Feature request discussion: Publishing shared secrets for owners of other psafes

  • In my household, we have many accounts that we all share and many accounts that each of us do not share (an issue of password management more than anything else). I've been looking for a feature which would allow us to share secrets (readonly) to each other.

    The way I can see this happening is through the use of DropBox/OwnCloud-like setups. Each person has a personal psafe file in a common dropbox folder. Each psafe file contains an unencrypted public key (dedicated for this purpose) which owners of other psafes may use to encrypt the copies of certain of their own entries that they wish to share. Each psafe is only written to by their owners but can be read by other owners (the sections of the file that are intended for them).

    Could this be added to psafe? I think it is a good practical addition to password safes now with relatively recent dropbox/owncloud popularity, yet I can't find this feature in any self-hosted password management options. Passpack.com allows for such sharing, but I'm getting to be too paranoid to continue to use that service.


  • Dave Griffin
    Dave Griffin

    The way I do this at work, is for each team member to have their own password safe db - saved on a private home drive, and everyone has an identical entry in their own pwsafe (exported from one and imported by all others, just once) that starts up another instance of passwordsafe opening a db stored on a shared network drive, and enters the appropriate 'shared' password (but as it's stored in pwsafe, it can be secure and complex).

    Thus all private entries are just that, completely private, while any shared accounts are available to all - and can be updated by anyone as necessary.

    Search the forum for previous messages from me about using one instance of pwsafe to open another - it should be the solution you're after.


  • Hi Dave,

    Interesting, but that requires n+1 psafes and a shared password so it's not really ideal to me.

    I understand that in my proposal, you have to authenticate/trust (once) each psafe file that you target for sharing (in place of a password distributed in another channel anyway!), but that's not really a concern for my intended use-case.

  • Rony Shapiro
    Rony Shapiro

    Yes, but your (XKCD fan) suggestion requires N psafes, so N+1 isn't that much of a difference.

    I think Dave's approach is the closest to meeting the requirements you described. I'm not all all sure how public key crypto would improve on this.

  • ... and two passwords and quite a procedure. Plus, if someone leaves the group, the common password has to be chosen new and redistributed. And password sharing is all or nothing - you can't say that some users get additional passwords that other users don't (while still sharing at least one password with them).

    My ideal is that opening my own single database with my master password shows, in the same interface, the shared passwords from proximal databases.

    I'm hoping to encourage better password use among less-technical users who seem to be overwhelmed by the complexity of the tools. You might blame the user, but they're part of the way the world works too - no use resisting that. So this would make it significantly easier to comprehend, work nicely with file-sharing schemes, and allow for complex sharing setups with people joining and leaving the group without having to redistribute the common password.

    Last edit: CorrectHorseBatteryStaple 2014-01-09
  • Dave Griffin
    Dave Griffin

    While the process does use 1 additional psafe, and 2 passwords, end users (once setup) do not need to know about the second password, that's handled automatically. It's hardly a procedure to 'right click and Run command' to open up the shared password safe and use it exactly as they'd use their own.

    If you do need to have some passwords for some users, and some for others, then these can be achieved with additional shared database files - users only have access to the ones they need, and have one entry for each in their own passwordsafe to open it up as required.

    If anyone leaves the group - you've got the same issue still of having to change the shared password no matter which method you'd use, or just remove their access to whichever shared area the safes are stored on, but don't get hung up on that, as you really ought to change all the 'shared' passwords held within passwordsafe anyway, not just the master password to any safe. (any passwords shared previously should be considered copied, and just stopping your safe from sharing them any more is not sufficient security)

    I have to say I'm in favor of any kind of functionality to simplify the sharing of passwords, however it's not a trivial thing to implement...