2022-03 · Concept Author
E2EE Concept for REI3 Password Management
Concept paper for implementing an end-to-end encrypted password manager in REI3, designed to keep credentials secure even if the server is compromised, while still supporting password sharing and auditing across teams.
Overview
REI3 is a low-code platform for self-contained business applications. This concept paper explores how an integrated password manager can be built into the platform with end-to-end encryption, with the goal of keeping sensitive credentials secure even if the server is compromised or distributed internally within an organisation.
Core Concept
Server-side zero knowledge
The design ensures the server never receives plaintext passwords at any point. Encryption and decryption happen exclusively client-side using user-controlled keys.
Sharing despite encryption
Despite full client-side encryption, targeted password sharing within a team remains possible, realised through asymmetric re-encryption using each recipient’s public key.
Auditing
Auditability is maintained through a cryptographically secured log that enables access traceability without exposing plaintext data.
Threat model
The concept explicitly includes a compromised server as a threat scenario and demonstrates that data confidentiality is fully preserved under this condition.
Result
The concept paper has been published and is available for download on the REI3 website. REI3_e2ee_concept.pdf