- Run keygen.sh, copy location of those keys
- Copy content of public key and place it in the publicKey variable in upload.json
To share credentials with an absolutely unnecessary level of security, and to continuously update the security of this app until we reach a balance of totally instability and complete unusability.
When a user enters a credential, the credential is encrypted with the public key of the server. The user is then also prompted to enter a password, which is also encrypted with the public key. The credentials are sent to the server, where the credentials and password are decrypted, and the password checked. If the password matches, it's used to decrypt the ground folder, the folder which stores all of our shared credentials. The folder is then re-encrypted using the same password.
This is the main script that handles encryption/decryption of the ground folder. To view currently stored passwords: /bin/bash filehandle.sh -m man -p [password]
Move to the PKCS#1 OAEP RSA standard- XSS Testing
- Move to AWS and add HTTPS
- Atomic clocks
- Fingerprint / Eyescanner
https://www.openssl.org/docs/manmaster/man3/RSA_public_encrypt.html