Releases · syseleven/shared-secrets

This new version introduces a major change to the database as the primary key of the secrets table is extended with the keyid a fingerprint belongs to. This is necessary so that the database supports proper key rollovers without fingerprint collisions between keys. The following steps describe how to properly update an existing database:

Download the public key of your instance:

wget -O "./secrets.pub" "https://example.com/pub?plain"

Generate the hexadecimally encoded public key keyid:

openssl rsa -pubin -in "./secrets.pub" -pubout -outform DER 2>/dev/null |
openssl dgst -sha256 -binary |
xxd -p |
tr -d "\n" &&
echo

Add the new keyid column to the existing database table:

ALTER TABLE secrets ADD COLUMN keyid VARCHAR(64) FIRST;

Fill the database with the keyid from step 2:

# setting time=time prevents the timestamps from being updated
UPDATE secrets SET time=time, keyid='<PUBLIC KEY KEYID>';

Change the primary key constraint of the existing database table:

ALTER TABLE secrets DROP PRIMARY KEY, ADD PRIMARY KEY (keyid, fingerprint);

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Releases: syseleven/shared-secrets

prevent deprecation notice in PHP 8.0 and above

specify columns on insert to be more robust regarding schema changes

increased PBKDF2 iteration count for v00 encryption from 10000 to 512000

introduce the support for configuration via environment variables

updated jQuery and fixed typo

introduced IMPRINT_TEXT option Edit

introduced JUMBO_SECRETS option

improved and fixed key rollover support and the README

creating secret sharing links and downloading the public key is now possible with only RSA public keys set as RSA_PRIVATE_KEYS

fixed read-only mode, introduced share-only mode, introduced human-readable public key download 403 response codes on errors