Use vaults to manage many keys

Author: yvesago

README.md

@@ -9,7 +9,25 @@ WIP. Feedback and comments are welcome.
 
 |     |     |
 | --- | --- |
-| ![Encrypted field](img/E2Eencrypted.png) | ![Passphrase](img/E2Epasphrase.png) |
+| ![Encrypted field](img/WhithoutKey.png) | ![Partial](img/MultiKey.png) |
+| ![Vaults](img/Vaults.png) | ![Passphrase](img/VaultsPass.png) |
+
+
+### Release 1.0
+
+Simple shared key
+
+
+### Release 1.2
+
+Manage many shared key to create «vaults»
+
+
+### Release 2.0
+
+TODO: Add users with roles and public/private keys. Random key by vault. Store vault key for each users.
+
+
 
 ## Server
 
@@ -19,7 +37,7 @@ gin-model-template allows to quickly write database tables and REST handlers.
 
 For end to end encryption, server maintains a global variable of the passphrase salt and check that each encrypted field start with this salt.
 
-### Config
+### Custom Config
 - ``people.go`` and ``user.go`` are 2 samples tables which can be customized.
 - ``repo.go`` contains db parameters
 - ``server.go`` contains REST handlers

img/MultiKey.png

@@ -112,11 +112,11 @@ func PostPeople(c *gin.Context) {
 		fmt.Println(people)
 	}
 
-	// XXX Check encrypted field match current key
-	if people.XAddress != "" && people.XAddress[0:16] != CurrentSalt {
+	// XXX Check encrypted field match a valid key
+	if people.XAddress != "" && TestValidSalt(dbmap, people.XAddress[0:16]) == false {
 		people.Name = ""
 	}
-	if people.XDateOfBirth != "" && people.XDateOfBirth[0:16] != CurrentSalt {
+	if people.XDateOfBirth != "" && TestValidSalt(dbmap, people.XDateOfBirth[0:16]) == false {
 		people.Name = ""
 	}
 
@@ -162,11 +162,12 @@ func UpdatePeople(c *gin.Context) {
 			Created:      people.Created, //people read from previous select
 		}
 
-		// XXX Check encrypted field match current key
-		if people.XAddress != "" && people.XAddress[0:16] != CurrentSalt {
+		// XXX Check encrypted field match a valid key
+		// else create mandatory field error
+		if people.XAddress != "" && TestValidSalt(dbmap, people.XAddress[0:16]) == false {
 			people.Name = ""
 		}
-		if people.XDateOfBirth != "" && people.XDateOfBirth[0:16] != CurrentSalt {
+		if people.XDateOfBirth != "" && TestValidSalt(dbmap, people.XDateOfBirth[0:16]) == false {
 			people.Name = ""
 		}
 

img/Vaults.png

@@ -36,15 +36,24 @@ func TestPeople(t *testing.T) {
 
 	b := new(bytes.Buffer)
 
-	router.PUT("/api/v1/utils/:id", UpdateVerifKey)
+	/*router.PUT("/api/v1/utils/:id", UpdateVerifKey)
 	log.Println("= http PUT one Util")
 	var k = Util{VerifyKey: "XXXXXXXXXXXXXXXX"}
 	json.NewEncoder(b).Encode(k)
 	req, err := http.NewRequest("PUT", "/api/v1/utils/1", b)
 	req.Header.Set("Content-Type", "application/json")
 	resp := httptest.NewRecorder()
 	router.ServeHTTP(resp, req)
-	assert.Equal(t, 200, resp.Code, "http PUT Salt key success")
+	assert.Equal(t, 200, resp.Code, "http PUT Salt key success")*/
+	log.Println("= http POST Vault")
+	router.PUT("/api/v1/vaults", PostVault)
+	var k = Vault{VerifyKey: "XXXXXXXXXXXXXXXX", VaultName: "123"}
+	json.NewEncoder(b).Encode(k)
+	req, err := http.NewRequest("PUT", "/api/v1/vaults", b)
+	req.Header.Set("Content-Type", "application/json")
+	resp := httptest.NewRecorder()
+	router.ServeHTTP(resp, req)
+	assert.Equal(t, 201, resp.Code, "http PUT Salt key success")
 
 	// Add
 	log.Println("= http POST People")
@@ -207,9 +216,10 @@ func TestE2ECrypto(t *testing.T) {
 	var urla = "/api/v1"
 	router.POST(urla+"/peoples", PostPeople)
 	router.GET(urla+"/peoples/:id", GetPeople)
-	router.GET(urla+"/verifkey/:id", GetVerifKey)
-	router.PUT(urla+"/verifkey/:id", UpdateVerifKey)
-	//router.PUT(urla+"/:id", UpdatePeople)
+	//router.GET(urla+"/verifkey/:id", GetVerifKey)
+	//router.PUT(urla+"/verifkey/:id", UpdateVerifKey)
+	router.GET(urla+"/vaults/:id", GetVault)
+	router.PUT(urla+"/vaults", PostVault)
 
 	log.Println("= Create scrypt key")
 	Salt, _ := newRandBytes(12)
@@ -226,14 +236,15 @@ func TestE2ECrypto(t *testing.T) {
 	//fmt.Printf("%+v %+v %+v\n", Saltb64, Nonceb64, Cipherb64)
 
 	b := new(bytes.Buffer)
-	var v = Util{Id: 1, VerifyKey: Saltb64 + Nonceb64 + Cipherb64}
+	//var v = Util{Id: 1, VerifyKey: Saltb64 + Nonceb64 + Cipherb64}
+	var v = Vault{VerifyKey: Saltb64 + Nonceb64 + Cipherb64, VaultName: "test"}
 	json.NewEncoder(b).Encode(v)
 	//fmt.Printf("%+v\n", b)
-	req, _ := http.NewRequest("PUT", urla+"/verifkey/1", b)
+	req, _ := http.NewRequest("PUT", urla+"/vaults", b)
 	req.Header.Set("Content-Type", "application/json")
 	resp := httptest.NewRecorder()
 	router.ServeHTTP(resp, req)
-	assert.Equal(t, 200, resp.Code, "Verify key set")
+	assert.Equal(t, 201, resp.Code, "Verify key set")
 
 	log.Println("= Create People with encrypted XAddress")
 	plaintext := "some private people text"

img/VaultsPass.png

@@ -12,9 +12,17 @@ import (
 	"strings"
 )
 
-var CurrentSalt string
+// TestValidSalt : test if key is a valid salt in vaults
+func TestValidSalt(dbmap *gorp.DbMap, test string) bool {
+        var vault Vault
+        err := dbmap.SelectOne(&vault, "SELECT id FROM vault WHERE verifykey LIKE ?", test+"%")
+        if err == nil && vault.Id != 0 {
+            return true
+        }
+        return false
+}
 
-// gin Middlware to select database
+// Database : gin Middlware to select database
 func Database(connString string) gin.HandlerFunc {
 	dbmap := InitDb(connString)
 	return func(c *gin.Context) {
@@ -23,6 +31,7 @@ func Database(connString string) gin.HandlerFunc {
 	}
 }
 
+// InitDb : create or update and connect to db on startup
 func InitDb(dbName string) *gorp.DbMap {
 	// XXX fix database type
 	db, err := sql.Open("sqlite3", dbName)
@@ -32,21 +41,23 @@ func InitDb(dbName string) *gorp.DbMap {
 	// XXX fix tables names
 	dbmap.AddTableWithName(People{}, "People").SetKeys(true, "Id")
 	dbmap.AddTableWithName(User{}, "User").SetKeys(true, "Id")
-	dbmap.AddTableWithName(Util{}, "Util").SetKeys(true, "Id")
+	dbmap.AddTableWithName(Vault{}, "Vault").SetKeys(true, "Id")
 	err = dbmap.CreateTablesIfNotExists()
 	checkErr(err, "Create tables failed")
 
-	var u Util
+	/*var u Util
 	dbmap.SelectOne(&u, "select * from Util where id = 1")
 	if u.Id != 1 {
 		dbmap.Insert(&u)
 	} else {
 		CurrentSalt = u.VerifyKey[0:16]
-	}
+	}*/
 
 	return dbmap
 }
 
+
+// ParseQuery : Parse a http query
 func ParseQuery(q map[string][]string) (string, string, string) {
 	query := ""
 	if q["_filters"] != nil {