The cypherlock from jonathanlogan

cypherlock's Introduction

Cypherlock

Ratchet based key expiry tool against forced decryption and for expiring backups.

PROOF OF CONCEPT CODE - DO NOT USE IN PRODUCTION UNLESS YOU KNOW EXACTLY WHAT YOU DO

Requirements:

Linux knowledge
Raspberry Pi

Installation

go get -u -v github.com/JonathanLogan/cypherlock/cmd/...

Usage

First we create a new Cypherlock server:

$ cypherlockd -create
cypherlockd: minimal Cypherlock server
Server created.
SignatureKey: 8ad30073d3b5090eae94715304ec0916ea77bde2b3c3512e51ac55453bbe0c77

Then we let it run on the default interface (change interface with -addr):

$ cypherlockd -serve
cypherlockd: minimal Cypherlock server
Serving...
SignatureKey: 8ad30073d3b5090eae94715304ec0916ea77bde2b3c3512e51ac55453bbe0c77

Now we want to encrypt a time-locked secret file:

$ exec 3<secret; cypherlock -create -sigkey 8ad30073d3b5090eae94715304ec0916ea77bde2b3c3512e51ac55453bbe0c77
Please enter passphrase (no echo):
Please repeat passphrase (no echo):

Lock created. From "Wed Sep 19 22:40:27 +0000 UTC 2018" to "Wed Sep 19 23:10:27 +0000 UTC 2018"

To unlock the time-locked secret via the Cypherlock server and store it in file secret2:

$ exec 3>secret2; cypherlock -unlock -sigkey 8ad30073d3b5090eae94715304ec0916ea77bde2b3c3512e51ac55453bbe0c77
Please enter passphrase (no echo):

Now we have the content of the original secret file in secret2.

Presentations

Cypherlock at BalCCon2k18

cypherlock's People

Contributors

Stargazers

Watchers

cypherlock's Issues

[documentation enhancement request] - add usage patterns and expected results

I've been experimenting a bit with cypherlock.

I created a cypherlockd server and am confused by several of the parameters.
cypherlockd allows you to specify genperiod and keyperiod.

I am assuming genperiod is the maximum amount of time that the lock can be extended or active for?
I assume that keyperiod is how often to ratchet private key so for that is somewhat clear.

The question comes on how cypherlock interacts with cypherlockd.

When you run extend on client - does this extend the validity period for the current ratchet? So if keyperiod is 900 seconds (15 minutes), and you run extend on client, does this add 15 minutes to ratchet on cypherlockd server?
During your talk you mention that you can provide the expired password, however, after letting my password expire it seems like cypherlock -unlock using correct password and incorrect password both responds with the same error message: ERR:/tmp/cypherlock is a directory so seemingly there is no dialog that responds with "password expired" or "incorrect password".

Recommend Projects