cryptoboned is used to store the message keys and other secret information for use by the Crypto Bone control program. While the encrypted data base is stored in the Linux file system, the master key which is necessary to decrypt this secret information will be read during the boot process and stored in memory only.
While the machine is booting the daemon has access to an encrypted file system in which the master key is stored for a short time of 120 seconds. Once the master key has been read, this file system will be unmounted and a new one will be mounted in the same place. From this point in time the master key is now active in the daemon's main memory and is not visible in the system's file system. This raises the bar for an attacker to compromise the master key, because it will be necessary to issue commands in a root shell to recover the unmounted, encrypted file system instead of plain read access to a file.
After the boot process has finished, a restart of the daemon is no longer possible. This is to further protect the master key while the daemon is running for normal operations.
While the daemon is running, it communicates with the cbcontrol program via a socket that is accessible to root only. The daemon checks, whether or not the process trying to communicate is /usr/lib/cryptobone/cbcontrol or not. It will stop all communications if the request originates from a different program.
Processes like encryption or decryption that require secrets are done inside the cryptobone daemon, so that the results can be transferred through the socket. All communications between a legitimate cbcontrol program - that has been invoked by the graphical user interface - resembles the communication between an external crypto bone and the control program.
The maximum size of the information stored in the encrypted data base is 250000 bytes.
The cryptobone daemon responses to the following commands that can be sent through the socket:
Prints a list of all keys that are used to store secret values.
- check pathname
Analyses the encryption method of a PGP-encrypted file. Prints "AES encrypted data" if AES is used.
- decrypt pathname.asc password
Attempts to decrypt a PGP-encrypted file with the password and stores the plain text in a file without the extension "asc".
- encrypt base64string password
PGP-encrypts the base64-decoded plaintext with the password using AES and stores the result in the file "/usr/lib/cryptobone/cryptobone/encryptedmessage.asc". The password must be greater than 19 and less than 65 characters. Plain text messages are limited to 50000 characters.
- get-element key
Prints the value of the secret stored under the key in the secrets data base.
Creates the secrets database if it does not already exist. Does not overwrite an existing data base.
- remove key
Destroys the secret value stored under the key in the data base.
- replace key new_value
Replaces the stored value with a new value. If the key is not already used, the value is created under the key.
- write key value
Creates a new entry in the data base. Does not overwrite an existing value stored under the key.
/usr/lib/cryptobone/cryptoboned /usr/lib/cryptobone/database /usr/lib/cryptobone/libclr.so.3.4.5 /etc/init.d/cryptoboned /etc/systemd/system/cryptoboned.service
cryptoboned has been written by Ralf Senderek <email@example.com>. The core cryptographic library libclr.so which is used by cryptoboned has been written by Peter Gutmann <firstname.lastname@example.org>.
Of course there aren't bugs, but if you find any, please sent them to email@example.com.
cbcontrol(8), cryptobone(8), external-cryptobone-admin(8).