This week I have been thinking about how PassEv, the passwords sync utility I'm working on, should work to ensure the confidentiality of out data, where our data means our user / password combinations for the sites we usually work with. The local security (encrypting local data) is easily done by using a symmetric key algorithm. PassEv will use the master password (the only password you will have to remember once you start using the program) to encrypt the passwords store (or PassStore) using a symmetric key algorithm. But once we have the data encrypted, we want them to be sync'ed in all our computers. That is what PassEv if intended to do.

That means that the local copy of PassEv will have to send the encrypted PassStore to the PassEv.com server, and that other computers using PassEv will have to be able to retrieve the PassStore. Me, as user, should be able to get my PassStore and only my PassStore (not any other one). So we will need a user (the master user) to create an account in the PassEv.com server, so the different PassStores are linked to their owners. To retrieve the correct PassStore from the PassEv.com server, PassEv will have to send the master user / password combination. And here is where PassEv has to ensure confidentiality again. It cannot send the master user /password combination in clear text over the net without encrypting it, or anyone "hearing" our line will be able to decrypt our PassStore and obtain our saved passwords.

To encrypt, the PassEv program and the PassEv.com server must negotiate a password and encrypt all their communications using it. To achive this, I'll use a "shared session key" approach. The PassEv program will generate a random password each time it starts a session with the PassEv.com server. All the communications for that session will be encrypted using that key. To be able to transmit the session password to PassEv.com server without compromising it, the program will encrypt it by using a public key algorithm. That is, the PassEv.com server will generate a private / public key pair and the PassEv program will encrypt the "shared session key" negotiation with the public key. Only the PassEv.com server can decrypt that using its private key. Once this is done, we will have a secure way to send the PassStores over the http connection. When the sessions ends, the shared session key is forgotten and a new one will be used in a futher session, increasing security.

I have wrote a description of the PassEv security scheme here.

Questions? Doubts? Ideas? Suggestions? Just leave a comment!.

NOTE: PassEv is intended to be released on July the 1^st