Add ability to pre-encrypt secrets before sending to the Barbican server

Registered by Ade Lee on 2014-10-12

Users may wish to store secrets that they do not want the Barbican admin to be able to decipher (for example,
their bank password). The only way to do this is to encrypt the secret in the barbican client prior to sending it to
the Barbican server. One way to do this is use a password to generate a symmetric key to encrypt the secret in the clent.
The barbican server will only see and store the encrypted secret and an initialization vector (IV).

There are two modes ("standard" and "escrow"). In "standard" mode, only the encrypted secret and the IV
is passed to the server. If the user forgets their password, there is no way for them to decrypt the secret. In escrow mode,
an public/private escrow key pair is generated. The client sends the encrypted key, IV, and the symmetric key encrypted with the escrow public key. If the password is forgotten, an escrow officer with access to the escrow public key can decrypt the symmetric key and hence the secret.

Blueprint information

Status:
Not started
Approver:
None
Priority:
Medium
Drafter:
Ade Lee
Direction:
Needs approval
Assignee:
None
Definition:
Drafting
Series goal:
Accepted for liberty
Implementation:
Unknown
Milestone target:
None

Related branches

Sprints

Whiteboard

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.

Subscribers

No subscribers.