[Cryptography] SEPTIX A proposal for a Secure Electronic Password Tank for *nIX

Ralf Senderek crypto at senderek.ie
Sat Oct 22 17:37:16 EDT 2022 

I'd like to present my proposal for SEPTIX The Secure Electronic Password Tank for *nIX

Apologies in advance for a long posting that hopefully will give you
a clear idea of the way SEPTIX is going to store and retrieve a user's
valuable secrets (passwords) securely.

BASIC IDEA:

SEPTIX safely stores cleartext secrets that the user provides encrypted both with AES and RSA.
The security of septix is based on privilege separation and on the use of a Yubikey to provide
additional random characters for the conventional AES encryption of the secret to be stored.
In additon to this encryption there is a second encryption with a RSA public key before the
result is stored in the file system. Reading the stored secrets requires a decryption with
the RSA private key being stored (and performed) in the Yubikey and secondly an AES decryption
with additional random characters provided by the Yubikey. The end result is the cleartext
secret printed on the user's terminal.

INGREDIENTS:

The security of SEPTIX is based on the following mechanisms:

1) Privilege separation:
    A user invokes septic as a one-line commandline program:
        su -l septix --pty -c "bin/septix.py $*"
    All encryption (AES and RSA) and all files can only be accessed by a dedicated
    user "septix" via the program septix.py. No software running under the user's
    UID can access this information.

2) An external device (a Yubikey) is beeing used for two tasks:

    First: Whenever a password is needed (a login password for su or a password for AES encryption)
    the low-entropy input of the user (a memorable string) is appended by pushing the button
    on the Yubikey so that 32 more random characters (of 6 bit each) complete the input.
    By using the Yubikey in this way it is ensured, that the password string contains enough
    entropy and that the Yubikey must be present to recover the cleartext secret.

    Second: After the conventional AES encrytion of the user's secret the resulting
    PGP message is encrytped by using "openssl rsautl" with a 2048 bit RSA public key.
    This RSA public key is stored in the user septix's home directory.
    The corresponding RSA private key had been generated in the Yubikey in a way that it is
    non-exportable. That ensures that only by using the Yubikey for RSA decryption the original
    PGP message can be recovered.

    Conventionally decrypting the recovered PGP message also requires to supplement the user's own
    low-entropy input with the Yubikey's static random password. This requires the user's
    action to press the button on the Yubikey for more than 2 seconds.

RISK ASSESSMENT:

The use of the Yubikey and the preparation of the separate user "septix" require some set-up
in advance ( see the manual page https://senderek.ie/septix )

The generation of the RSA key pair inside the Yubikey bears the risk that a destruction
or theft of the Yubikey can make the recovery of encrypted secrets impossible as no backup
of the RSA private key is available.

This risk can be mitigated, when a more complex preparation of the Yubikey is done in which
the RSA keypair is generated externally (and backuped) and the private key is then loaded
onto the Yubikey. A backup (to be stored in a safe place) can be done for the Yubikey's
static password as well. So in a case of theft the Yubikey can be re-created by the user.

Stealing the Yubikey puts the thieve in posession of the static password but using the
RSA private key is prevented by the user login PIN which is necessary to activate the
Yubikey. Although the thief can brute-force the login PIN. But even after a successful
brute-force of the login PIN the thief has no access to the files in the separate user
septix's home directory. And he does not know the user's low-entropy input that is needed
for the decryption of the PGP message, if he ever gets his hands on the files in septix's
home directory.

USE CASES:

A) Storing a secret with an identifier: revenue

$ septix store revenue
For preparations using the YUBIKEY consult the manual: man septix

Passwort:
Storing revenue
Firstly, enter the password that has to be stored (finish with <ctrl>D twice):

Secondly enter the encryption passphrase by typing your secret
and then pushing the button on the YUBIKEY for more than 2 seconds

thisisthesecretfortherevenuewebsite🔐 Password: ****************************************


B) Recovering the stored secret
$ septix read revenue
For preparations using the YUBIKEY consult the manual: man septix

Passwort: 
Reading secret for revenue
Please enter the PIN to use your Yubikey:
🔐 Password: ****** 
Using slot 0 with a present token (0x0)
Using decrypt algorithm RSA-X-509

Please enter the encryption passphrase by typing your secret
and then pushing the button on the YUBIKEY for more than 2 seconds
🔐 Password: ****************************************

thisisthesecretfortherevenuewebsite

C) Looking behind the curtains:

[septix at laptop ~]$ ls -la keys
total 28
drwx------ 2 septix root   4096 Oct 22 23:11 .
drwx------ 7 septix septix 4096 Oct 22 23:11 ..
-rw------- 1 septix septix  256 Oct 21 19:15 key4.rsa
-rw------- 1 septix septix  256 Oct 22 19:04 key6.rsa
-rw------- 1 septix septix  256 Oct 22 20:43 key7.rsa
-rw------- 1 septix septix  256 Oct 22 23:08 revenue.rsa
-r-------- 1 septix root    451 Oct 19 16:14 yubi-pubkey.pem
[septix at laptop ~]$

As you can see, the secrets are stored separately. Never will all secrets be visible in memory
when a single secret is beeing recovered.

SOURCE CODE:

If you wish to see the source code of SEPTIX you may ask me off-list.
Apart from the one-liner the workhorse septix.py is 280 lines of python3 code.


So, if you have any comments on my proposal I'd be glad to receive criticism.

       --ralf

More information about the cryptography mailing list