Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Encrypting data to untrusted keys #49

Open
drGrove opened this issue Sep 1, 2021 · 0 comments
Open

Encrypting data to untrusted keys #49

drGrove opened this issue Sep 1, 2021 · 0 comments

Comments

@drGrove
Copy link
Owner

drGrove commented Sep 1, 2021

Currently when an untrusted PGP key is used to encrypt the Certificate RSA key, the underlying system fully ignores the key and writes an empty file because the interaction with the gpg binary happens in a subshell.

We should either:

  1. Warn the user and exit
  2. Add the always trust flag to the encryption of files.

Concerns around 2:

There's a TOFU problem on initial RSA signing key encryption. Where in between the user setting their fingerprint and running mtls for the first time, a bad actor could potentially swap out the fingerprint uses for later encrypting the key one first generation.

There's also issues around using -o which would then encrypt the password for the PFX to a bad actor based off what's in the config.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant