itupdate doc - coffin - secure lan file storage on a device Err parazyd.org 70 hgit clone git://parazyd.org/coffin.git URL:git://parazyd.org/coffin.git parazyd.org 70 1Log /git/coffin/log.gph parazyd.org 70 1Files /git/coffin/files.gph parazyd.org 70 1Refs /git/coffin/refs.gph parazyd.org 70 1Submodules /git/coffin/file/.gitmodules.gph parazyd.org 70 1README /git/coffin/file/README.md.gph parazyd.org 70 1LICENSE /git/coffin/file/LICENSE.gph parazyd.org 70 i--- Err parazyd.org 70 1commit c58213dbcdb7a8477b7f959836349c2361775b85 /git/coffin/commit/c58213dbcdb7a8477b7f959836349c2361775b85.gph parazyd.org 70 1parent 14f478dc78b5d37fa6b5730df4ad6203fa7b37e5 /git/coffin/commit/14f478dc78b5d37fa6b5730df4ad6203fa7b37e5.gph parazyd.org 70 hAuthor: parazyd URL:mailto:parazyd@dyne.org parazyd.org 70 iDate: Mon, 10 Oct 2016 13:46:08 +0200 Err parazyd.org 70 i Err parazyd.org 70 iupdate doc Err parazyd.org 70 i Err parazyd.org 70 iDiffstat: Err parazyd.org 70 i M README.md | 33 ++++++++++++++++++++++++------- Err parazyd.org 70 i Err parazyd.org 70 i1 file changed, 26 insertions(+), 7 deletions(-) Err parazyd.org 70 i--- Err parazyd.org 70 1diff --git a/README.md b/README.md /git/coffin/file/README.md.gph parazyd.org 70 it@@ -1,8 +1,12 @@ Err parazyd.org 70 i-# COFFIN Err parazyd.org 70 i+COFFIN Err parazyd.org 70 i+====== Err parazyd.org 70 i+ Err parazyd.org 70 i ## Crypto Office Filer For Important Nuggets Err parazyd.org 70 i+ Err parazyd.org 70 i Secure dedicated LAN file storage made easy Err parazyd.org 70 i Err parazyd.org 70 i ## What is this nonsense? Err parazyd.org 70 i+ Err parazyd.org 70 i A coffin is a dedicated device you can use to keep your files on a safe Err parazyd.org 70 i and encrypted place. The core workflow of the coffin is having a key Err parazyd.org 70 i that is autodetected by the device once plugged in. Once detected, the Err parazyd.org 70 it@@ -15,13 +19,15 @@ files are once again unreadable. Err parazyd.org 70 i Install the needed dependencies on a Debian-based distro: Err parazyd.org 70 i Err parazyd.org 70 i ``` Err parazyd.org 70 i-; sudo apt-get install zsh cryptsetup libgcrypt20-dev apache2 wipe sshfs inotify-tools pinentry-curses pwgen gettext haveged sudo Err parazyd.org 70 i+; sudo apt-get install zsh cryptsetup libgcrypt20-dev apache2 wipe sshfs inotify-tools pinentry-curses pwgen gettext haveged sudo openssl Err parazyd.org 70 i ``` Err parazyd.org 70 i Err parazyd.org 70 i-Clone this repository to the device you will be using. Err parazyd.org 70 i+Clone this repository to the device you will be using and update repo's Err parazyd.org 70 i+submodules. Err parazyd.org 70 i Err parazyd.org 70 i ``` Err parazyd.org 70 i ; git clone https://github.com/parazyd/coffin.git coffin && cd coffin Err parazyd.org 70 i+; git submodule update --init Err parazyd.org 70 i ``` Err parazyd.org 70 i Err parazyd.org 70 i Run `make` in order to compile tomb's KDF modules. Err parazyd.org 70 it@@ -31,21 +37,21 @@ Run `make` in order to compile tomb's KDF modules. Err parazyd.org 70 i ``` Err parazyd.org 70 i Err parazyd.org 70 i Run `make install` as root in order to install and configure your Err parazyd.org 70 i-device. Err parazyd.org 70 i+machine. Err parazyd.org 70 i Err parazyd.org 70 i ``` Err parazyd.org 70 i ; sudo make install Err parazyd.org 70 i ``` Err parazyd.org 70 i Err parazyd.org 70 i-## Notes Err parazyd.org 70 i- Err parazyd.org 70 i ## Usage Err parazyd.org 70 i+ Err parazyd.org 70 i After installation, you will end up with an initscript in /etc/init.d/coffin Err parazyd.org 70 i You can start coffin by issuing `/etc/init.d/coffin start` as root and the Err parazyd.org 70 i watch script will begin to watch your /dev for new devices. You can see Err parazyd.org 70 i coffin's output by issuing (as root) `tail -f /var/log/coffin` Err parazyd.org 70 i Err parazyd.org 70 i ### Hooks Err parazyd.org 70 i+ Err parazyd.org 70 i Hooks are oneliners written on your USB key which will trigger actions Err parazyd.org 70 i on the coffin depending on their content. You can either create them Err parazyd.org 70 i manually or use ready scripts (GUI or CLI) from the `helpers` directory. Err parazyd.org 70 it@@ -55,35 +61,43 @@ reading. Actually, read anyway, it will give you insight on how coffin Err parazyd.org 70 i works. Err parazyd.org 70 i Err parazyd.org 70 i #### Hook syntax Err parazyd.org 70 i+ Err parazyd.org 70 i ``` Err parazyd.org 70 i action:userName:tombName:options Err parazyd.org 70 i ``` Err parazyd.org 70 i+ Err parazyd.org 70 i So far there are only two actions (create, delete) but more are to be Err parazyd.org 70 i added in the future. Err parazyd.org 70 i To create a hook, add one or more to the `.coffin` directory in a file Err parazyd.org 70 i called `hook`. Separate each hook with a newline. Err parazyd.org 70 i+ Err parazyd.org 70 i ##### Create hook Err parazyd.org 70 i+ Err parazyd.org 70 i ``` Err parazyd.org 70 i create:userName:tombName:tombSize:features Err parazyd.org 70 i create:undertaker:myAwesomeCrypt:50:webdav:sshfs Err parazyd.org 70 i ``` Err parazyd.org 70 i+ Err parazyd.org 70 i So, to create a tomb, you will have to choose a username, a tomb name Err parazyd.org 70 i and the size of your choice (in MiB). This is the bare minimum. Err parazyd.org 70 i There are also features like `webdav` or `sshfs` that can be used to Err parazyd.org 70 i access your files. Err parazyd.org 70 i+ Err parazyd.org 70 i Currently implemented features: Err parazyd.org 70 i * WebDAV Err parazyd.org 70 i-* SSHFS Err parazyd.org 70 i+* SSH(FS) Err parazyd.org 70 i Err parazyd.org 70 i Important note is that if you use any of the features listed above you Err parazyd.org 70 i will have to add according files as well. For more info, please consult Err parazyd.org 70 i the README file inside the `conf/` directory. Err parazyd.org 70 i Err parazyd.org 70 i ##### Delete hook Err parazyd.org 70 i+ Err parazyd.org 70 i ``` Err parazyd.org 70 i delete:userName:tombName Err parazyd.org 70 i delete:undertaker:myAwesomeCrypt Err parazyd.org 70 i ``` Err parazyd.org 70 i+ Err parazyd.org 70 i To delete an existing tomb, you will have to reuse your username you Err parazyd.org 70 i used to create that tomb, and the tomb's name. You will also have to Err parazyd.org 70 i have the tomb's keyfile along with it in order to delete your stuff. Err parazyd.org 70 it@@ -91,6 +105,7 @@ Coffin will automatically delete your WebDAV info, but will keep the ssh Err parazyd.org 70 i key if there is any. Err parazyd.org 70 i Err parazyd.org 70 i #### Okay, I made a hook (I think?). What do I do now? Err parazyd.org 70 i+ Err parazyd.org 70 i Provided it's correct, just plug your USB key to a box running coffin Err parazyd.org 70 i and the magic happens. Coffin will recognize if there are any hooks and Err parazyd.org 70 i perform according actions. After your first tomb is created, you can Err parazyd.org 70 it@@ -98,12 +113,15 @@ plug the USB key back into your computer and there you will find some Err parazyd.org 70 i new files coffin needs to work correctly. Err parazyd.org 70 i Err parazyd.org 70 i ##### ttab Err parazyd.org 70 i+ Err parazyd.org 70 i The ttab is a file holding info on your tombs. It's syntax is Err parazyd.org 70 i supersimple: Err parazyd.org 70 i+ Err parazyd.org 70 i ``` Err parazyd.org 70 i userName:tombName:dostuff Err parazyd.org 70 i undertaker:myAwesomeCrypt:true Err parazyd.org 70 i ``` Err parazyd.org 70 i+ Err parazyd.org 70 i You already recognize your username and tomb name. The third part is a Err parazyd.org 70 i boolean value, telling coffin to either do stuff with this tomb or leave Err parazyd.org 70 i it alone (ex: to open/close or not to open/close). You will have to edit Err parazyd.org 70 it@@ -115,6 +133,7 @@ into the coffin box and depending on the boolean value, coffin could Err parazyd.org 70 i close your tomb and make your files unreadable and encrypted :) Err parazyd.org 70 i Err parazyd.org 70 i #### How do I access my files? Err parazyd.org 70 i+ Err parazyd.org 70 i If you haven't added any features like WebDAV, your only way is Err parazyd.org 70 i accessing your files the way you accessed your box when installing. Err parazyd.org 70 i If you've enabled WebDAV, just use a WebDAV client and connect to your Err parazyd.org 70 .