Design Document
Siddharth Srinivasan edited this page May 17, 2021
·
14 revisions
- This utility was designed in view of creating an in-house password manager whose protection is under the full control of an end-user. The toolkit aims to be more flexible and accomodating than the majority of the proprietary/cloud-hosted password management systems.
- This package comes at a cost of little to no durability, given that there is a large scope of working with questionable cipher implementations and invalid configurations, hence it is recommended for the end-user to have a decent background in cryptography, programming, and systems.
-
The utility is developed as a Python package, since
- Python's default cryptographic package comes shipped with popular ciphers such as AES, RSA, ECDSA etc.
- Python integrates well with popular cryptographic suites such as
OpenSSL
,GPG
,bcrypt
,argon
,scrypt
etc. - The requirement for in-house password management does not demand performant workloads, as opposed to AuthN/AuthZ schemes.
-
The utility aims to be cross-platform, however it is currently tested only on Linux. Windows users can
- build the toolkit from source
- fetch the package from PyPI index
- perform the above methods even in a
WSL
environment as well.
- At the moment,
sec-vault
requires the latest version of Python3.x-
(>=Python v3.8 Recommended)
.
-
- The toolkit can be built from source (see
Makefile
), and can be fetched from the PyPI index as well:pip install sec-vault
- The utility is also available via the
snap
store.snap install sec-vault
This section outlines possible workflows in the usage of sec-vault
, and the entities responsible for such workflows as well.
The sec-vault
system is kept as modular as possible in view of separating below functionality:
- Usage of third-party cryptographic libraries/binaries
- Specification of essential cryptographic primitives:
- cipher backend
- configurations for the dependent cryptosystem
- cryptographic keys and parameters
- Operations permissible on the vault file
- Representation of a credential record as a Data Model
- The
sec-vault
utility is currently developed as a command-line interface that exposes required options and switches so that the end-user can interact with the toolkit and perform operations such as vault creation, addition, deletion and modification of records, cryptographic backend, cipher parameter and argument specification, etc. - The command-line arguments and sample invocation of the
sec-vault
toolkit is documented in the Usage Guide
Copyright Sid Srinivas© 2021