{"id":24057767,"url":"https://github.com/esno/rluksd","last_synced_at":"2025-02-26T12:46:15.649Z","repository":{"id":142321242,"uuid":"105053655","full_name":"esno/rluksd","owner":"esno","description":"luks decryption daemon","archived":false,"fork":false,"pushed_at":"2021-01-18T21:56:40.000Z","size":51,"stargazers_count":0,"open_issues_count":1,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-01-09T05:51:20.756Z","etag":null,"topics":["decryption","libcryptsetup","libssl","luks","remote-decryption","udp"],"latest_commit_sha":null,"homepage":"https://matthiashauber.de/Software/rluksd/","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/esno.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-09-27T18:22:08.000Z","updated_at":"2021-10-02T22:34:29.000Z","dependencies_parsed_at":null,"dependency_job_id":"543c4505-9667-4d7b-83dc-68380d554cb8","html_url":"https://github.com/esno/rluksd","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/esno%2Frluksd","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/esno%2Frluksd/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/esno%2Frluksd/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/esno%2Frluksd/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/esno","download_url":"https://codeload.github.com/esno/rluksd/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":240858573,"owners_count":19868998,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["decryption","libcryptsetup","libssl","luks","remote-decryption","udp"],"created_at":"2025-01-09T05:50:51.690Z","updated_at":"2025-02-26T12:46:15.612Z","avatar_url":"https://github.com/esno.png","language":"C","readme":"# rLUKSd\n\nrLUKSd is written to control luks (linux unified key setup) containers remotely.\nIt uses udp datagrams to make it harder for network scanners to detect an internet\nfacing system.\n\nIt's running completely in silent mode. That means it's waiting for authentication\nmessages containing a valid signature. After the message signature verification,\na random key for symmetric encryption/decryption will be generated and send to the client.\nThe shared secret will be encrypted by an asymmetric encryption using the same public key\nas for signature verification.\n\nAfter a succcessful key exchange the client is allowed to request information about the state\nof luks containers and can send a key to decrypt one of them.\n\nrluksd provides a lean way to secure your data on remote machines like servers hosted in any kind\nof datacenter. It's designed to prevent opening ssh for the public and aimes to use as less\ndependencies as possible.\n\nLast but not least the whole rluksd setup is shipped in two separated binaries to ensure\nthat only the part that requires root privileges runs as root. The network communication\ncan be done in an unprivileged user context.\n\n## Benefits\n\n* each peer has it's own shared secret\n* package replay protection by using nonce for authentication\n* no broadcasting (it only responds to authenticated peers when they requesting something\n* privilege separation\n* less dependencies\n\n## Build\n\n    git clone https://github.com/esno/rluksd.git\n    mkdir build; cd build\n    cmake .. \u0026\u0026 make\n\n## Components\n\n### luksd\n\nluksd is the container management daemon. It opens an `unix socket` and waits for incoming requests.\nIt is a seperate daemon to avoid running an application as root that will be available through the\ninternet.\n\n#### usage\n\n    ./luksd \u003csocketOwner\u003e \u003csocketGroup\u003e [\u003csocket\u003e]\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fesno%2Frluksd","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fesno%2Frluksd","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fesno%2Frluksd/lists"}