jennings.io / 2padlocks
this repo has no description
fork atom
TypeScript 48.6%
Svelte 39.3%
SCSS 6.0%
JavaScript 4.2%
HTML 1.3%
Other 0.6%
15 1 0

Clone this repository

https://tangled.org/jennings.io/2padlocks
git@tangled.org:jennings.io/2padlocks

For self-hosted knots, clone URLs may differ based on your setup.

Download tar.gz
README.md

2Padlocks#

A system for receiving secrets and storing them in 1Password.

Usage#

Briefly, the process is:

  1. The Recipient generates a Secret Request URL and provides it to the Sender.

  2. The Sender opens the URL in their browser. The page encrypts a secret for them. They send the encrypted data back to the Recipient.

  3. The Recipient decrypts the data and saves the secret in 1Password.

Scenario#

Two actors are involved:

Actor Description
Receipient Wants to receive a secret and store it in 1Password.
Sender Has the secret to send.

The actors must be able to communicate over a channel like Discord, WhatsApp, etc. The actors must trust the channel to guarantee each other's identity.

The Sender does not use 1Password or any tools installed on their computer.

The Recipient has a 1Password account, but otherwise does not want to manage any long-lived secrets such as GPG keys.

Detailed process#

  1. The Recipient generates a new Secret Request with the 2Padlocks CLI:

    2padlocks new NAME [--vault VAULT]

    This creates a new Secure Note named NAME in 1Password. By default, it is stored in the Personal vault unless VAULT is specified. The note contains:

    • A newly-generated public/private key pair
    • A URL, which includes the public key in the hash (e.g., https://example.com/sealer#dfkjsdlkfjdsf)

    The Recipient provides the URL to the Sender.

  2. The Sender loads the URL in their web browser. They enter the secret in a text area in the page and selects Encrypt.

    The page encrypts the secret using the public key in the URL hash and saves the ciphertext to the clipboard.

    The Sender sends the ciphertext to the Recipient over any channel.

  3. The Recipient passes the ciphertext to the 2Padlocks CLI via stdin, e.g.:

    paste | 2padlocks receive [NAME] [--vault VAULT]

    If NAME and VAULT are not specified, 2Padlocks searches the 1Password vault to find any pending Secure Note.

    2Padlocks uses the private key to decrypt the ciphertext and stores it in the Secure Note. The URL and key pair are deleted from the note.

Implementation#