-
Notifications
You must be signed in to change notification settings - Fork 46
Home
Welcome to the INTERLOCK wiki!
The INTERLOCK application is a file encryption front-end developed, but not limited to, usage with the USB armory.
The goal of the package is to expose a web-based file manager for an encrypted partition running on the device hosting the JSON application server (i.e. USB armory).
The file manager allows uploading/downloading of files to/from the encrypted partition, as well as additional symmetric/asymmetric cryptographic operations on the individual files.
The official documentation is included in the README file of the project repository.
- Andrea Covello of scip AG published two excellent tutorials on setting up INTERLOCK on the USB armory: part 1, part 2
-
Obtain the certificate file in PEM format either directly from your INTERLOCK installation, by exporting it from your browser (and convering its format if necessary) or using openssl 's_client' helper.
-
Import the certificate in your browser and mark it as trusted (example assumes INTERLOCK installation reachable on address "10.0.0.1"):
certutil -d sql:$HOME/.pki/nssdb -A -t CP,,C -n "10.0.0.1" -i cert.pem
The pre-execution of the setcap command allows INTERLOCK configurations that bind privileged port 443.
[Unit]
Description=INTERLOCK file encryption front-end
Documentation=https://github.com/usbarmory/interlock/blob/master/README.md
Requires=network.target
After=network.target
[Service]
PermissionsStartOnly=true
ExecStartPre=/sbin/setcap 'cap_net_bind_service=+ep' /usr/local/sbin/interlock
ExecStart=/usr/local/sbin/interlock -c /etc/interlock/interlock.conf
User=interlock
Group=interlock
PrivateTmp=yes
[Install]
WantedBy=multi-user.target
The /dev/scc2_aes
character device, exposed by the Security Controller (SCCv2) mxc-scc2 driver, can be granted access to INTERLOCK (assuming execution by interlock
user) with the following udev rule:
KERNEL=="scc2_aes", SUBSYSTEM=="crypto", MODE="0600", OWNER="interlock"