FOKS: Federated Open Key Service

A Simple Key Hierarchy To power applications like the Git and KV-Store shown above, FOKS needs a shared symmetric key for all readers and writers of the data, available only to the authorized devices, teams users and keys that the authors specify. FOKS achieves this natural application requirement with a simple key hierarchy. Everything starts with base-level keys, like user device keys, backup keys, or YubiKeys. Device keys are generated on user devices and never leave the machine they are generated on. They are protected locally with system-specific encrypted stores where possible, and passwords where not. Other base-level keys include backup keys (for which a human-readable code is the seed), or YubiKeys. Every user of the system has a sequence of per-user-keys (PUKs) at the next level up the hierarchy. The secrets seeds for these keys are encrypted for all available base-level keys. A PUK rotates whenever a base-level key is removed. At the next level up there are teams, which work much like users. All members of the teams share per-team-keys (PTKs), which are encrypted for the team's members, be they users (via PUKs) or teams (via recursive PTKs).