Skip to content

Design Document

Jump to bottom
Siddharth Srinivasan edited this page May 17, 2021 · 14 revisions

1. Considerations

1.1 Assumptions

  • This utility was designed in view of creating an in-house password manager whose protection is under the full control of an end-user. The toolkit aims to be more flexible and accomodating than the majority of the proprietary/cloud-hosted password management systems.
  • This package comes at a cost of little to no durability, given that there is a large scope of working with questionable cipher implementations and invalid configurations, hence it is recommended for the end-user to have a decent background in cryptography, programming, and systems.

1.2 System Environment

  • The utility is developed as a Python package, since

    • Python's default cryptographic package comes shipped with popular ciphers such as AES, RSA, ECDSA etc.
    • Python integrates well with popular cryptographic suites such as OpenSSL, GPG, bcrypt, argon, scrypt etc.
    • The requirement for in-house password management does not demand performant workloads, as opposed to AuthN/AuthZ schemes.

  • The utility aims to be cross-platform, however it is currently tested only on Linux. Windows users can

    • build the toolkit from source
    • fetch the package from PyPI index
    • perform the above methods even in a WSL environment as well.

1.3 Dependencies

  • At the moment, sec-vault requires the latest version of Python3.x
    • (>=Python v3.8 Recommended).
  • The toolkit can be built from source (see Makefile), and can be fetched from the PyPI index as well:
    • pip install sec-vault
  • The utility is also available via the snap store.
    • snap install sec-vault

2. Architecture

This section outlines possible workflows in the usage of sec-vault, and the entities responsible for such workflows as well.

2.1 Overview

The sec-vault system is kept as modular as possible in view of separating below functionality:

  • Usage of third-party cryptographic libraries/binaries
  • Specification of essential cryptographic primitives:
    • cipher backend
    • configurations for the dependent cryptosystem
    • cryptographic keys and parameters
  • Operations permissible on the vault file
  • Representation of a credential record as a Data Model

2.1 Component Diagram

Sec-vault Component Diagram

2.2 Class Diagram

Sec-vault Class Diagram

2.3 Sequence Diagram

Sec-vault Sequence Diagram

3 User Interface Design

  • The sec-vault utility is currently developed as a command-line interface that exposes required options and switches so that the end-user can interact with the toolkit and perform operations such as vault creation, addition, deletion and modification of records, cryptographic backend, cipher parameter and argument specification, etc.
  • The command-line arguments and sample invocation of the sec-vault toolkit is documented in the Usage Guide

Copyright Sid Srinivas© 2021

Clone this wiki locally