cbcontrol command [ args ]
cbcontrol is a process run as the super-user, that gets commands from a GUI program cryptobone and either relays these commands to an external Crypto Bone over an encrypted SSH link to a certain, fixed IP address or processes these commands itself, implementing a virtual Crypto Bone as a separate super-user process. The commands for the virtual and the external Crypto Bone are identical.
This process is also used internally to copy secret data from a freshly installed Crypto Bone SD card to the local computer.
A command is executed only if an authentication with a local secret has been successful. This local secret is stored in the Linux file system.
The authentication information is provided by the program /usr/lib/cryptobone/getlocalsecret and must match a stored hash of the local secret. If it doesn't, the Crypto Bone does nothing. Almost all commands make use of the encrypted data base of secrets, which is accessible only when the cryptobone daemon (/etc/init.d/cryptoboned) has been started at boot time. The communication between the cryptobone daemon and cbcontrol is possible using a socket.
These are the commands that can be sent to a Crypto Bone deamon through a socket:
- EMAIL STATUS IN
displays the status messages and error messages of the fetchmail program that polls an email address used for message exchange.
- EMAIL STATUS OUT
displays the local mail queue.
- KEY CHANGEEMAIL oldaddress newaddress
if oldaddress is in the data base, it is replaced by newaddress. The existing message keys will be used with the new email address.
- KEY CONTACT email
writes "yes" to stdout if a contact email address is registered already or "no" if not.
- KEY NEWSECRETS
writes three new initial secrets to stdout that are assigned to the contact names NN1, NN2 and NN3.
- KEY RECIPIENTLIST
writes a list of registered recipients to stdout.
- KEY RESET email
blocks a communication to the specified email contact address by assigning a new initial secret that is not known outside the data base. This prevents further communication and can only be revoked by using KEY USE email new_initial_secret.
- KEY USE email initialsecret
resets a formerly used contact email address to an initial value. This destroys all message keys currently in use for the contact email address. The only way to continue the conversation is for the contact person to do a reset with the same initial secret for your own email address, too.
- NETWORK STATUS CONNECT
shows the output of ifconfig for the ethernet adapter. Applies to the external Crypto Bone only.
- NETWORK STATUS FIREWALL
shows the status of the internal packet filter firewall. Applies to the external Crypto Bone only.
- NETWORK STATUS PING
checks the connection to a certain registered host on the internet to establish connectivity information.
perfoms a shutdown -h now on the external Crypto Bone. Applies to the external Crypto Bone only. The virtual cryptobone uses SYSTEM POWEROFF to destroy all other information in the RAM disk.
write "yes" to stdout if the initial graphical setup of a user's login name has been performed, or "no" if not.
- READ DESTROY messageid
deletes the message from the list and deletes it in the RAM disk.
- READ MESSAGE messageid
writes the specified base64-encoded message in plain text to stdout.
- READ MESSAGELIST
writes a list of message names to stdout.
Not yet implemented. If a reset is desired the admin user must call the reset script by hand.
- SETUP ID
writes the content of the user's email address (set by SETUP USER email) to stdout.
- SETUP USER username
sets the user name for an email address that can be used (by fetchmail) to exchange encrypted messages.
- SETUP SERVER servername
sets the server name for an email account that can be used (by fetchmail) to exchange encrypted messages.
- SETUP PASSWORD password
sets the password for the specified email account. This information is stored in the RAM disk and can only be read by the super-user.
- SETUP SHOW
writes all three pieces of information used to access an email account to stdin.
writes "active" to stdout if the masterkey is present or "waiting" if not.
- SYSTEM SUSPEND
blocks the use of the encrypted secrets data base by renaming the masterkey. Applies to the external Crypto Bone only.
- SYSTEM RESUME
enables the use of the encrypted secrets data base, if the masterkey was suspended. Applies to the external Crypto Bone only.
- SYSTEM POWEROFF
destroys all information stored in the RAM disk. Not used by the external Crypto Bone. It uses POWEROFF instead.
- SYSTEM RESTART
initialises the RAM disk similar to the boot process of an external Crypto Bone. This command is used only by the virtual Crypto Bone.
- WRITE email base64string
start the process of encrypting and sending the encrypted message to the specified email address after processing the base64-encoded plain text string. A message will only be sent out, if a message key for this email address is in the data base and if the message can be AES encrypted with this key successfully. Plain text messages are limited to 50000 bytes by the Crypto Bone daemon.
/usr/lib/cryptobone/cbcontrol /usr/lib/cryptobone/cbcontrol.functions /usr/lib/cryptobone/getlocalsecret /usr/lib/cryptobone/libclr.so.3.4.5 /usr/lib/cryptobone/secrets.sock /usr/lib/cryptobone/ssh.sock /usr/lib/cryptobone/database /usr/bin/cryptobone
cbcontrol has been written by Ralf Senderek <email@example.com>.
Of course there aren't bugs, but if you find any, please sent them to firstname.lastname@example.org.