Open GaelC92 opened 3 years ago
Hi, this would be a major feature... I don't understand this does not have more votes
The issue with nearly ALL vault/encryption solutions to be used by a team, is that key must be shared.
Thus, you have all of the following :
Having the ability to enroll multiple separate and independant key sources, that encrypts for the same data without requiring to store N times the same data (each encrypted with a different key), would be the killer feature.
I know it's a very hard problem, and I don't know how to solve it, but I can tell you it would be a killer...
yes, the main case is for backup. If I init with a single FIDO2 key and I will lose the key i will lose all my encrypted data? (or do I have additionally a masterkey?, dont tried yet). So I think it is common to add multiple keys.
Maybe (but not really important,eventually a feature request): the option to use Password OR a hardware key...
Yes you always have the master key for recovery.
On Wed, 24 Jul 2024, 11:23 deutschem1, @.***> wrote:
yes, the main case is for backup. If I init with a single FIDO2 key and I will lose the key i will lose all my encrypted data? (or do I have additionally a masterkey?, dont tried yet). So I think it is common to add multiple keys.
Maybe (but not really important,eventually a feature request): the option to use Password OR a hardware key...
— Reply to this email directly, view it on GitHub https://github.com/rfjakob/gocryptfs/issues/572#issuecomment-2247344343, or unsubscribe https://github.com/notifications/unsubscribe-auth/AACGA776EJJBP25N4M32DM3ZN5W73AVCNFSM6AAAAABLMCIMRKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDENBXGM2DIMZUGM . You are receiving this because you are subscribed to this thread.Message ID: @.***>
Use case is mainly as a safety net (backup fido2 device), but could be used for multiple user access.
I figure this could be based on a k in n shared secret algorithm like shamir secret sharing. for a start, it would also require to allow multiple entries in the .conf file.