Overview
Ever found yourself digging around for passwords in spreadsheets, encrypted files and standalone apps? Ever wanted to access those passwords programatically?
Well that's the plan for AuthStor - Web Based Password Management
Design Phase
AuthStor is currently in the design phase of development where features are added and removed on a daily basis. A prototype is in place and working so it should not be too long before I can commit some code to the Repository. If you would like to see a certain feature or function in the initial release please get in touch: mailto:Alan@Wave2.org . Watch this space....
Requirements
- Secure
- Web Based
- Multi-User
- REST[full/like] interface
Components
MySQL - support for other DBI compatible databases in later release.
Why GnuPG?
I decided to utilize GnuPG for several reasons.
- I wanted to be able to use multiple encryption algorithms without having to resort to different implementations. Using GnuPG provides the ability to select the most appropriate algorithm and benefit from newer algorithms as they are added to GnuPG.
I wanted to stay away from storing encryption pass-phrases within configuration files or more to the point on the physical server hosting AuthStor. For this reason AuthStor will eventually benefit from the gpg-agent and only require the core key pass-phrase on startup allowing you to store it in your head / safe or a post-it note (Joke).
- GnuPG provides key management and many people already have GPG keys that they use to encrypt e-mail. Why not take advantage of that capability and allow an extra level of security with per user keys?
- Finally why re-invent the wheel? GnuPG is tried and tested and continues to improve every day.
Layout
The layout for AuthStor needs to be flexible and accessible on all devices.
Database Design
Requirements
- GnuPG 1.4.9
