To enable such changes, we'll provide a binary and subcommands (e.g., svnpass set-password).
#ATLASSIAN SVN CLIENT PASSWORD#
(On the other hands, we would explicitly like to support moving the whole auth store from one machine to another!) Most practically, this means keeping all the encrypted bits in a single file (flat file, SQLite DB, or otherwise), which can also help us ensure atomicity when we need to re-enrypt the store during a master password change event. Ideally, we treat the encryption store as a single atomic unit, discouraging users from trying to partially move encrypted bits from one machine's auth store to anothers. Tooling (API functions and binary support) to allow users to set/change their master passphrase without destroying their credential cache.Those can be as sensitive as passwords in some contexts. Encrypted usernames and realmstrings, too.Otherwise, we'll need to prompt the user for the passphrase. Where the user has enabled third-party secure storage mechanisms (see EncryptedPasswordStorage), we can store the master passphrase (or a hash thereof) in those mechanisms, and retrieve it automatically from the same. A way to acquire the master passphrase.Probably a runtime configuration variable ( use-master-passphrase=true, e.g.).
A mechanism for telling Subversion to actually use a master passphrase.APR/APRUtil 1.4 should provide the required crypto algorithm and random data generation functionality – we'll look for the apr_random_standard_new() and apr_crypto_passphrase() functions at configure time. We want to use AES-256 encryption/decryption in CBC mode (see below), and PBKDF2 for key generation. A pleasantly licensed encryption library which is available on all client platforms.Implementation Thoughts High-level notions Essentially, any existing keystore integration which today can be used to store a bunch of passwords could instead be used to store just a single master passphrase.
#ATLASSIAN SVN CLIENT MAC OS X#
Similar is true on Mac OS X using the Keychain.
#ATLASSIAN SVN CLIENT WINDOWS#
On Windows, command-line clients and GUI clients alike needn't query for the master passphrase once that passphrase itself has been cached using Windows Cryptographic Services. This would render the credential cache useful only insomuch as it reduces the potentially boundless amount of site credentials the user must memorize to a single item: the master password itself.įortunately, both the command-line client and GUI clients can benefit from existing integrations with encrypted stores on the various operating systems. Long-lived Subversion GUI clients could query the user for his or her master passphrase the first time the local credential cache is consulted, and remember that passphrase for the lifetime of the application, just like Firefox does.īut what about the relatively short-lived command-client? Obviously, if naively implemented, a user would need to provide the master passphrase as often as they would their actual repository credentials if caching was not available at all. Subversion should be able to do something similar, allowing users to optionally employ a master passphrase which is used to encrypt and decrypt other sensitive information stored in its authentication credential cache(s). Firefox will challenge the user for the master password the first time it needs to consult its credentials cache, and will leave the cache "unlocked" for the duration of the application's lifetime. This password (or passphrase) is used to encrypt the on-disk cached site credentials, functioning effectively the same way that a keyring provider and associated passphrase would work. However, Firefox allows you to optionally configure a "Master Password". Site credentials are cached on disk, and in plaintext by default. Like all popular web browsers, Mozilla Firefox allows you to optionally cache passwords used for site logins.