

Environment

Provide at least:

Ruby Version. 2.3.6
Symmetric Encryption Version. 4.0.1
Application/framework names and versions (e.g. Rails, Sinatra, Puma, etc.). SymEnc CLI
Full Stack Trace, if an exception is being raised. N/A

Expected Behavior

I would not expect generated private key files to be world readable.

I would kind of expect the program to refuse to even deal with world-readable files and directories.

Actual Behavior

These are the actual private keys, right?

$ ll /etc/symmetric-encryption/
total 32
-rw-r--r--  1 nrser  wheel    48B May  9 01:34 www_rails_official_v1.encrypted_key
-rw-r--r--  1 nrser  wheel    32B May  9 01:34 www_rails_official_v1.kekek
-rw-r--r--  1 nrser  wheel    48B May  9 01:34 www_rails_staging_v1.encrypted_key
-rw-r--r--  1 nrser  wheel    32B May  9 01:34 www_rails_staging_v1.kekek

I know the next line in the guide suggests changing the file permissions, but I'm wondering why a security program would want to ever create world-readable private key files?

symmetric-encryption --generate ... was totally fine creating world-readable key files in a world-readable/etc/symmetric-encryption. This feels really weird to me...

reidmorrison commented 6 years ago

Yes, it is a todo item to change the file permissions. Currently our operations team does that automatically for us. If anyone wants to submit a pull request to change the permission directly within the ruby code it would be gladly accepted.

These are some of the notes I have, but they need to be double checked:

# Re-secure files after key rotation:
chmod 500 /etc/symmetric-encryption
chmod 400 /etc/symmetric-encryption/ *
chown <owner>:< group> -R /etc/symmetric-encryption

reidmorrison commented 6 years ago

One other item, there is a todo in the source code, to throw an exception if the files are globally accessible, or just to automatically fix the file permission when the application reads the file on startup.

nesteves commented 5 years ago

Hi, I've submitted a PR to address this issue. Here are some of my assumptions:

The expected permissions for the key files (*.key) are 600, readable and writable by the user that owns them
The directory on which the keys are stored can have any permissions

Am I making any wrong assumptions or missing something? Thanks in advance!

reidmorrison commented 5 years ago

Thank you @nesteves for the pull request

reidmorrison / symmetric-encryption