From b348d0e911eef62732ebb01a63ad4ce59fbb4695 Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Fri, 25 Oct 2013 21:13:44 -0200 Subject: Manpage: limitations (2) --- share/man/keyringer.1 | 44 +++++++++++++++++++++++++++++++++++++++----- 1 file changed, 39 insertions(+), 5 deletions(-) (limited to 'share') diff --git a/share/man/keyringer.1 b/share/man/keyringer.1 index 9f9f835..822c54e 100644 --- a/share/man/keyringer.1 +++ b/share/man/keyringer.1 @@ -1,4 +1,4 @@ -.TH KEYRINGER 1 "Oct 24, 2013" "Keyringer User Manual" +.TH KEYRINGER 1 "Oct 25, 2013" "Keyringer User Manual" .SH NAME .PP keyringer - encrypted and distributed secret sharing software @@ -22,11 +22,13 @@ can be synced with remote branches. .PP Keyringer has three types of actions: .IP "1." 3 -Repository lookup and manipulation actions. +Repository lookup and manipulation actions, which handles repository +initialization, content tracking and navigation. .IP "2." 3 -Secret manipulation actions. +Secret manipulation actions, which takes care of encrypting, decrypting +and other read/write operations on secrets. .IP "3." 3 -Configuration actions. +Configuration actions, handling repository metadata. .SH REPOSITORY LOOKUP AND MANIPULATION ACTIONS .TP .B init <\f[I]path\f[]> [\f[I]remote\f[]] @@ -211,7 +213,7 @@ fingerprint is \f[I]XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.\f[] All lines starting with the hash (#) character are interpreted as comments. .PP -Parameters to the \f[I]recipients\f[] subcommand are: +Parameters to the \f[I]recipients\f[] action are: .TP .B \f[I]ls\f[] List all existing recipient files. @@ -240,6 +242,38 @@ aliased \f[I]keyring\f[] keyring. $KEYRING_FOLDER/config/options : Custom keyring options which will be applied for all users that use the keyringer repository. .SH LIMITATIONS +.PP +Keyringer currently has the following limitations: +.IP \[bu] 2 +Metadata is not encrypted, meaning that an attacker with access to a +keyringer repository knows all public key IDs are used for encryption +and which secrets are encrypted to which keys. +This can be improved in the future by encrypting the repository +configuration with support for \f[I]--hidden-recipient\f[] GnuPG option. +.IP \[bu] 2 +History is not rewritten by default when secrets are removed from a +keyringer repository. +After a secret is removed with \f[I]del\f[] action, it will still be +available in the repository history even after a commit. +This is by design due to the following reasons: +.IP "1." 3 +It\[aq]s the default behavior of the Git content tracker. +Forcing the deletion by default could break the expected behavior and +hence limit the repository\[aq]s backup features, which can be helpful +is someone mistakenly overwrites a secret. +.IP "2." 3 +History rewriting cannot be considered a security measure against the +unauthorized access to a secret as it doesn\[aq]t automatically update +all working copies of the repository. +.RS 4 +.PP +In the case that the secret is a passphrase, the recommended measure +against such attack is to change the passphrase, making useless the +knowledge of the previous secret. +.PP +Users wishing to edit their repository history should proceed manually +using the \f[I]git\f[] action. +.RE .SH SEE ALSO .PP The \f[I]README\f[] file distributed with Keyringer contains full -- cgit v1.2.3