Encryption of vault keys

[MeanMangosteen]

Each Vault will have it's own individual symmetric key for aes encryption. This needs to be secret. We also need to determine where to store the encrypted vault key so it can be retrieved easily when encrypting and decryption secrets.

To tackle the first problem, the vault key can be encrypted with the Keynode's public key so only it can only be decrypted with it's passphrase protected private key. Another option is to simply have a password derived symmetric key which will encrypt the vault key. This key need not be stored anywhere it can be recreated each time from the user's password and the salt which can be persisted upon creation of the keynode.

As to where the vault keys will be stored. Each Vault can have a hidden '.vault' folder at the root which can contain the encrypted vault key as well as other metadata.

[robert-cronin]

I think vault metadata is good to store in a hidden .vault folder to keep track of secrets managed by said vault but the symmetric key that feeds into EFS should be derived from PolyKey's asym key. This presents an issue; for a given keyLen, the key is the same for every vault derived from the same PolyKey asym key. One way to avoid this is to derive with a randomly generated salt and store the salt for each vault in the polykey metadata. There might be a better way to do this.

[robert-cronin]

Upon further reflection, there is an edge case in which pure key derivation won't work and that is a cycling of the users master key. Upon initialisation, the vault key is derived from this master key but then we must store this somewhere. So as mentioned in the initial comment, we can encrypt the vault with the vault key and then encrypt the vault key in the .vault folder using the users master key. If the user should ever want to change their master key, the would just offer their previous and new master keys and polykey would re-encrypt the vault keys using the new master key.

This would also help if we ever employ key sharing (i.e. shamir's secret sharing. as in https://www.vaultproject.io/docs/internals/architecture

[robert-cronin]

I've sort of squeezed a fix into the upcoming PR. Now the vault keys are stored and managed as metadata by the VaultManager class in a .vault folder at the root of the polykey path. This is encrypted/decrypted by a keyManager that is dependency injected into the VaultManager class.

[CMCDragonkai]

FYI, directories inside home are hidden with .polykey, but within .polykey you don't need to hide anything anymore, so you can just use normal names. So if we are using ~/.polykey, then ~/.polykey/vault is fine. Although does this mean it's the metadata for all vaults, or just 1 vault?

Furthermore, as part of the design spec, I'm sure that ~/.polykey might just be a "default" location, but it should be easy for the user to specify any location as the keynode state, thus allow multiple polykeys to exist on the same system. (Like putting the keynode state into a USB stick).

Also the XDG spec https://specifications.freedesktop.org/basedir-spec/basedir-spec-latest.html to be put into XDG_DATA_HOME. Only relevant to Linux though.