multiuser CPM

Kacper Why edited this page Feb 3, 2015 · 11 revisions

Many users can share passwords with CPM securely.

The way CPM does this is by encrypting the password database with several public keys. This way all the keys on the recipient list can decrypt the password database.

Add keys to your database

Make sure you have the keys of the folks you are sharing your passwords with:

gpg --list-keys MyBuddy
  • Enter CPM and hit CTRL-K
  • then hit CTRL-A to add a key
  • Write the email address of the key you want to add, and hit ENTER
  • In unpatched CPM, the new key will not show up in the list unless you hit ENTER two more times.
  • quit CPM, saving the database
  • DONE! the database can be opened by MyBuddy's key. Repeat for OtherBuddy etc.

Sharing the CPM database

There are two ways to share a database:
  • oldschool centralized CPM with unix group level access and file locking,
  • newschool decentralized CPM with Revision control. This involves automation scripts to store changes in git, and is the recommended method.

There are pros and caveats to both techniques. With centralized CPM getting access to your passwords involves connecting to the password server, and file locks are used to avoid users from racing to write to the database at the same time.

If you keep CPM in Revision control, users might overwrite each others changes, but they will be warned not to do so, nothing gets lost ever and you have offline access to the database.

Because it's more efficient and practical, I recommend you use the cooler, newschool technique of Revision control.

Clone this wiki locally
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.