command

package

v0.0.0-...-6d2d128 Latest Latest Go to latest Published: Nov 7, 2017 License: GPL-3.0 Imports: 17 Imported by: 1

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/HouzuoGuo/cryptctl

Links

Open Source Insights

Documentation ¶

Overview ¶

Index ¶

Constants
func AutoOnlineUnlockFS(uuid string) error
func ClearPendingCommands() error
func ClientDaemon() error
func ConnectToKeyServer(caFile, certFile, keyFile, keyServer string) (client *keyserv.CryptClient, password string, err error)
func EditKey(uuid string) error
func EncryptFS() error
func EraseKey() error
func ExecutePendingCommand(client *keyserv.CryptClient, uuid string, cmd keydb.PendingCommand)
func InitKeyServer() error
func KeyRPCDaemon() error
func ListKeys() error
func ManOfflineUnlockFS() error
func ManOnlineUnlockFS() error
func OpenKeyDB(recordUUID string) (*keydb.DB, error)
func PromptForKeyServer() (sysconf *sys.Sysconfig, caFile, certFile, certKeyFile, host string, port int, ...)
func SendCommand() error
func ShowKey(uuid string) error
func UmountCryptDev(uuid string) string

Constants ¶

View Source

const (
	DEFUALT_ALIVE_TIMEOUT   = 3 * routine.REPORT_ALIVE_INTERVAL_SEC
	AUTO_UNLOCK_DAEMON      = "cryptctl-auto-unlock@"
	CLIENT_CONFIG_PATH      = "/etc/sysconfig/cryptctl-client"
	ONLINE_UNLOCK_RETRY_SEC = 24 * 3600
	MSG_ASK_HOSTNAME        = "Key server's host name"
	MSG_ASK_PORT            = "Key server's port number"
	MSG_ASK_CA              = "(Optional) PEM-encoded CA certificate of key server"
	MSG_ASK_CLIENT_CERT     = "If key server will validate client identity, enter path to PEM-encoded client certificate"
	MSG_ASK_CLIENT_CERT_KEY = "If key server will validate client identity, enter path to PEM-encoded client key"
	MSG_ASK_DIFF_HOST       = `` /* 222-byte string literal not displayed */

	MSG_ASK_SRC_DIR           = "Path of directory to be encrypted"
	MSG_ASK_ENC_DISK          = "Path of disk partition (/dev/sdXXX) that will hold the directory after encryption"
	MSG_ASK_MAX_ACTIVE        = "How many computers can use the encrypted disk simultaneously"
	MSG_ASK_ALIVE_TIMEOUT     = "If the key server does not hear from this computer for so many seconds, other computers will be allowed to use the key"
	MSG_ASK_KEYREC_PATH       = "Path of the key record"
	MSG_ASK_MOUNT             = "Where should the file system be mounted"
	MSG_ASK_MOUNT_OPT         = "Mount options (comma-separated)"
	MSG_ALIVE_TIMEOUT_ROUNDED = "The number of seconds has been rounded to %d.\n"
	MSG_ENC_SEQUENCE          = `` /* 372-byte string literal not displayed */

	MSG_E_CANCELLED           = "Operation is cancelled."
	MSG_E_SAVE_SYSCONF        = "Failed to save settings into %s - %v"
	MSG_ASK_PROCEED           = "Please double check the details and type Yes to proceed"
	MSG_E_READ_FILE           = "Failed to read file \"%s\" - %v"
	MSG_E_BAD_KEYREC          = "Failed to read record content (is the file damaged?) - %v"
	MSG_UNLOCK_IS_NOP         = "cryptctl is doing nothing because client configuration is empty"
	MSG_ERASE_UUID            = "UUID of the file system to erase"
	MSG_ERASE_UUID_AGAIN      = "Warning! Data on \"%s\" will be irreversibly lost, type the UUID once again to confirm"
	MSG_E_ERASE_UUID_MISMATCH = "UUID input does not match."
	MSG_E_ERASE_NO_CONF       = "The erase operation must contact key server in order to erase a key, but cryptctl configuration is empty."

	ClientDaemonService = "cryptctl-client"
)

View Source

const (
	SERVER_DAEMON      = "cryptctl-server"
	SERVER_CONFIG_PATH = "/etc/sysconfig/cryptctl-server"
	SERVER_GENTLS_PATH = "/etc/cryptctl/servertls"
	TIME_OUTPUT_FORMAT = "2006-01-02 15:04:05"
	MIN_PASSWORD_LEN   = 10

	PendingCommandMount  = "mount"  // PendingCommandMount is the content of a pending command that tells client computer to mount that disk.
	PendingCommandUmount = "umount" // PendingCommandUmount is the content of a pending command that tells client computer to umount that disk.
)

Variables ¶

This section is empty.

Functions ¶

func AutoOnlineUnlockFS ¶

func AutoOnlineUnlockFS(uuid string) error

Sub-command: contact key server to retrieve encryption key to unlock a single file system, then continuously send alive reports to server to indicate that computer is still holding onto the encrypted disk. Block caller until the program quits or server rejects this computer.

func ClearPendingCommands ¶

func ClearPendingCommands() error

ClearPendingCommands is a server routine that clears all pending commands in a database record.

func ClientDaemon ¶

func ClientDaemon() error

ClientDaemon runs the main routine of "client-daemon" sub-command. The routine primarily polls for pending commands and execute them.

func ConnectToKeyServer ¶

func ConnectToKeyServer(caFile, certFile, keyFile, keyServer string) (client *keyserv.CryptClient, password string, err error)

ConnectToKeyServer establishes a TCP connection to key server by interactively reading password from terminal, and then ping server via TCP to check connectivity and password. Returns initialised client.

func EditKey ¶

func EditKey(uuid string) error

Server - let user edit key details such as mount point and mount options

func EncryptFS ¶

func EncryptFS() error

CLI command: set up encryption on a file system using a randomly generated key and upload the key to key server.

func EraseKey ¶

func EraseKey() error

Sub-command: erase encryption headers for the encrypted disk, so that its content becomes irreversibly lost.

func ExecutePendingCommand ¶

func ExecutePendingCommand(client *keyserv.CryptClient, uuid string, cmd keydb.PendingCommand)

ExecutePendingCommand is called by client daemon to execute a freshly polled pending command. Execution result is logged into

func InitKeyServer ¶

func InitKeyServer() error

Server - complete the initial setup.

func KeyRPCDaemon ¶

func KeyRPCDaemon() error

Server - run key service daemon.

func ListKeys ¶

func ListKeys() error

Server - print all key records sorted according to last access.

func ManOfflineUnlockFS ¶

func ManOfflineUnlockFS() error

Sub-command: unlock a single file systems using a key record file.

func ManOnlineUnlockFS ¶

func ManOnlineUnlockFS() error

Sub-command: forcibly unlock all file systems that have their keys on a key server.

func OpenKeyDB ¶

func OpenKeyDB(recordUUID string) (*keydb.DB, error)

Open key database from the location specified in sysconfig file. If UUID is given, the database will only load a single record.

func PromptForKeyServer ¶

func PromptForKeyServer() (sysconf *sys.Sysconfig, caFile, certFile, certKeyFile, host string, port int, err error)

Prompt user to enter key server's CA file, host name, and port. Defaults are provided by existing configuration.

func SendCommand ¶

func SendCommand() error

SendCommand is a server routine that saves a new pending command to database record.

func ShowKey ¶

func ShowKey(uuid string) error

Server - show key record details but hide key content

func UmountCryptDev ¶

func UmountCryptDev(uuid string) string

UmountCryptDev un-mounts and closes the crypt block device associated with the block device specified in UUID. Returns human-readable result text.

Types ¶

This section is empty.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL