Commit | Line | Data |
---|---|---|
53263601 MW |
1 | distorted.org.uk KEY MANAGEMENT |
2 | ||
3 | The various files are organized into subdirectories as follows. | |
4 | ||
5 | infra/ Infrastructure keys used to keep this system going. | |
6 | recov/ | |
7 | ||
8 | File extensions used are as follows. | |
9 | ||
10 | .pub Seccure public key. (See description of Seccure data | |
11 | formats below.) | |
12 | ||
13 | .recov Seccure ciphertext of key | |
14 | ||
15 | ||
16 | ||
17 | recov.pub `seccure' public key for recovery | |
18 | ||
19 | krb5-master Kerberos master password | |
20 | bkp-LABEL LUKS keyfile for backup volume LABEL | |
21 | disk-HOST LUKS keyfile for HOST's disk | |
22 | ||
23 | keys/ | |
24 | |- keeper/ | |
25 | | '- KEEPER/ | |
26 | | |- meta | |
27 | | '- I.pub | |
28 | |- key/ | |
29 | | '- ??? | |
30 | '- recov/ | |
31 | '- RECOV/ | |
32 | |- keepers | |
33 | |- current@ | |
34 | '- I/ | |
35 | |- pub | |
36 | |- KEEPER.param | |
37 | |- KEEPER.I.share | |
38 | '- SECRET.recov | |
39 | ||
40 | ||
41 | * Reference | |
42 | ||
43 | ** Asymmetric cryptography | |
44 | ||
45 | I've used B. Poettering's Seccure package for my asymmetric | |
46 | cryptography. It's been in Debian for a fair while and seems sane. If | |
47 | you're interested in what it does, I wrote my own implementation in | |
48 | Python. It seems pretty sensible, actually. It uses ECIES with AES | |
49 | in counter mode, and SHA256-HMAC for asymmetric encryption, and a | |
50 | variant of ECDSA with SHA512 for signatures. | |
51 | ||
52 | Seccure wants to read a single line of stuff as a passphrase. I use | |
53 | this rune to generate a public key. | |
54 | ||
55 | dd if=/dev/random of=master bs=1 count=512 | | |
56 | openssl sha384 -binary >priv | |
57 | ||
58 | To derive the public key, I say this: | |
59 | ||
60 | openssl base64 -in priv | seccure-key -q -F/dev/stdin -cp256 >pub | |
61 | ||
62 | For encryption, I use a 128-bit MAC. For decryption, you need this rune. | |
63 | ||
64 | openssl base64 -in priv | | |
65 | seccure-decrypt -q -F/dev/stdin -m128 ciphertext | |
66 | ||
67 | ** Secret sharing | |
68 | ||
69 | I've written my own tool for doing Shamir secret sharing. The | |
70 | underlying machinery is compatible with Daniel Silverstone's `gfshare' | |
71 | program and my Catacomb library's secret sharing. My `shamir' program | |
72 | has a number of important differences: | |
73 | ||
74 | * it produces output as plain text files which can be transported | |
75 | easily and so on; | |
76 | ||
77 | * it includes metadata, such as the number of shares, the threshold, | |
78 | and a hash of the final secret, along with the share data; | |
79 | ||
80 | * it stores the share index with the share data too, rather than | |
81 | encoding it in the file name where it's likely to be lost; and | |
82 | ||
83 | * it doesn't choose random share indices when issuing shares, | |
84 | because that's pointless. | |
85 | ||
86 | The `shamir issue' command writes one line for each share that it | |
87 | produces. I use this rune to split them into separate files. | |
88 | ||
89 | shamir issue 3/5 master | | |
90 | sed 's/^.*;i=\([^;]*\);/\1 &/' | | |
91 | while read i share; do | |
92 | echo $share >master.$i | |
93 | done | |
94 | ||
95 | You can recover the original secret by feeding shares, one per line, | |
96 | into `shamir recover'. All of the parameters are in the share data, | |
97 | so you don't need to know any of them. (I used the defaults anyway, | |
98 | since I carefully chose them to match what I wanted.) | |
99 | ||
100 | A share line has the following format: | |
101 | ||
102 | shamir-share:KEY=VALUE;KEY=VALUE;... | |
103 | ||
104 | where the following keys are defined (they must appear in this order): | |
105 | ||
106 | * n = total number of shares issued; | |
107 | * t = threshold (i.e., number of shares needed for recovery); | |
108 | * f = hash function name (an OpenSSL name, e.g., `sha256'); | |
109 | * h = base-64 encoded hash of the secret (using hash function `f'); | |
110 | * i = index of this share (starting from 0); and | |
111 | * y = base-64 share data. | |
112 | ||
113 | You can turn such a file of such lines into files suitable for | |
114 | `gfcombine' like this: | |
115 | ||
116 | sed 's/^.*;i=\(.*\);y=\(.*\)$/\1 \2/' | | |
117 | while read i sh; do | |
118 | ix=$(printf %03d $((i + 1))) | |
119 | echo $sh | openssl base64 -d >tmp/share.$ix | |
120 | done |