Author: z3bra <contactatz3bradotorg>
Date: Wed, 27 Feb 2019 17:41:00 +0100
Add goals to the README
|README|| | ||42||+++++++++++++++++++++++++++++++++++++++++-|
1 file changed, 41 insertions(+), 1 deletion(-)
diff --git a/README b/README
@@ -4,11 +4,17 @@ Store your secrets in an encrypted safe, protected by a password.
- safe [-la] [secret..]
+ safe [-ad] [secret..]
+ # list all your deepest secrets
# add a secret to your safe
echo 'This is secret!' | safe -a secret
+ # start a safe agent
+ safe -d
# retrieve a secret from your safe
@@ -19,5 +25,39 @@ Store your secrets in an encrypted safe, protected by a password.
+ Store any kind of file
+ Do not expose file hierarchy if locked
+Your safe is stored on disk as a directory tree, with the following structure:
+Where each hash represent a "secret". They're stored as hashes to hide
+any kind of meta information about your secret.
+These files are stored encrypted, using your master password.
+The .index file stores the actual names of your entries, so we can
+calculate the hash in-memory.
+This file is also stored encrypted.
+You can then retrieve secrets by requesting them, and typing your master
+password to decrypt them.
+To make it more usable, the safe is accessible through an agent (let's
+call it Edgard), which acts as a gatekeeper.
+When you want to retrieve a secret, you ask Edgard for it, and he will
+decrypt it for you on stdout.
+When you first call Edgard, he will ask you for your master password,
+so he can decrypt the secrets for you.
+The password is stored hashed in memory, so nobody can "retrieve" your
+master password. As this hash is kept in memory to decrypt the file,
+giving your password to Edgard means that an intruder could extract
+this hash, and thus decrypt your secrets.
+If you're concerned about this, then don't call Edgard.
This software is licensed under the ISC license, see the LICENSE file provided.