Why Masada? One of the best fortifications in history. Withstood bombardment from the Romans for an entire year. https://www.wearethemighty.com/mighty-history/5-worlds-strongest-fortifications-ever/
Command line. Install via either python pypi (similar to shodan) or via go get or via homebrew or other package manager.
Initial offering: self-hosted server and clients, or hosted version that is paid
Example:
"pip install madasa"
First run should ask for login. Can be a simple username and auth token for MVP but move to send email, get code, and put in code. To sign up you simply email me and I generate a user account for you after proof of payment.
We cannot decrypt you database of data, even if we tried. We will see how close we get to this for the MVP.
Asymetric using public / private key rsa https://www.geeksforgeeks.org/how-to-encrypt-and-decrypt-strings-in-python/ https://stackoverflow.com/a/68187535/1215344
When a user account is created, a master pub/private key set will be created and stored on server, the public key will be in the user hashmap in redis The public key and private key are created unique with each clientid and generated and stored locally on the client only.
Steps to create new client on new machine:
- decrypt current data in redis using master pub/private keys
- transfer data to new client via redis api
- create new pub/private keys on client
- encrypt each object that is considered discreet string
- load transferred data into new client sqlite encrypted
Note: any time the client is access, the strings are first decrypted
Client: SQLite Server: Redis Backup: Disk (set in Redis conf to write to disk every n seconds as well as backup location)
Redis and Python seems like the easiest approach.
Rudimentary approach:
- When someone emails me for new account, I create a new user hashmap in Redis based on the username they request
- client logs in -> status logged in Redis with clientid created / updated
- Upon initial password / secure note added, the sqlite database is created on the client and the data is synced back to Redis
- Log in on new machine, new client id added and, after confirmation, the data is synced from Redis down to the sqlite on the new client.
- Wipe abilities via command line option with confirmation that deletes the sqlite databases on ALL clients and wipes Redis of all secure data, but keeps user account info
Redis as well.
redis list -> users and date of signup in form of username:uuid, e.g.: username:uuid username:uuid etc.
redis hashmap in form of username:uuid ->
- username
- pass token
- account expiration
- account create date
- paid status
- client ids array
- user uuid
- public key master
redis hashmap in form of userid-token-hash:securedata ->
- login info that are URL based, e.g. URL -> user & pass
- secure notes, e.g. max 3000 characters anything that is a string works
That is it for MVP!
Server / Client architecture. Capable of running your own server and using the ip address in the config file for the client. The hosted version will have the default domain that can be load balanced as needed.
$5 per month or $50 per year per user.
Add GUI desktop app.
Add browser add-on.
Add "travel mode" that dumps all data for user into hidden vault and cannot be unlocked until they provide extra authentication by a secret pass they set. If they provide user and password to authorities, it will give them fake login data and passwords and secure notes to appear like they unlocked the real thing.
Pass (https://www.passwordstore.org/) is a linux native password manager. There is no syncing across clients. It has a nice ecosystem of add-ons and clients.