Georg/luksrku
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Original: https://github.com/johndoe31415/luksrku
7 Commits 3 Branches 4 Tags 284 KiB
C 97.4%
Python 1.2%
Makefile 0.8%
Shell 0.6%
7e27959f15
Go to file
Johannes Bauer 7e27959f15 Minimal documentation added
2016-09-22 20:57:36 +02:00
initramfs Initial import 2016-09-22 20:40:58 +02:00
.gitignore Ignore binaries as well 2016-09-22 20:50:35 +02:00
binkeyfile.c LICENSE added (GPLv3) 2016-09-22 20:47:43 +02:00
binkeyfile.h LICENSE added (GPLv3) 2016-09-22 20:47:43 +02:00
blacklist.c LICENSE added (GPLv3) 2016-09-22 20:47:43 +02:00
blacklist.h LICENSE added (GPLv3) 2016-09-22 20:47:43 +02:00
build_openssl Initial import 2016-09-22 20:40:58 +02:00
client.c LICENSE added (GPLv3) 2016-09-22 20:47:43 +02:00
client.h LICENSE added (GPLv3) 2016-09-22 20:47:43 +02:00
cmdline.c LICENSE added (GPLv3) 2016-09-22 20:47:43 +02:00
cmdline.h LICENSE added (GPLv3) 2016-09-22 20:47:43 +02:00
exec.c LICENSE added (GPLv3) 2016-09-22 20:47:43 +02:00
exec.h LICENSE added (GPLv3) 2016-09-22 20:47:43 +02:00
gen_config Initial import 2016-09-22 20:40:58 +02:00
global.h LICENSE added (GPLv3) 2016-09-22 20:47:43 +02:00
keyfile.c LICENSE added (GPLv3) 2016-09-22 20:47:43 +02:00
keyfile.h LICENSE added (GPLv3) 2016-09-22 20:47:43 +02:00
LICENSE LICENSE added (GPLv3) 2016-09-22 20:47:43 +02:00
LICENSE-header LICENSE added (GPLv3) 2016-09-22 20:47:43 +02:00
licensify Script to add LICENSE headers to all files 2016-09-22 20:48:11 +02:00
log.c LICENSE added (GPLv3) 2016-09-22 20:47:43 +02:00
log.h LICENSE added (GPLv3) 2016-09-22 20:47:43 +02:00
luks.c LICENSE added (GPLv3) 2016-09-22 20:47:43 +02:00
luks.h LICENSE added (GPLv3) 2016-09-22 20:47:43 +02:00
luksrku-config.c LICENSE added (GPLv3) 2016-09-22 20:47:43 +02:00
luksrku.c LICENSE added (GPLv3) 2016-09-22 20:47:43 +02:00
Makefile Initial import 2016-09-22 20:40:58 +02:00
msg.c LICENSE added (GPLv3) 2016-09-22 20:47:43 +02:00
msg.h LICENSE added (GPLv3) 2016-09-22 20:47:43 +02:00
openssl.c LICENSE added (GPLv3) 2016-09-22 20:47:43 +02:00
openssl.h LICENSE added (GPLv3) 2016-09-22 20:47:43 +02:00
parse-keyfile.c LICENSE added (GPLv3) 2016-09-22 20:47:43 +02:00
parse-keyfile.h LICENSE added (GPLv3) 2016-09-22 20:47:43 +02:00
README.md Minimal documentation added 2016-09-22 20:57:36 +02:00
server.c LICENSE added (GPLv3) 2016-09-22 20:47:43 +02:00
server.h LICENSE added (GPLv3) 2016-09-22 20:47:43 +02:00
util.c LICENSE added (GPLv3) 2016-09-22 20:47:43 +02:00
util.h LICENSE added (GPLv3) 2016-09-22 20:47:43 +02:00

README.md

Disclaimer

Warning luksrku is currently highly experimental software. It is not intended for production use yet. It is released following the “release early, release often” philosophy in the hope to get valuable feedback for possible areas of improvement. Please only use it when youre pretty certain that you know what youre doing. Better yet, only use it after code review. If youve reviewed my code, please let me know. Im very interested in any and all feedback. Drop it at joe@johannes-bauer.com, please. Thanks!

luksrku

luksrus is a tool that allows you to remotely unlock LUKS disks during bootup. The intention is to have headless systems running and you should be able to remotely unlock their LUKS cryptographic file systems when you know they have been (legitimately) rebooted. This works as follows: The TLS server runs on the computer which needs unlocking. This computer broadcasts a UDP packet onto the network indicating that it needs unlocking. The TLS client which knows the LUKS passphrase then catches that packet, connect to the server and sends the passphrase. The TLS configuration that is used ensures mutual authentication and perfect forward secrecy. Concretely, TLS v1.2 is used with a ECDHE handshake on Curve25519 and using the ECDHE-PSK-CHACHA20-POLY1305 cipher suite. For authentication, a 256 bit long random PSK is used. The passphrase for unlocking should be in a own keyslot (i.e., do not use a passphrase which you remember).