Feature Request: built-in PGP sharing, automatic share update option

Options
feat_ford
feat_ford
Community Member
in Mac

Having just re-reread articles on the site regarding sharing there seems to be a gap in sharing options. I can either share individual items and transmit them over my own secure method (iMessage or encrypted email are suggested), or I can share an entire vault. This works great for either a one-off-one-time share, or for sharing a secondary vault with a small group of people (e.g. having a second vault to share with immediate family members). However, this leaves a big gap in between: the need to share one or more vault items with multiple teams of people, as in a business setting.

(Example: Server ops folks need one set of passwords and the networking team needs another, but maybe the CTO wants to have both sets. Currently we need at least 3 vaults to accomplish this - CTO's personal vault, server ops vault, and networking team vault - but this quickly spirals out of control as granularity requirements increase. Furthermore, the one-off sharing option leaves a well-documented and well-warned against weakness in that anyone with a copy of 1password can import a shared item and it's up to the sharing party to make sure it stays secure - thus the recommendation of iMessage or encrypted email for transmission.)

But -- not everyone who uses 1Password uses iOS (or even necessarily trusts iMessage encryption), and even amongst security-conscious users, few use email encryption. How is the average user, even in IT environments, to manage this?

Imagine that a user wants to share a vault item. They are given the option of either setting up sharing using an email address they already own, or choosing or randomly generating a 'share.1password.com' username. 1Password then creates a PGP key pair using the user's email address or their new "user@share.1password.com" ID, and stores it in the user's vault, publishing the public key on a key server.

When someone wants to share an item, they can ask the recipient for their 1Password sharing ID (email address or share.1password.com address). 1Password generates a one-time-use encryption key and encrypts a copy of the vault item with that key. The key is then encrypted with each recipient's public key (obtained from the key server) and the whole bundle is sent along to each recipient via iMessage or Mail message (the two existing ad-hoc sharing methods). If using a share.1password.com ID, the sharing party also provides the email address of the recipient (or better yet, agilebits provides a transfer mechanism too -- could even be as simple as a pop-only email account).

The recipient clicks the link in the email or message (or 1Password automatically checks their share.1password.com email box) and 1Password authenticates and decrypts the message using standard PGP, resulting in the vault item getting imported into the recipient's vault.

As part of the process, 1Password adds the sender and recipient's PGP key IDs into the vault item itself so that any future update to the vault item can trigger either automatic or user-approved re-sharing of the item via the original sharing method. The update process repeats the original process -- generate a new key, encrypt a copy of the item, encrypt the key with the recipients' public keys, and send.

This method eliminates the problem of an intercepted ad-hoc-shared item being importable by any 1Password user, as well as providing updating for the vault items. Also note with this method, the security of the transfer service (email, iMessage, etc.) becomes more or less irrelevant -- we're relying on PGP to keep the shared vault item secure in transit, and then on 1Password to keep it secure once imported into the vault (as always). Additionally, by allowing 1Password to manage PGP keys on behalf of the user, we eliminate the scariness and complexity of PGP. Heck, you can even leave the fact that it is PGP out of the user interface except for those who click "advanced" (or read the documentation). Enabling sharing becomes a quick one time setup for your average user, after which everything is handled seamlessly by 1Password.

Thoughts?

1Password Version: 5.2.3
Extension Version: Not Provided
OS Version: OS X 10.10.3
Sync Type: Not Provided

Comments

  • Megan
    Megan
    1Password Alumni
    Options

    Hi @feat_ford ,

    Thanks so much for taking the time to write up such a detailed suggestion - you're awesome!

    It's particularly great to hear from someone who uses 1Password as a part of a team. Ever since we introduced multiple vaults in 1Password 4, we've been imagining how we can make this feature more useful and more powerful for users, so we really appreciate your feedback here. The current implementation of multiple vaults is clearly geared towards smaller groups (such as families and small teams) so the issue of granularity doesn't come up quite as often, but I can certainly see how it would be untenable as the size and complexity of groups grows.

    Specifically with respect to the sharing of individual passwords, we are currently investigating how to make this more secure, and using public/private keys is certainly something being considered. Of course, I can't comment on unreleased features, but I can tell you that implementing a feature like this requires significant changes to 1Password, so no matter what we decide, it won't be a quick fix.

    Thanks again for sharing your thoughts here, I'll be sure to pass them along to our team! :)

This discussion has been closed.