https://github.com/esno/rluksd

luks decryption daemon
https://github.com/esno/rluksd

decryption libcryptsetup libssl luks remote-decryption udp

Last synced: about 1 year ago
JSON representation

luks decryption daemon

• Host: GitHub
• URL: https://github.com/esno/rluksd
• Owner: esno
• License: mit
• Created: 2017-09-27T18:22:08.000Z (over 8 years ago)
• Default Branch: master
• Last Pushed: 2021-01-18T21:56:40.000Z (over 5 years ago)
• Last Synced: 2025-01-09T05:51:20.756Z (over 1 year ago)
• Topics: decryption, libcryptsetup, libssl, luks, remote-decryption, udp
• Language: C
• Homepage: https://matthiashauber.de/Software/rluksd/
• Size: 49.8 KB
• Stars: 0
• Watchers: 1
• Forks: 0
• Open Issues: 1
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# rLUKSd

rLUKSd is written to control luks (linux unified key setup) containers remotely.

It uses udp datagrams to make it harder for network scanners to detect an internet

facing system.

It's running completely in silent mode. That means it's waiting for authentication

messages containing a valid signature. After the message signature verification,

a random key for symmetric encryption/decryption will be generated and send to the client.

The shared secret will be encrypted by an asymmetric encryption using the same public key

as for signature verification.

After a succcessful key exchange the client is allowed to request information about the state

of luks containers and can send a key to decrypt one of them.

rluksd provides a lean way to secure your data on remote machines like servers hosted in any kind

of datacenter. It's designed to prevent opening ssh for the public and aimes to use as less

dependencies as possible.

Last but not least the whole rluksd setup is shipped in two separated binaries to ensure

that only the part that requires root privileges runs as root. The network communication

can be done in an unprivileged user context.

## Benefits

* each peer has it's own shared secret

* package replay protection by using nonce for authentication

* no broadcasting (it only responds to authenticated peers when they requesting something

* privilege separation

* less dependencies

## Build

    git clone https://github.com/esno/rluksd.git

    mkdir build; cd build

    cmake .. && make

## Components

### luksd

luksd is the container management daemon. It opens an `unix socket` and waits for incoming requests.

It is a seperate daemon to avoid running an application as root that will be available through the

internet.

#### usage

    ./luksd   []