Mozilla SOPS. 2 out of 3 users have to present their PGP keys to decrypt. How Alice & Bob make sure that other won't steal their private key?

Question

Lets imaging we have configured in sops.yaml that 2 out of 3 users have to present their private keys to decrypt the encrypted values. Lets imagine a situation Bob and Alice decided to change the file settings and before doing so they need to decrypt the file. So they need present their private keys. How both Alice and Bob make sure that the other won't steal their key? What protocol both Bob(Alice) them should follow to make sure that Alice(Bob) won't steal their private key and their passphrase?

Today quite often things are doing remotely when we're working from home. Let's think both of them seating at home and connecting remotely to their work machines using something RDP, Citrix, etc. How do they decrypt and update the file?

If we change config instead of 2 out of 3 to be 3 out of 5, will anything change significantly in the protocol? Will it work?

You might do better asking about this on [security.se] – Tangentially Perpendicular Jul 05 '23 at 03:40 — Tangentially Perpendicular, Jul 05 '23 at 03:40

score 0 · Answer 1 · answered Apr 13 '23 at 07:03

0

Multi-party computation potentially can be used details here https://en.wikipedia.org/wiki/Secure_multi-party_computation Not clear how this can be used together with SOPS.

answered Apr 13 '23 at 07:03

Alex K

135
1
12

Mozilla SOPS. 2 out of 3 users have to present their PGP keys to decrypt. How Alice & Bob make sure that other won't steal their private key?

1 Answers1