← Blog

2022-03 · Concept Author

E2EE Concept for REI3 Password Management

Concept paper for implementing an end-to-end encrypted password manager in REI3, designed to keep credentials secure even if the server is compromised, while still supporting password sharing and auditing across teams.

Overview

REI3 is a low-code platform for self-contained business applications. This concept paper explores how an integrated password manager can be built into the platform with end-to-end encryption, with the goal of keeping sensitive credentials secure even if the server is compromised or distributed internally within an organisation.

Core Concept

Server-side zero knowledge

The design ensures the server never receives plaintext passwords at any point. Encryption and decryption happen exclusively client-side using user-controlled keys.

Sharing despite encryption

Despite full client-side encryption, targeted password sharing within a team remains possible, realised through asymmetric re-encryption using each recipient’s public key.

Auditing

Auditability is maintained through a cryptographically secured log that enables access traceability without exposing plaintext data.

Threat model

The concept explicitly includes a compromised server as a threat scenario and demonstrates that data confidentiality is fully preserved under this condition.

Result

The concept paper has been published and is available for download on the REI3 website. REI3_e2ee_concept.pdf