From d128a5f762a811008e7c425f299afc1a4920306d Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@robotics.uk.to>
Date: Sat, 19 Nov 2016 14:36:07 +0000
Subject: [PATCH] Notes

---
 src/freedombone-pass | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/src/freedombone-pass b/src/freedombone-pass
index f2939cb59..1face6e92 100755
--- a/src/freedombone-pass
+++ b/src/freedombone-pass
@@ -8,8 +8,16 @@
 #
 #                    Freedom in the Cloud
 #
-# Simple multi-user password store using symmetric encryption
-# and the backup gpg key
+# It's useful to be able to store user passwords, but not a good
+# idea to do that in plain text. This implements a simple password
+# store. It gpg symmetric encrypts passwords using the backups
+# private key as the passphrase.
+#
+# In order for an adversary to obtain the passwords they must have
+# the backups GPG key, which is not obtainable from local or remote
+# backups and can only happen if they get root access to the system
+# (in which case it's game over anyhow) or if they can decrypt
+# a master keydrive or obtain sufficient keydrive fragments.
 #
 # License
 # =======
@@ -103,6 +111,8 @@ do
 done
 
 get_backup_key_id
+
+# Use the backups private key as a symmetric passphrase
 MASTER_PASSWORD=$(gpg -q --armor --export-secret-key $MY_BACKUP_KEY_ID)
 
 if [ ! $CURR_USERNAME ]; then
-- 
GitLab