Cryptography Mailing List 2022

 

SEPTIX A proposal for a Secure Electronic Password Tank for *nIX

I'd like to present my proposal for SEPTIX The Secure Electronic Password Tank for *nIX

Apologies in advance for a long posting that hopefully will give you a clear idea of the way SEPTIX is going to store and retrieve a user's valuable secrets (passwords) securely.

BASIC IDEA:

SEPTIX safely stores cleartext secrets that the user provides encrypted both with AES and RSA. The security of septix is based on privilege separation and on the use of a Yubikey to provide additional random characters for the conventional AES encryption of the secret to be stored. In additon to this encryption there is a second encryption with a RSA public key before the result is stored in the file system. Reading the stored secrets requires a decryption with the RSA private key being stored (and performed) in the Yubikey and secondly an AES decryption with additional random characters provided by the Yubikey. The end result is the cleartext secret printed on the user's terminal.

INGREDIENTS:

The security of SEPTIX is based on the following mechanisms:

  1. Privilege separation: A user invokes septic as a one-line command line program:
    su -l septix --pty -c "bin/septix.py $*"

    All encryption (AES and RSA) and all files can only be accessed by a dedicated user "septix" via the program septix.py. No software running under the user's UID can access this information.

  2. An external device (a Yubikey) is beeing used for two tasks:

    • First: Whenever a password is needed (a login password for su or a password for AES encryption) the low-entropy input of the user (a memorable string) is appended by pushing the button on the Yubikey so that 32 more random characters (of 6 bit each) complete the input. By using the Yubikey in this way it is ensured, that the password string contains enough entropy and that the Yubikey must be present to recover the cleartext secret.

    • Second: After the conventional AES encrytion of the user's secret the resulting PGP message is encrytped by using "openssl rsautl" with a 2048 bit RSA public key. This RSA public key is stored in the user septix's home directory. The corresponding RSA private key had been generated in the Yubikey in a way that it is non-exportable. That ensures that only by using the Yubikey for RSA decryption the original PGP message can be recovered. Conventionally decrypting the recovered PGP message also requires to supplement the user's own low-entropy input with the Yubikey's static random password. This requires the user's action to press the button on the Yubikey for more than 2 seconds.

RISK ASSESSMENT:

The use of the Yubikey and the preparation of the separate user "septix" require some set-up in advance ( see the manual page https://senderek.ie/septix )

The generation of the RSA key pair inside the Yubikey bears the risk that a destruction or theft of the Yubikey can make the recovery of encrypted secrets impossible as no backup of the RSA private key is available.

This risk can be mitigated, when a more complex preparation of the Yubikey is done in which the RSA keypair is generated externally (and backuped) and the private key is then loaded onto the Yubikey. A backup (to be stored in a safe place) can be done for the Yubikey's static password as well. So in a case of theft the Yubikey can be re-created by the user.

Stealing the Yubikey puts the thieve in posession of the static password but using the RSA private key is prevented by the user's login PIN which is necessary to activate the Yubikey. Although the thief can brute-force the login PIN. But even after a successful brute-force of the login PIN the thief has no access to the files in the separate user septix's home directory. And he does not know the user's low-entropy input that is needed for the decryption of the PGP message, if he ever gets his hands on the files in septix's home directory.

USE CASES:

A) Storing a secret with an identifier: revenue

$ septix store revenue
For preparations using the YUBIKEY consult the manual: man septix
Passwort:
Storing revenue
Firstly, enter the password that has to be stored (finish with D twice):

Secondly enter the encryption passphrase by typing your secret
and then pushing the button on the YUBIKEY for more than 2 seconds
thisisthesecretfortherevenuewebsite
🔐 Password: ****************************************

B) Recovering the stored secret

$ septix read revenue
For preparations using the YUBIKEY consult the manual: man septix
Passwort:
Reading secret for revenue
Please enter the PIN to use your Yubikey:
🔐 Password: ******
Using slot 0 with a present token (0x0)
Using decrypt algorithm RSA-X-509

Please enter the encryption passphrase by typing your secret
and then pushing the button on the YUBIKEY for more than 2 seconds
🔐 Password: ****************************************

thisisthesecretfortherevenuewebsite

C) Looking behind the curtains:

[septix at laptop ~]$ ls -la keys
total 28
drwx------ 2 septix root 4096 Oct 22 23:11 .
drwx------ 7 septix septix 4096 Oct 22 23:11 ..
-rw------- 1 septix septix 256 Oct 21 19:15 key4.rsa
-rw------- 1 septix septix 256 Oct 22 19:04 key6.rsa
-rw------- 1 septix septix 256 Oct 22 20:43 key7.rsa
-rw------- 1 septix septix 256 Oct 22 23:08 revenue.rsa
-r-------- 1 septix root 451 Oct 19 16:14 yubi-pubkey.pem
[septix at laptop ~]$

As you can see, the secrets are stored separately. Never will all secrets be visible in memory when a single secret is beeing recovered.

SOURCE CODE:

If you wish to see the source code of SEPTIX you may ask me off-list. Apart from the one-liner the workhorse septix.py is 280 lines of python3 code.

So, if you have any comments on my proposal I'd be glad to receive criticism.