{"id":13409469,"url":"https://github.com/stcarrez/ada-keystore","last_synced_at":"2025-03-04T21:29:00.973Z","repository":{"id":55150245,"uuid":"185473943","full_name":"stcarrez/ada-keystore","owner":"stcarrez","description":"Ada Keystore - protect your sensitive data with secure storage","archived":false,"fork":false,"pushed_at":"2024-09-08T16:45:57.000Z","size":5729,"stargazers_count":31,"open_issues_count":2,"forks_count":4,"subscribers_count":5,"default_branch":"master","last_synced_at":"2024-09-09T17:10:07.390Z","etag":null,"topics":["keystore","secure-storage","security-tools"],"latest_commit_sha":null,"homepage":"","language":"Ada","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/stcarrez.png","metadata":{"files":{"readme":"README.md","changelog":"NEWS.md","contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-05-07T20:33:25.000Z","updated_at":"2024-09-08T16:46:00.000Z","dependencies_parsed_at":"2024-10-26T04:53:29.563Z","dependency_job_id":"23488196-09a5-4cca-b213-87c06acf1ae7","html_url":"https://github.com/stcarrez/ada-keystore","commit_stats":null,"previous_names":[],"tags_count":13,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stcarrez%2Fada-keystore","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stcarrez%2Fada-keystore/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stcarrez%2Fada-keystore/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stcarrez%2Fada-keystore/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/stcarrez","download_url":"https://codeload.github.com/stcarrez/ada-keystore/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":241924443,"owners_count":20043217,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["keystore","secure-storage","security-tools"],"created_at":"2024-07-30T20:01:01.128Z","updated_at":"2025-03-04T21:29:00.952Z","avatar_url":"https://github.com/stcarrez.png","language":"Ada","funding_links":[],"categories":["Tools"],"sub_categories":["Encryption"],"readme":"# Ada Keystore\n\n[![Alire](https://img.shields.io/endpoint?url=https://alire.ada.dev/badges/keystoreada.json)](https://alire.ada.dev/crates/keystoreada)\n[![Build Status](https://img.shields.io/endpoint?url=https://porion.vacs.fr/porion/api/v1/projects/ada-keystore/badges/build.json)](https://porion.vacs.fr/porion/projects/view/ada-keystore/summary)\n[![Test Status](https://img.shields.io/endpoint?url=https://porion.vacs.fr/porion/api/v1/projects/ada-keystore/badges/tests.json)](https://porion.vacs.fr/porion/projects/view/ada-keystore/xunits)\n[![Coverage](https://img.shields.io/endpoint?url=https://porion.vacs.fr/porion/api/v1/projects/ada-keystore/badges/coverage.json)](https://porion.vacs.fr/porion/projects/view/ada-keystore/summary)\n[![Documentation Status](https://readthedocs.org/projects/ada-keystore/badge/?version=latest)](https://ada-keystore.readthedocs.io/en/latest/?badge=latest)\n[![Download](https://img.shields.io/badge/download-1.4.0-brightgreen.svg)](http://download.vacs.fr/ada-keystore/ada-keystore-1.4.0.tar.gz)\n[![License](http://img.shields.io/badge/license-APACHE2-blue.svg)](LICENSE)\n[![Commits](https://img.shields.io/github/commits-since/stcarrez/ada-keystore/1.4.0.svg)](Commits)\n[![GitLab](https://img.shields.io/badge/repo-GitLab-6C488A.svg)](https://gitlab.com/stcarrez/ada-keystore)\n[![semver](https://img.shields.io/badge/semver-2.0.0-blue.svg?cacheSeconds=2592000)](https://semver.org/)\n\n# TL;DR\n\nAKT is a tool to store and protect your sensitive information and documents by\nencrypting them in secure keystore (AES-256, HMAC-256).\n\nCreate the keystore and protect it with a gpg public key:\n```\n   akt create secure.akt --gpg \u003ckeyid\u003e ...\n```\n\nStore a small content:\n```\n   akt set secure.akt bank.password 012345\n```\n\nStore files, directory or a tar file:\n```\n   akt store secure.akt notes.txt\n   akt store secure.akt contract.doc\n   akt store secure.akt directory\n   tar czf - . | akt store secure.akt -- backup\n```\n\nEdit a content with your $EDITOR:\n```\n   akt edit secure.akt bank.password\n   akt edit secure.akt notes.txt\n```\n\nGet a content:\n```\n   akt get secure.akt bank.password\n   akt extract secure.akt contract.doc\n   akt extract secure.akt -- backup | tar xzf -\n```\n\nMount the keystore:\n```\n   akt mount secure.akt /mnt\n   # access the keystore content in /mnt\n   umount /mnt\n```\n\nStore a new OTP secret:\n```\n   akt otp secure.akt otpauth://totp/GitHub:...\n```\n\nGenerate the TOTP code:\n```\n   akt otp secure.akt GitHub\n```\n\n## Version 1.4.1 - Sep 2024\n  - Cleanup build environment to drop configure\n  - Fix #21: list command limit 50\n  - Fix #24: Cannot add a GPG user on a keystore having a password\n\n[List all versions](https://gitlab.com/stcarrez/ada-keystore/blob/master/NEWS.md)\n\n# Overview\n\nAda Keystore is a tool and library to store information in secure wallets\nand protect the stored information by encrypting the content.\nIt is necessary to know one of the wallet password to access its content.\nAda Keystore can be used to safely store passwords, credentials,\nbank accounts and even documents.\n\nWallets are protected by a master key using AES-256 and the wallet\nmaster key is protected by a user password.\nThe wallet defines up to 7 slots that identify\na password key that is able to unlock the master key.  To open a wallet,\nit is necessary to unlock one of these 7 slots by providing the correct\npassword.  Wallet key slots are protected by the user's password\nand the PBKDF2-HMAC-256 algorithm, a random salt, a random counter\nand they are encrypted using AES-256.\n\nValues stored in the wallet are protected by their own encryption keys\nusing AES-256.  A wallet can contain another wallet which is then\nprotected by its own encryption keys and passwords (with 7 independent slots).\nBecause the child wallet has its own master key, it is necessary to known\nthe primary password and the child password to unlock the parent wallet\nfirst and then the child wallet.\n\n![AKT Overview](https://gitlab.com/stcarrez/ada-keystore/wiki/images/akt-overview.png)\n\nThe data is organized in blocks of 4K whose primary content is encrypted\neither by the wallet master key or by the entry keys.  The data block is\nsigned by using HMAC-256.  A data block can contain several values but\neach of them is protected by its own encryption key.  Each value is also\nsigned using HMAC-256.\n\nThe tool is able to separate the data blocks from the keys and use\na specific file to keep track of keys and one or several files for\nthe data blocks.  When data blocks are separate from the keys, it is\npossible to copy the data files on other storages without exposing\nany key used for encryption.  The data storage files use the `.dkt`\nextension and they are activated by using the `-d data-path` option.\n\n# Using Ada Keystore Tool\n\nThe `akt` tool is the command line tool that manages the wallet.\nIt provides the following commands:\n\n* `config`:   setup some global configuration\n* `create`:   create the keystore\n* `edit`:     edit the value with an external editor\n* `extract`:  get a value from the keystore\n* `genkey`:   generate or manage named keys\n* `get`:      get a value from the keystore\n* `help`:     print some help\n* `info`:     print information about the keystore\n* `list`:     list values of the keystore\n* `mount`:    mount the keystore on the filesystem for a direct access\n* `otp`:      generate a one time password or manage OATH secrets\n* `password-add`:      add a password\n* `password-remove`:   remove a password\n* `password-set`:      change the password\n* `remove`:   remove values from the keystore\n* `set`:      insert or update a value in the keystore\n* `store`:    insert or update a value in the keystore\n\n## Simple usage\n\nTo create the secure file, use the following command and enter\nyour secure password (it is recommended to use a long and complex password):\n\n```\n   akt create secure.akt\n```\n\nAt this step, the secure file is created and it can only be opened\nby providing the password you entered.  To add something, use:\n\n```\n   akt set secure.akt bank.password 012345\n```\n\nTo store a file, use the following command:\n```\n   akt store secure.akt contract.doc\n```\n\nIf you want to retrieve a value, you can use one of:\n```\n   akt get secure.akt bank.password\n   akt extract secure.akt contract.doc\n```\n\nThe `store` and `extract` commands are intended to be used to store\nand extract files produced by other tools such at\n.IR tar (1).  For example, the output produced by\n.I tar\ncan be stored using the following command:\n\n```\n   tar czf - . | akt store secure.akt -- backup.tar.gz\n```\n\nAnd it can be extracted by using the following command:\n\n```\n   akt extract secure.akt -- backup.tar.gz | tar xzf -\n```\n\n## Advanced usage\n\nEven though the encryption keys are protected by a password,\nit is sometimes useful to avoid exposing them and keep them separate\nfrom the data blocks.  This is possible by using the `-d data-path`\noption when the keystore file is created.  When this option is used,\nthe data blocks are written in one or several storage files located\nin the directory.  To use this, create the keystore as follows:\n\n```\n   akt create secure.akt -d data\n```\n\nThen, you can do your backup by using:\n\n```\n   tar czf - . | akt store secure.akt -d data -- backup.tar.gz\n```\n\nThe tool will put in `secure.akt` all the encryption keys and it will\ncreate in the `data` directory the files that contain the data blocks.\nYou can then copy these data blocks on a backup server.  They don't contain\nany encryption key.  Because each 4K data block is encrypted by its own\nkey, it is necessary to know all the keys to be able to decrypt the full\ncontent.  The `secure.akt` file is the only content that contains\nencryption keys.\n\n## Using GPG to protect the keystore\n\nYou can use GPG to lock/unlock the keystore.  To do this, you have\nto use the `--gpg` option and giving your own GPG key identifier\n(or your user's name).\n\n```\n   akt create secure.akt -d data --gpg your-gpg-key-id\n```\n\nYou can also share the keystore with someone else provided you know\nand trust the foreign public key.  To do that, you can create the keystore\nand defined the GPG key for each user you want to share the keystore:\n\n```\n   akt create secure.akt -d data --gpg user1-key user2-key user3-key\n```\n\nTo unlock the keystore, GPG will use the private key.\n\n## Mounting the keystore on the filesystem\n\nThe keystore content can be mounted as a filesystem so that the\nencrypted content are directly available to existing application\nas regular files.  The `mount` command starts the fuse daemon\nand puts the command as a background fuse daemon to serve as\na fuse filesystem and make the content visible through the\nmount point.\n\n```\n   akt mount secure.akt /mnt\n```\n\nTo unmount the filesystem, you must use the `umount` command.\n\n```\n   umount /mnt\n```\n\nSometimes, you may have to force the umount by running:\n\n```\n   sudo umount /mnt\n```\n\n# AKT Debian Binaries\n\nUbuntu 22.04 and Debian 12 packages are available to help you install the `akt` command\nmore easily.  You can configure your Ubuntu system as follows:\n\n```\nwget -qO- https://apt.vacs.fr/apt.vacs.fr.gpg.asc | sudo tee /etc/apt/trusted.gpg.d/vacs_fr.asc\n# For Ubuntu 22.04, use:\nsudo add-apt-repository \"deb https://apt.vacs.fr/ubuntu-jammy jammy main\"\n# For Debian 12, use:\nsudo add-apt-repository \"deb https://apt.vacs.fr/debian-bookworm bookworm main\"\n```\n\nAnd then install the `akt` package:\n\n```\nsudo apt-get install akt\n```\n\n\n# Building Ada Keystore\n\nTo build the Ada Keystore you will need the GNAT Ada compiler as well\nas the [Alire](https://alire.ada.dev/) package manager.\n\n## Development Host Installation\n\n### Ubuntu\n\nInstall the following packages:\n```\nsudo apt-get install -y make gnat gprbuild git gnupg2 alr\n```\n\n### FreeBSD 13\n\nInstall the following packages:\n\n```\npkg install gmake gprbuild gnat12 git gnupg alire\n```\n\n### Windows\n\nGet the Alire package manager [Alire](https://alire.ada.dev/) site and install.\n\nInstall the following packages:\n\n```\npacman -S git\npacman -S make\npacman -S base-devel --needed\n```\n\n## Getting the sources\n\nYou should checkout the project with the following commands:\n\n```\ngit clone https://gitlab.com/stcarrez/ada-keystore.git\ncd ada-keystore\n```\n\n## Build\n\nBuild the application:\n```\n   make\n```\n\nAnd install it:\n```\n   make install\n```\n\n# Docker\n\nA docker image is available for those who want to try AKT without\ninstalling and building the required Ada packages.\nTo use the AKT docker image you can run the following commands:\n\n```\n   docker pull ciceron/akt\n   docker run -i -t --entrypoint /bin/bash ciceron/akt\n   root@...:/usr/src# akt create secure.akt\n   root@...:/usr/src# akt set secure.akt something some-secret\n   root@...:/usr/src# akt get secure.akt something\n```\n\nNote: another docker image `ciceron/ada-keystore` is also provided with `akt` as well as Ada Keystore and the GNAT compiler.\n\n# Documents\n\n* [Ada Keystore Guide](https://ada-keystore.readthedocs.io/en/latest/) [PDF](https://gitlab.com/stcarrez/ada-keystore/blob/master/docs/keystoreada-book.pdf)\n* Man page: [akt (1)](https://gitlab.com/stcarrez/ada-keystore/blob/master/docs/akt.md)\n\n# Presentations\n\n* [AKT un outil pour sécuriser vos données et documents sensibles](https://fr.slideshare.net/StephaneCarrez1/akt-un-outil-pour-scuriser-vos-donnes-et-documents-sensibles) Paris Open Source Summit 2019\n* [Protect Sensitive Data with Ada Keystore](https://fr.slideshare.net/StephaneCarrez1/protect-sensitive-data-with-ada-keystore) Ada devroom FOSDEM 2020\n\n\n# References\n\n* [RFC8018: PKCS #5: Password-Based Cryptography Specification Version 2.1](https://tools.ietf.org/html/rfc8018)\n* [Meltem Sönmez Turan, Elaine Barker, William Burr, and Lily Chen. \"NIST SP 800-132, Recommendation for Password-Based Key Derivation Part 1: Storage Applications\" (PDF). www.nist.gov.](https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-132.pdf)\n* [FIPS PUB 198-1, The Keyed-Hash Message Authentication Code (HMAC)](https://csrc.nist.gov/csrc/media/publications/fips/198/1/final/documents/fips-198-1_final.pdf)\n* [FIPS PUB 197, Advanced Encryption Standard (AES)](http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.197.pdf)\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fstcarrez%2Fada-keystore","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fstcarrez%2Fada-keystore","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fstcarrez%2Fada-keystore/lists"}