tAdd goals to the README - safe - password protected secret keeper
(HTM) git clone git://git.z3bra.org/safe.git
(DIR) Log
(DIR) Files
(DIR) Refs
(DIR) README
(DIR) LICENSE
---
(DIR) commit a93295e50bbb8b76c652a24adf80aaf5c70bc15d
(DIR) parent 4e2116da7d696a189eee862c570109a0fc4287f8
(HTM) Author: z3bra <contactatz3bradotorg>
Date: Wed, 27 Feb 2019 17:41:00 +0100
Add goals to the README
Diffstat:
M README | 42 ++++++++++++++++++++++++++++++-
1 file changed, 41 insertions(+), 1 deletion(-)
---
(DIR) diff --git a/README b/README
t@@ -4,11 +4,17 @@ Store your secrets in an encrypted safe, protected by a password.
## usage
- safe [-la] [secret..]
+ safe [-ad] [secret..]
+
+ # list all your deepest secrets
+ safe
# add a secret to your safe
echo 'This is secret!' | safe -a secret
+ # start a safe agent
+ safe -d
+
# retrieve a secret from your safe
safe secret
t@@ -19,5 +25,39 @@ Store your secrets in an encrypted safe, protected by a password.
+ Store any kind of file
+ Do not expose file hierarchy if locked
+## design
+
+Your safe is stored on disk as a directory tree, with the following structure:
+
+ .safe
+ .safe/.index
+ .safe/2a809d0bfb9e39c5abf2b8b5baee231043085d3172aaa0040317cffc02736d5e
+ .safe/ad2063741cce2d9f2862b07152b06528d175e9e658ade8f2daa416834c9c089a
+
+Where each hash represent a "secret". They're stored as hashes to hide
+any kind of meta information about your secret.
+These files are stored encrypted, using your master password.
+
+The .index file stores the actual names of your entries, so we can
+calculate the hash in-memory.
+This file is also stored encrypted.
+
+You can then retrieve secrets by requesting them, and typing your master
+password to decrypt them.
+
+To make it more usable, the safe is accessible through an agent (let's
+call it Edgard), which acts as a gatekeeper.
+When you want to retrieve a secret, you ask Edgard for it, and he will
+decrypt it for you on stdout.
+
+When you first call Edgard, he will ask you for your master password,
+so he can decrypt the secrets for you.
+
+The password is stored hashed in memory, so nobody can "retrieve" your
+master password. As this hash is kept in memory to decrypt the file,
+giving your password to Edgard means that an intruder could extract
+this hash, and thus decrypt your secrets.
+If you're concerned about this, then don't call Edgard.
+
## license
This software is licensed under the ISC license, see the LICENSE file provided.