Intro: what is Sesto
Sesto (abbreviation for Secret Store) is open source passwords (and general secrets) manager for web.
What sets Sesto apart from many other password managers is:
it's web password manager, e.g. you don't need local client to run it, only have compatible browser (Google Chrome with PNaCl modules enabled), the application is downloaded from Sesto server.
for a clientless web password manager, it's strong security model: most web password managers are built either on JS crypto (which is bad), or rely on simply protecting your data via SSL and with some arbitrary keys on server side. Sesto protects everything stored on server with client keys, and does not have any access to the data; moreover, Sesto performs all client-side decryption in a safe and secure manner.
Sesto was designed as one of proof of concept tools during the development of Themis and Toughbase, where we assess different techniques in implementing data manipulation schemes for sensitive data.
Sesto allows you to store your secrets in tree-like structure:
It works in your web browser, which downloads all code from the server, but is a compiled Google Chrome application, which sets it aside from weaker apps with JS encryption or transmitting data over plain HTTPS.
Sesto server is written in Python, Sesto front-end is combination of PNaCl module (C++) and JS/CSS/HTML interface. Sesto utilizes our Themis library and it's WebThemis port.
Enough of this! Just bring me the code! There's readme there, but to learn more about inner workings of Sesto, you might still want to read this post.
Architecture
Server
The server is built in Python. It solves 2 main tasks:
Serve clients PEXE + JS/HTML code in response to HTTP GET /
Talk to PNaCl application and work as it's backend via WebScokets
Client
Client consists of 3 main parts:
JS/HTML front-end
PNaCl module containing
Sesto code
WebThemis as crypto library for Sesto
Security model
Communication
All client-server communication between running sesto app and server happens via websocket, over which we establish secure session with shared keys.
Each time server restarts, it regenerates keypair and shares public key with client via new HTML.
HTML part does not work with anything related to cryptography (here's why), all cryptographic transformations happen within PNaCl module, which then just uses JS to transmit strings to put into interface.
Storage
(see storage model below)
Sesto stores a tree of records, each record is either a folder or a file. Each file is encrypted with unique random 64-byte key, these keys are held in folders (parent nodes), this way only those having access to folder nodes are able to decrypt them and see the files.
Sesto sends to the client only selected nodes of the tree, thus minimizing potential leakage scope. All records are decrypted on client, and sequence of chunks necessary to reconstruct end-node's random password is unknown to Sesto itself since even to decrypt the root node (which lists all folders and files), Sesto needs user password, which user never sends.
Storage model
All data is stored in a tree of "folders and files" in SQLite database in two tables: data and users:
data table contains pairs of id:data, where data is Secure Cell Seal Mode JSON container, encrypted by user's password for corresponding root_id. It can be either:
folder, containing list of files with their random passwords
file, encrypted with random password
1. Folder with links to other containers:
{ "type":"folder",
"name": <name>,
"desc": <description>
"context": [<id>:<password>,
<id>:<password>,
.....
<id>:<password>]
}name and description are values for the interface. context carries list of id:password pairs, where each id is a link to id column value of some other object, whose data field is encrypted with password.
2. The file itself
{
"type":"file",
"name":<name>,
"desc":<description>
"context":[{"key":<name>,
"val":<data>,
"txt":<is text field>,
"sec":<is addition encrypted field>},
....]
}sec flag denoted whether the data field is additionaly encrypted by user password.
Installing and running
Prerequisites
Your machine has to have Python3 and pip3 to use python part
You have to install libssl-dev
Installing
git clone https://github.com/cossacklabs/themis
cd themis
make SECURE_COMPARATOR=enable
sudo make SECURE_COMPARATOR=enable install
cd ..
git clone https://github.com/cossacklabs/sesto
cd sesto
pip3 install -r requirements.txt
python3 add_user.py test_user test_pass Running
python3 server.pyor add -v to get into verbose mode.
Server will run on port 5103 of the machine you've launched it on.
Now just go do http://serveraddr:5103 and you should see a login screen.
Tweaking Sesto (for developers)
Sesto is open-source under Apache2 license and we'll be glad if someone tries to build something interesting and sophisticated on top of this simple PoC code.
Web part
Web part consists of PNaCl object doing all security stuff and JS/HTML part. They communicate via _client JS object.
Web part consists of Sesto code, which is in sesto_pnacl_module.cc, which:
sets up WebSocket connection to server
establishes Secure Session connection over it
authenticates users via Secure Comparator
provides chunks of encrypted database to user on-demand by
id.
...and WebThemis library itself with code in /webthemis/ folder.
To rebuild it after tweaking, you will need:
themis installed with Secure Comparator enabled (see Installing section)
NaCl SDK
create environment variable
PNACL_ROOTwith path to installed SDK files.
Now, clone repository with all submodules and build WebThemis and Sesto:
git clone https://github.com/cossacklabs/sesto
cd sesto
git submodule update --init --recursive
cd webthemis
make
cd ..
makeYou might want to refer to webthemis documentation for some additional details on how WebThemis works.
Server part
Server.py is very simple Python Server, doing 4 things:
Serving Sesto binaries and design to HTTP customers
Establishing Secure Session over websockets
Authenticating the user
Giving the user object by id, and handling edit/update operations.
Good Luck!
And if you'd like to get in touch, drop us a line by any convenient method
