cbcontrol man page

cbcontrol

Synopsis

cbcontrol command [ args ]

Description

cbcontrol is a process run as the super-user, that gets commands from a GUI program cryptobone and either relays these commands to an external Crypto Bone over an encrypted SSH link to a certain, fixed IP address or processes these commands itself, implementing a virtual Crypto Bone as a separate super-user process. The commands for the virtual and the external Crypto Bone are identical.

This process is also used internally to copy secret data from a freshly installed Crypto Bone SD card to the local computer.

Commands

A command is executed only if an authentication with a local secret has been successful. This local secret is stored in the Linux file system.

The authentication information is provided by the program /usr/lib/cryptobone/getlocalsecret and must match a stored hash of the local secret. If it doesn't, the Crypto Bone does nothing. Almost all commands make use of the encrypted data base of secrets, which is accessible only when the cryptobone daemon (/etc/init.d/cryptoboned) has been started at boot time. The communication between the cryptobone daemon and cbcontrol is possible using a socket.

These are the commands that can be sent to a Crypto Bone deamon through a socket:

EMAIL STATUS IN

displays the status messages and error messages of the fetchmail program that polls an email address used for message exchange.

EMAIL STATUS OUT

displays the local mail queue.

KEY CHANGEEMAIL oldaddress newaddress

if oldaddress is in the data base, it is replaced by newaddress. The existing message keys will be used with the new email address.

KEY CONTACT email

writes "yes" to stdout if a contact email address is registered already or "no" if not.

KEY NEWSECRETS

writes three new initial secrets to stdout that are assigned to the contact names NN1, NN2 and NN3.

KEY RECIPIENTLIST

writes a list of registered recipients to stdout.

KEY RESET email

blocks a communication to the specified email contact address by assigning a new initial secret that is not known outside the data base. This prevents further communication and can only be revoked by using KEY USE email new_initial_secret.

KEY USE email initialsecret

resets a formerly used contact email address to an initial value. This destroys all message keys currently in use for the contact email address. The only way to continue the conversation is for the contact person to do a reset with the same initial secret for your own email address, too.

NETWORK STATUS CONNECT

shows the output of ifconfig for the ethernet adapter. Applies to the external Crypto Bone only.

NETWORK STATUS FIREWALL

shows the status of the internal packet filter firewall. Applies to the external Crypto Bone only.

NETWORK STATUS PING

checks the connection to a certain registered host on the internet to establish connectivity  information.

POWEROFF

perfoms a shutdown -h now on the external Crypto Bone.  Applies to the external Crypto Bone only. The virtual cryptobone uses SYSTEM POWEROFF to destroy all other information in the RAM disk.

OWNED

write "yes" to stdout if the initial graphical setup of a user's login name has been performed, or "no" if not.

READ DESTROY messageid

deletes the message from the list and deletes it in the RAM disk.

READ MESSAGE messageid

writes the specified base64-encoded message in plain text to stdout.

READ MESSAGELIST

writes a list of message names to stdout.

RESET

Not yet implemented. If a reset is desired the admin user must call the reset script by hand.

SETUP ID

writes the content of the user's email address (set by SETUP USER email) to stdout.

SETUP USER username

sets the user name for an email address that can be used (by fetchmail) to exchange encrypted  messages.

SETUP SERVER servername

sets the server name for an email account that can be used (by fetchmail) to exchange encrypted  messages.

SETUP PASSWORD password

sets the password for the specified email account. This information is stored in the RAM disk and can only be read by the super-user.

SETUP SHOW

writes all three pieces of information used to access an email account to stdin.

STATUS

writes "active" to stdout if the masterkey is present or "waiting" if not.

SYSTEM SUSPEND

blocks the use of the encrypted secrets data base by renaming the masterkey. Applies to the external Crypto Bone only.

SYSTEM RESUME

enables the use of the encrypted secrets data base, if the masterkey was suspended. Applies to the external Crypto Bone only.

SYSTEM POWEROFF

destroys all information stored in the RAM disk. Not used by the external Crypto Bone. It uses POWEROFF instead.

SYSTEM RESTART

initialises the RAM disk similar to the boot process of an external Crypto Bone. This command is used only by the virtual Crypto Bone.

WRITE email base64string

start the process of encrypting and sending the encrypted message to the specified  email address after processing the base64-encoded plain text string. A message will only be sent out, if a message key for this email address is in the data base and if the message can be AES encrypted with this key successfully. Plain text messages are limited to 50000 bytes by the Crypto Bone daemon.

Files

/usr/lib/cryptobone/cbcontrol
/usr/lib/cryptobone/cbcontrol.functions
/usr/lib/cryptobone/getlocalsecret
/usr/lib/cryptobone/libclr.so.3.4.3
/usr/lib/cryptobone/secrets.sock
/usr/lib/cryptobone/ssh.sock
/usr/lib/cryptobone/database
/usr/bin/cryptobone

See Also

libclr(3), cryptoboned(8)

Authors

cbcontrol has been written by Ralf Senderek <innovation@senderek.ie>.

Bugs

Of course there aren't bugs, but if you find any, please sent them to innovation@senderek.ie.

Referenced By

activate-cryptobone(8), cryptoboned(8).

Ralf Senderek