Login with roles without internet
Disclaimer: question orignally posted here but i was encouraged to ask it in this stack instead.
Introduction part
I'm writing an application that requires authentication to be used, specifically the database and config file can only be read an authenticated user. Important note, each user has his own DB that is encrypted with a user specific key. However this authentication is done locally only as it must work without internet connection.
Here's how it's implemented currently:
- The user types its login and password, which is given in a KDF (Scrypt) with an added random salt resulting in key K1.
- K1's hash is compared with the expected hash stored on the disk. If correct, the user is "logged in" and can proceed to decrypt a second key using K1 (not the hash).
- If the decryption of the second key (K2) is correct the user can use it decrypt the database and config files.
Note, those AES blocks work in GCM mode so we have integrity checks as well.
I know that some attacks are possible, you could tamper with those files to prevent a user to log in or access his data but there are mitigations for that. You could also modify the hash of the key to "log in" but you wouldn't be able to decrypt the second round key so it's pointless.
I believe that this part is safe and only users have an account can access their data. (But if you see something wrong with it let me know)
Now on to the question
On top of this system I now need to have a specific account that would have elevated privileges once logged into the application for maintenance purposes. I tried working out something that would allow a user to prove he's admin but I always find ways for another user to impersonate the admin.
Can you think of a way to achieve that ? Or is a third party required ? I can definitely see it being done with a certificate that must be validated by a server but I can't figure out if it's possible without a server.
Any help is appreciated, thanks !
Example 1 To maybe help clarify, here's an example of something that wouldn't work
Add a special file, let's call it admin.bin, encrypted in AES-GCM with the admin's K2, containing some data. On login if the user can decrypt the file correctly we give him admin rights. But then any user could just regenerate this file with their own K2 to get admin rights. It would work if we put a server signed certificate in the file, so we need to be able to decrypt the file AND have the server validate the certificate.
Example 2 Here's my best idea to make it work without a 3rd party:
Create a file called admin.bin, encrypt it with the admin's account K2 The file contains a certificate signed by a secret key, the public key to this secret key is hardcoded in the executable. On login, the app can verify that the user can 1) decrypt the admin file, 2) the certificate is valid.
I think the only way to attack this is to modify the executable to change the public key that's hardcoded in the app. So it's not really safe, but probably the only way to do without a 3rd party.
