{"id":14483413,"url":"https://github.com/keysas-fr/keysas","last_synced_at":"2025-08-30T04:30:40.593Z","repository":{"id":86699014,"uuid":"589907362","full_name":"keysas-fr/keysas","owner":"keysas-fr","description":"USB virus cleaning station/gateway","archived":false,"fork":false,"pushed_at":"2025-08-07T07:26:30.000Z","size":10058,"stargazers_count":54,"open_issues_count":1,"forks_count":3,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-08-07T09:25:19.115Z","etag":null,"topics":["audit","filtering","gateway","rust","security","usb","yara"],"latest_commit_sha":null,"homepage":"https://keysas-fr.github.io/keysas/","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/keysas-fr.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":"AUTHORS","dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2023-01-17T08:16:37.000Z","updated_at":"2025-08-01T08:05:26.000Z","dependencies_parsed_at":"2023-12-12T11:37:30.548Z","dependency_job_id":"317327a1-93da-4da7-ae7f-28f1f5577f9b","html_url":"https://github.com/keysas-fr/keysas","commit_stats":null,"previous_names":["keysas-fr/keysas"],"tags_count":7,"template":false,"template_full_name":null,"purl":"pkg:github/keysas-fr/keysas","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/keysas-fr%2Fkeysas","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/keysas-fr%2Fkeysas/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/keysas-fr%2Fkeysas/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/keysas-fr%2Fkeysas/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/keysas-fr","download_url":"https://codeload.github.com/keysas-fr/keysas/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/keysas-fr%2Fkeysas/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":272805293,"owners_count":24995909,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-30T02:00:09.474Z","response_time":77,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["audit","filtering","gateway","rust","security","usb","yara"],"created_at":"2024-09-03T00:01:44.385Z","updated_at":"2025-08-30T04:30:40.578Z","avatar_url":"https://github.com/keysas-fr.png","language":"Rust","funding_links":[],"categories":["Rust"],"sub_categories":[],"readme":"\u003cdiv align=\"center\"\u003e\n\u003cimg  src =\"img/logo-keysas-github.png\"  alt=\"Keysas\"  width=300px/\u003e\n\u003c/div\u003e\n\n# USB virus cleaning station\n\n# 🚀 Main Features\n\n- **File Retrieval**\n  - From unsigned/untrusted USB keys (via **keysas-io**)\n  - From remote network sources\n\n- **Multi-layer File Scanning**\n  - ClamAV antivirus integration\n  - YARA rules parsing\n  - File extension, type and size checks\n\n- **Digital Signatures**\n  - All scanned files and USB devices can be signed\n  - Uses **hybrid post-quantum signature** (Ed25519 + ML-DSA-87)\n  - Private keys stored in PKCS#8 format\n  - Certificates issued and managed by **keysas-admin** internal PKI\n  - Each verified file gets a **.krp** report\n\n- **Authentication**\n  - Support for user authentication using YubiKey 5 (via **keysas-fido**)\n\n---\n\n# 🔒 Security\n  This project underwent a **professional security audit** conducted by [Amossys](https://www.amossys.fr/) an external company specialized in cybersecurity. \n  \n  Since this audit, all security patches have been applied to the current v2.6. See SECURITY.md for more information.\n\n---\n\n# Keysas-core\n\n## 🧱 Architecture Overview\n\n\u003cdiv align=\"center\"\u003e\n\u003cimg  src =\"img/keysas-core-architecture.png\"  alt=\"keysas-core architecture\"  width=900px/\u003e\n\u003c/div\u003e\n\n\n- Daemons communicate via **abstract sockets** and **raw file descriptors** (Linux only)\n- Each daemon adds **metadata** and passes the file to the next\n- The last daemon (`keysas-out`) determines if the file is accepted and writes it to the output directory (`sas_out`)\n- A detailed **report** is generated for every file\n\n\n## 🔒 Daemons Security Hardening\n\n- Run as **unprivileged users**\n- Isolated using:\n  - **Systemd** security drop-in\n  - **Landlock** sandbox\n  - **Seccomp** filters (x86_64 \u0026 aarch64)\n\n---\n\n## 🧩 Project Components\n\n| Name             | Description |\n|------------------|-------------|\n| **keysas-core**     | Core daemon pipeline for file scanning and report generation |\n| **keysas-io**       | Monitors USB device insertions and verifies signatures (via `udev`) |\n| **keysas-admin**    | Desktop GUI (Tauri) to manage devices, issue certificates and sign USB keys |\n| **keysas-sign**     | CLI tool to import PEM certificates and manage signatures |\n| **keysas-fido**     | CLI tool for managing YubiKey 5 user enrollment |\n| **keysas-backend**  | WebSocket backend providing data to frontend |\n| **keysas-frontend** | Read-only Vue.js interface for end-users |\n| **keysas-firewall** | (WIP) Windows app to verify file origin from a Keysas station |\n\n---\n\n## Build \u0026\u0026 Installation\n\n\n### 🐧 On Debian stable (Bookwoom only):\n\n```bash\nsudo apt -qy install -y libyara-dev libyara9 wget cmake make lsb-release software-properties-common libseccomp-dev clamav-daemon clamav-freshclam pkg-config git bash libudev-dev libwebkit2gtk-4.0-dev build-essential curl wget libssl-dev libgtk-3-dev libayatana-appindicator3-dev librsvg2-dev acl xinit sudo \nsudo bash -c \"$(wget -O - https://apt.llvm.org/llvm.sh)\"\ncurl https://sh.rustup.rs -sSf | sh -s -- --default-toolchain nightly -y\nsource \"$HOME/.cargo/env\"\ngit clone --depth=1 https://github.com/keysas-fr/keysas \u0026\u0026 cd keysas\nrustup default nightly\nmake help\nmake build\nsudo make install\n```\n\n\n### 🐧 On Debian Trixie:\n\n\nInstall ```libyara10``` and ```libwebkit2gtk-4.1-dev``` instead\n\n---\n\n## User documentation \u0026 SBOMs\n\nLatest versions of:\n\n    User Documentation\n\n    Software Bill of Materials (SBOMs)\n\n...are auto-generated via GitHub Actions and available here: [https://keysas-fr.github.io/keysas/](https://keysas-fr.github.io/keysas/)\n\n---\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkeysas-fr%2Fkeysas","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkeysas-fr%2Fkeysas","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkeysas-fr%2Fkeysas/lists"}