Changes between Initial Version and Version 1 of zcrypt


Ignore:
Timestamp:
May 8, 2010, 1:34:13 PM (12 years ago)
Author:
nelhage@mit.edu
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • zcrypt

    v1 v1  
     1= Encrypted Zephyr classes =
     2
     3BarnOwl contains support for encrypting traffic to Zephyr classes,
     4based on a modified version of the `zcrypt` program by Philip
     5Lisiecki.
     6
     7== Using zcrypt ==
     8
     9If the `zcrypt` variable in BarnOwl is enabled, BarnOwl will
     10automatically attempt to decrypt zephyrs received with the opcode
     11`crypt`.
     12
     13To send encrypted zephyrs, use the `zcrypt` command, which behaves
     14identically to the `zwrite` command, except that it encrypts the
     15bodies of outgoing zephyrs.
     16
     17== The zcrypt key file ==
     18
     19In order to determine the key to use to encrypt zephyrs, BarnOwl uses
     20the file "$HOME/.crypt-table".  This table contains class-level and
     21instance-level key file information.  The file may also contain a
     22default key file for all classes/instances that have no key file
     23explicitly defined.  Note that an entry with the instance defined
     24takes precendence over one without the class.  Here is a sample
     25`.crypt-table`:
     26
     27{{{
     28     crypt-xxx: AES: /afs/athena/user/n/e/nelhage/keys/key-xxx
     29     crypt-yyy: /afs/athena/user/n/e/nelhage/keys/key-yyy
     30     crypt-yyy-123: /tmp/yyy123.key
     31     crypt-default: /afs/athena/user/n/e/nelhage/Public/testkey
     32}}}
     33
     34This `.crypt-table` will use `keys/key-xxx` for class `xxx`, using AES
     35encryption via GPG.
     36
     37Class `yyy` will use the `key-yyy` key, unless the instance is "123",
     38in which case, the key file will be "/tmp/yyy123.key".  If none of
     39these conditions are met, zcrypt will use the default key file,
     40`Public/testkey`.
     41
     42== AES encryption ==
     43
     44By default, for backwards-compatibility, BarnOwl encrypts messages
     45using the `DES` encryption algorithm in
     46[http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Electronic_codebook_.28ECB.29 ECB mode]. '''This is an extremely weak cipher''', and should not be considered resistant to any sort of dedicated attack.
     47
     48As of BarnOwl 1.6, BarnOwl supports encrypting messages using GPG and
     49the modern AES cryptosystem. To enable this mode, prefix a keyfile
     50with the string `AES:` in the `.crypt-table` file. This will cause
     51BarnOwl to shell out to GPG for encryption, using the contents of the
     52file as the passphrase.
     53
     54== Troubleshooting ==
     55
     56If BarnOwl fails to send or receive encrypted messages, you can use
     57the `:show errors` command to view the output of the `zcrypt` command,
     58which will often contain more information about what went wrong.
     59
     60== The `zcrypt` binary ==
     61
     62The BarnOwl distribution and locker contain a `zcrypt` program with is
     63backwards-compatible with Philip Lisiecki's, but supports the AES
     64encryption feature described above. This program can be used by other
     65scripts or zephyr clients to encrypt and decrypt messages.