-
Notifications
You must be signed in to change notification settings - Fork 18
/
README
121 lines (89 loc) · 3.43 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
# $Id: README,v 1.20 2001/03/28 13:26:06 proff Exp $
# $Smallcopyright:$
RUBBERHOSE 0.8.3
----------------
This is an alpha snap shot. Intended only for testing and
development. DO NOT TRUST THIS CODE. It wants to run away with your
prom date's underpants when you least expect it.
Please send any questions to <rubberhose@rubberhose.org>
Compile under linux. The NetBSD and FreeBSD kernel modules are out of
sync with the rest of the code. This will be rectified as soon
as the kernel interface has completely stabilised.
You may want to install OpenSSL. Rubberhose will detect it on
configure and add the (usually faster) OpenSSL ciphers to its
collection)
Configure and compile:
$ ./configure
$ make
If you have docbook utilities installed you may like to
rebuild the Rubberhose documentation:
$ cd doc; make doc
Run the self-test suite. There are several hundred tests. While
this is an optional step, given stated aims of the code, it's
probably foolhardy not to.
$ make check
Become root.
Install binaries etc:
# make install
Install the maru and kue devices:
# hose_makedevs
Install the kue and maru kernel devices into the running kernel:
# hose_modload
Revert back to the user.
You can try 'hose list commands' for a list of client commands and 'hose
help [command]' for help on a specific command.
(Optionally) examine cipher speeds:
$ hose speeds
The default options to the following commands result in a small
(few Mb) test extent.
Create a new keymap. The keymap is is a list of keys, salts and
various other meta data used to describe an extent (file or
partition). It's a little like a pgp private key ring, except
that it's one to one bonded with a particular extent:
$ hose newkeymap
Create an extent. An extent is a file container used for block
storage. You can probably also use a disk partition, although
this hasn't been tested recently:
$ hose newextent
Create an aspect. An aspect is a `view' of some or all of blocks in an
extent. Under some of the remapping schemes, an extent may have multiple
aspects. Some of the remapping schemes are crypto-deniable. You may
need to move the mouse about or type on the keyboard to gather entropy
for key generation. Aspect 0 is created by default.
$ hose newaspect
You now test speed of the full crypto path with your chosen
algorithms:
$ hose speeds -e
Become root again and start up the hosed daemon:
# hosed
Tell hosed to attach itself to your newly created extent file:
# hose attachextent
Tell hosed to key aspect 0 (default). This "primes" the aspect.
# hose keyaspect
Tell hosed to bind aspect 0 (default) to a disk device
# hose bindaspect
# For crypto deniability reasons, the maru device assigned is
# random. In this example, we presume /dev/maru4
Aspect 0 should now appear as one of the /dev/maru* devices. We will
now create a file-system on it. It's important for efficiency to have
the file-system block size the same as the crypto block size (defaults
to 2048 bytes, see newkeymap -b), so we will tell mke2fs to use 2048
byte blocks.
# mke2fs -b 2048 /dev/maru4
Now, mount it!
# mount /dev/maru4 /mnt
Have a look inside:
# ls -la /mnt
Try copying in /bin/sh:
# cp /bin/sh /mnt
Unmount and unbind, dekey
# umount /mnt
# hose unbindaspect
# hose dekeyaspect
# hose detachextent
# hose_modunload
man pages (quite brief at the moment) and other documentation are
in doc.
Happy Rubberhos'in!
-Julian Assange <proff@iq.org>,
Ralf-P. Weinmann <ralph@iq.org>