There are times when we want to secure a database with a requirement that multiple people be involved to open it. Right now, this is clunky, as we simply trust one factor each to two people (one person gets a password, the other uses their Yubikey, and neither has access to the other factor), and it is also limited, since we can only use two people, and always must use two people.
What we're really looking for is something that would enable these things:
enlist X number of approved "openers"
require Y number of "openers" to consent to a database being opened (Y<X)
any combination of approved "openers" can be used to make up Y at any time
We would likely want to implement this with certificates, which is what led us to discover this plugin.
So, my question is this: given your understanding of and experience with building this plugin for Keepass, including your development of some custom UI in the process, would it be realistic for this to be implemented within the framework Keepass provides (and you have already built)?
If this is in the realm of reality, then I'd be very interested to discuss it with you further. But if it's not practical within the universe Keepass has created, then it would be good to hear that from someone who has already touched so closely on what we are looking for. :)
There are times when we want to secure a database with a requirement that multiple people be involved to open it. Right now, this is clunky, as we simply trust one factor each to two people (one person gets a password, the other uses their Yubikey, and neither has access to the other factor), and it is also limited, since we can only use two people, and always must use two people.
What we're really looking for is something that would enable these things:
We would likely want to implement this with certificates, which is what led us to discover this plugin.
So, my question is this: given your understanding of and experience with building this plugin for Keepass, including your development of some custom UI in the process, would it be realistic for this to be implemented within the framework Keepass provides (and you have already built)?
If this is in the realm of reality, then I'd be very interested to discuss it with you further. But if it's not practical within the universe Keepass has created, then it would be good to hear that from someone who has already touched so closely on what we are looking for. :)