2024-08-05 19:23:29 -07:00
|
|
|
# TODO
|
|
|
|
|
|
|
|
|
|
There's lots of things to add.
|
|
|
|
|
|
|
|
|
|
- TLS
|
|
|
|
|
- Autorenew this with an ACME server (eg, Boulder; use the Lego library)
|
|
|
|
|
- self-host the Boulder server & add the main CA pubkey to the client
|
|
|
|
|
- Work with self-signed stuff for now tho
|
|
|
|
|
- Authentication
|
|
|
|
|
- Give each client an API key
|
|
|
|
|
- Limit decryption keys that client can access?
|
|
|
|
|
- Admin UI on the server
|
|
|
|
|
- Manage client accounts
|
|
|
|
|
- Import public keys
|
|
|
|
|
- Add/Remove keys
|
|
|
|
|
- Private Key autorotation
|
|
|
|
|
- PGP Public Key Server
|
|
|
|
|
- a la keys.openpgp.org
|
|
|
|
|
- two servers? one public (company pub keys), one internal (customer pub
|
|
|
|
|
keys)
|
|
|
|
|
- Encryption groups
|
|
|
|
|
- Add a number of public keys to a group. When the client encrypts to a
|
|
|
|
|
group, use all the keys.
|
|
|
|
|
- Auto-remove expired keys from groups
|
2024-08-05 19:54:45 -07:00
|
|
|
|
|
|
|
|
## Technical TODO
|
|
|
|
|
|
|
|
|
|
More specific stuff
|
|
|
|
|
|
|
|
|
|
- Wrap keys in Armor when sending over the wire
|
|
|
|
|
- Figure out sending multiple keys in the same request. Wrap in json? Can
|
|
|
|
|
Armor handle multiple keys? Can I just concatinate multiple Armored keys?
|
|
|
|
|
- Auto-generate self-signed certs for testing TLS
|
|
|
|
|
- Password protect private keys?
|
|
|
|
|
- Where would this password be stored?
|
|
|
|
|
- Keys would ultimately need to be stored on disk *somewhere*, and they can't
|
|
|
|
|
be unprotected there.
|
|
|
|
|
- Reorganize code to split client and server and a common lib
|
|
|
|
|
- Look at KMIP. Do I want to implement this?
|
