Skip to content

Commit

Permalink
Version: 0.3.0
Browse files Browse the repository at this point in the history
  • Loading branch information
kinoru committed Dec 15, 2015
1 parent 4dd4440 commit 9ca169c
Show file tree
Hide file tree
Showing 3 changed files with 17 additions and 77 deletions.
15 changes: 14 additions & 1 deletion CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,21 @@
# Change Log

## 0.3.0 - 2015-12-15

- The command line arguments interface has changed to multi-mode. Users are now advised to set `u` as an alias of `unbreak open`.
- `unbreak init`
- `unbreak open <FILENAME>`
- `unbreak logout`
- `unbreak add [OPTIONS] <FILENAME>`
- Added `unbreak add`: Pick a local file, encrypt it, and put it in the remote storage
- Added `unbreak logout`: Explicitly remove the session files from the memory space.
- Added automatic removal of local temporary files in the memory space after `unbreapk open`.
- Added upload error remedy to `unbreak open`: the user's effort won't be immediately lost even when the upload fails. Now there is a chance to retry or save it somewhere else.
- Fixed file name encryption: Very silly elemetary cryptographic mistake. Eliminated the chance of adversary guessing the file name when there are multiple files with the same prefix.

## 0.2.0 - 2015-12-09

- Add encryption of file names: File names may be a sensitive information as well. They are now encrypted with ChaCha20-Poly1305 and base64url-encoded.
- Added encryption of file names: File names may be a sensitive information as well. They are now encrypted with ChaCha20-Poly1305 and base64url-encoded.
- Avoid network overhead by checking file mtype: The file won't be sent if it hasn't been changed.

## 0.1.0 - 2015-12-05
Expand Down
77 changes: 2 additions & 75 deletions README.md
View file
Original file line number Diff line number Diff line change
@@ -1,78 +1,5 @@
**unbreak** is a minimal helper utility to have files accessible, encrypted, and stored remotely, even with an unstable Internet connection. Questions, bug reports, feature requests, and pull requests are welcome.

## In a nutshell
Current version: 0.3.0 ([changelog](https://github.com/kinoru/unbreak/blob/master/CHANGELOG.md))

1. You type `u cheatsheet.txt`
1. You start editing your cheat sheet text file that is encrypted and stored remotely.
1. You save and quit.
1. The new file is now encrypted and stored remotely.

## Installation

One binary file for x64 GNU/Linux.

```bash
curl -L https://github.com/kinoru/unbreak/releases/download/v0.2.0/u > ~/.local/bin/u && chmod +x ~/.local/bin/u
```

The recommendation is to set the file name to `u`, but you may use the full name `unbreak` or anything you prefer.

For the `u` executable to properly run, The following must be available on the client system.

- `/dev/urandom`
- `mktemp`
- `/dev/shm` writable by you
- `scp`
- The `$HOME` environment variable

It will probably work on any ordinary x64 GNU/Linux distribution.

## Usage

When you run `u` for the first time, the file `~/.unbreak.json` will be created with default configuration. Edit it and configure unbreak.

- `name`: This works as a salt to fight against the rainbow table attack to generate the master secret key. It's a salt, so it doesn't have to be secret. Just pick something memorable and unique. [xkcd offers a brilliant advice](https://xkcd.com/936/).
- `remote`: The path of the remote directory that will serve as a storage of all documents. (For now, it must exist.) The document name will be appended to this path when it is passed to the `scp` command.
- `editor`: The default value is [`vim`](https://e.xtendo.org/scs/vim).

Now you type `u cheatsheet.txt` to actually begin editing a file. Since this is your first time using Unbreak and there is no session yet, you'll be asked to type a password that will be used (with the salt in `~/.unbreak.json`) to generate the master key. The master key is stored under `/dev/shm` during the session.

## How it works

1. You type `u cheatsheet.txt`
1. `scp [email protected]:path/to/docs/YLfZ9XA4YGYNRykW4Ns= /dev/shm/unbreak-Z9y8X/`
1. Decrypt the file with your master key and save it as `cheatsheet.txt`
1. `vim /dev/shm/unbreak-Z9y8X/cheatsheet.txt`
1. You edit your cheat sheet text file with your favorite text editor.
1. You save and quit.
1. Encrypt the file with your master key and save it as `YLfZ9XA4YGYNRykW4Ns=`
1. `scp /dev/shm/unbreak-Z9y8X/YLfZ9XA4YGYNRykW4Ns= [email protected]:path/to/docs/`

## Why?

Recently a type of operating system instances became very common. They are

- not maintained (in terms of electricity supply, thermal control, Internet connection, etc.) by you
- not in your vicinity
- not under your ownership

Some people seem to prefer the term "cloud."

What you want to do is, in the terminal, you would type `u comic.zip` and a comic book viewer will let you read the comic book that is encrypted and stored remotely. Or `u cheatsheet.txt` will open a text editor and let you edit your cheat sheet text file. After a while you will save and quit, then the document will be encrypted and stored in the remote operating system instance. Certain conditions apply:

- You want the whole process be resilient to an **unstable Internet connection**. Bringing your laptop around or even suspending it breaks the connection, so you want it to require the connection only when it's needed, that is, the opening and saving moment.
- Following the spirit of the excellent [Tarsnap](https://www.tarsnap.com/) service, you want the file to be **client-side-encrypted** before being sent to the remote system. The notion that you have _your_ instance in the "cloud" is an illusion; the company that runs this "cloud" service has a full technical (and, in many cases, even legal) access to your data.

Alternatives all fell short:

- Saving locally with full-disk encryption: The data becomes inaccessible from different (home/office) computers.
- sshfs: Very good, and very fragile with an unstable Internet connection. Sometimes it makes the whole I/O hang. (You have to manually `umount` with `-l` option.)
- Vim with netrw scp support: Can't encrypt/decrypt with a modern cipher like ChaCha20, unless you learn Vimscript and write a plugin of your own. Some editors don't even have the scripting feature at all.

## TODO

- Iteratee I/O in encryption and decryption
- File listing
- Automatically choose the right "editor" based on the file extension
- Arbitrarily choose file to upload
- Manual session logout
See [unbreak's web page](https://e.xtendo.org/scs/unbreak) for more details.
2 changes: 1 addition & 1 deletion unbreak.cabal
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
name: unbreak
version: 0.2.0
version: 0.3.0
synopsis: Secure editing of remote documents with unstable connection
license: AGPL-3
license-file: LICENSE
Expand Down

0 comments on commit 9ca169c

Please sign in to comment.