✅ Emergency access

@tgreer Is there some way users can participate in the planning for features like this? I’ve seen a few suggestions for implementations of this feature, but I haven’t seen anyone mention using something like Shamir’s Secret Sharing. [1] Using a 2-of-2 secret it should be possible to provide emergency access (mediated by BW) without providing BW the ability to read our data – even temporarily. I think the following workflow would work:

  1. The user who wants to enable emergency access (Bob) would first need to be able to securely share secrets with BW and with the user they are giving access to (Alice). I’m assuming this would be implemented in a similar fashion to the way secrets are shared within an organisation.

  2. Bob’s local client creates a 2-of-2 set of keys using Shamir’s secret sharing algorithm. The first key is securely shared with BW and the second key is securely shared with Alice.

  3. Bob’s local client then creates a public/private key pair. The private key is encrypted with the 2-of-2 keys and securely shared with Alice. The public key is retained within Bob’s vault.

  4. At this point, Bob can use the stored public key to encrypt secrets that can be safely stored either with BW or with Alice. I’m not familiar enough with the inner workings of BW to guess the best way to secure the emergency access. One option is to encrypt everything Bob wants to give Alice emergency access to with the public key and share the resulting cypher text with Alice. If BW uses per-item symmetric keys or something like that, they symmetric key could be encrypted with the public key and sent to Alice.

  5. At some point in the future, Alice wants access to the secrets Bob has shared. Alice then asks BW for the second key in the 2-of-2 set. BW would then go through whatever business process they have established to (a) verify Alice’s identity and (b) verify there is a real emergency. If that process ends in a decision to give Alice access, BW then discloses the stored second secret to Alice. Her local client can then use the 2-of-2 key to decrypt the private key, and the private key to decrypt the data/symmetric key giving her access to the secret.

This is not a perfect system – enabling it definitely lowers the overall security of Bob’s BW vault. I can’t think of a better way to accomplish the same thing, though. One way to mitigate the potential impact is for BW to commit to storing their half of the 2-of-2 key set so that human intervention is required to disclose the second secret. Using a hardware HSM or an air-gapped system for retrieval maybe?

[1] https://en.wikipedia.org/wiki/Shamir's_Secret_Sharing

  • caveat emptor: I’m not a cryptography professional, but I think I know enough to be dangerous. The folks at BW probably understand what I described better than I do. They’ve probably come up with a better scheme. I don’t know what they’re working on, though, so I wanted to share the one way I could see this actually working.
2 Likes