passwords icon indicating copy to clipboard operation
passwords copied to clipboard

Published 20 hours ago verified publisher icon marius-wieschollek

Implement E2EE shared passwords

Open agharbeia opened this issue 3 years ago • 3 comments

Current Status Currently, end-to-end-encryption is possible only for passwords that are not shared with other users. Shared passwords are encrypted on the server side, and transferred after having been decrypted to the client, thus, dependant on the transport layer for encryption.

Feature Description It should be possible to share passwords with users while having them always encrypted and decrypted on the clients, by implementing a mix of symmetric and asymmetric cryptography: Assumptions:

  • Each user has a public/private key-pair
  • A user's private key is stored only on the client[s] they use, while the associated public key is also stored on the server.

When creating a password:

  1. The password is encrypted on the client with the user's public key
  2. The ciphertext is uploaded to the server to be stored

When accessing a password:

  1. The ciphertext is downloaded from the server
  2. The user's private key is accessed in the client and used to decrypt the password

When sharing a password:

  1. The public key of each share-recipient is retrieved from the server
  2. The password owner accesses the decrypted password
  3. The password is encrypted with the public key of each share-recipient
  4. The ciphertext is uploaded to the server

When a password is unshared: Since unlearning a previously shared password is not possible, the password must be changed and the new password re-shared with the new set of users.

There are some implementation details to be decided upon, such as whether the shared password ciphertext is stored in each user's password store, or whether it is stored only at its owner's store with metadata pointing to each share recipient. This should also be considered in light of the desired access controls, ownership model, etc, as well as practicalities of implementation.

agharbeia avatar Dec 09 '21 15:12 agharbeia

@marius-wieschollek this is exactly what our company needs in order to use the Passwords app as a complete password management solution for our teams that meets all security requirements. It would be great to see this implemented!

mrschaal avatar Nov 08 '22 21:11 mrschaal

Agree, this is the one thing holding me back from fully implementing Nextcloud Passwords in our company!

SageBilt avatar Sep 27 '23 19:09 SageBilt