{"id":17180556,"url":"https://github.com/houzuoguo/cryptctl","last_synced_at":"2025-04-13T17:13:00.834Z","repository":{"id":57523150,"uuid":"74960937","full_name":"HouzuoGuo/cryptctl","owner":"HouzuoGuo","description":"A disk encryption utility that helps setting up LUKS-based disk encryption using randomly generated keys, and keeps all keys on a dedicated key server.","archived":false,"fork":false,"pushed_at":"2017-11-07T07:43:53.000Z","size":184,"stargazers_count":27,"open_issues_count":1,"forks_count":4,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-04-13T17:12:57.874Z","etag":null,"topics":["disk-encryption","encryption","go","golang","linux","luks","os","security"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/HouzuoGuo.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2016-11-28T10:13:51.000Z","updated_at":"2024-12-29T11:43:15.000Z","dependencies_parsed_at":"2022-08-28T11:20:59.126Z","dependency_job_id":null,"html_url":"https://github.com/HouzuoGuo/cryptctl","commit_stats":null,"previous_names":[],"tags_count":6,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/HouzuoGuo%2Fcryptctl","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/HouzuoGuo%2Fcryptctl/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/HouzuoGuo%2Fcryptctl/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/HouzuoGuo%2Fcryptctl/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/HouzuoGuo","download_url":"https://codeload.github.com/HouzuoGuo/cryptctl/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248750126,"owners_count":21155687,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["disk-encryption","encryption","go","golang","linux","luks","os","security"],"created_at":"2024-10-15T00:29:52.126Z","updated_at":"2025-04-13T17:13:00.814Z","avatar_url":"https://github.com/HouzuoGuo.png","language":"Go","readme":"# cryptctl\ncryptctl is a utility for setting up disk encryption using the popular well-established LUKS method. It generates random\nnumbers to use as encryption keys, and safely keep the keys on a centralised key server. It can encrypt arbitrary\ndirectories into encrypted disk partitions.\n\nThe key server stores all encryption keys in a database directory (by default /var/lib/cryptctl/keydb) and serves the\nkeys via an RPC protocol over TCP (by default on port 3737) to client computers. The key server is the central component\nof encryption setup, hence it must be deployed with extra physical/network security measures; regular backup of the key\ndatabase must be carried out to ensure its availability. Communication between key server and client computers is\nprotected by TLS via a certificate, and authorised via a password specified by the system administrator during key\nserver's initial setup.\n\nThe encryption routine sets up encrypted file systems using using aes-xts-plain64 cipher, with a fixed-size (512-bit)\nkey generated from cryptography random pool. Encrypted directories will always be mounted automatically upon system boot\nby retrieving their encryption keys from key server automatically; this operation tolerates temporary network failure or\nkey server down time by making continuous attempts until success, for maximum of 24 hours.\n\nThe system administrator can define an upper limit number of computers that can get hold of a key simultaneously. After\na client computer successfully retrieves a key, it will keep reporting back to key server that it is online, and the\nkey server closely tracks its IP, host name, and timestamp, in order to determine number of computers actively using\nthe key; if the upper limit number of computers is reached, the key will no longer be handed out automatically; system\nadministrator can always retrieve encryption keys by using key server's access password.\n\ncryptctl can optionally utilise an external key management appliance that understands KMIP v1.3 to store the actual disk\nencryption keys. Should you choose to use the external appliance, you may enter KMIP connectivity details such as host\nname, port, certificate, and user credentials during server initialisation sequence. If you do not wish to use the\nexternal appliance, cryptctl will store encryption keys in its own database.\n\nTo experiment with cryptctl features, you may temporary deploy both key server and encrypted partition on the same\ncomputer; keep in mind that doing defeats the objective of separating key data from encrypted data, therefore always\ndeploy key server stand-alone in QA and production scenarios.\n\ncryptctl is commercially supported by \"SUSE Linux Enterprise Server For SAP Applications\".\n\n## Usage\nBuild cryptctl with go 1.8 or newer versions. It solely depends on Go standard library, no 3rd party library is used.\n\nInstall cryptctl binary along with configuration files and systemd services from `ospackage/` directory to both key\nserver and client computers. Then, please carefully read the manual page `ospackage/man/cryptctl.8` for setup and usage\ninstructions. \n\n## RPM package\nA ready made RPM spec file and RPM package can be found here:\nhttps://build.opensuse.org/package/show/security/cryptctl\n\n## License\ncryptctl is an open source free software, you may redistribute it and/or modify it under the terms of the GNU General\nPublic License version 3 as published by the Free Software Foundation.\n\nSee `LICENSE` file for the complete licensing terms and conditions.","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhouzuoguo%2Fcryptctl","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhouzuoguo%2Fcryptctl","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhouzuoguo%2Fcryptctl/lists"}