diff options
Diffstat (limited to 'doc/index.mdwn')
-rw-r--r-- | doc/index.mdwn | 81 |
1 files changed, 81 insertions, 0 deletions
diff --git a/doc/index.mdwn b/doc/index.mdwn new file mode 100644 index 0000000..d96bf9c --- /dev/null +++ b/doc/index.mdwn @@ -0,0 +1,81 @@ +Keysafe securely backs up a gpg secret key or other short secret to the cloud. + +This is not intended for storing Debian Developer keys that yield root on +ten million systems. It's about making it possible for users to use gpg who +currently don't, and who would find it too hard to use `paperkey` to back +up and restore their key as they reinstall their laptop. + +Not yet ready for production use! Needs security review! +May run over your dog! Not suitable for bitcoin keys! + +## Screenshots + +See [[screenshots]]. (Keysafe can also run in text mode in a terminal.) + +## How it works, basically + +The secret key is encrypted using a password, and is split into three +shards, and each is uploaded to a server run by a different entity. Any two +of the shards are sufficient to recover the original key. So any one server +can go down and you can still recover the key. + +Keysafe checks your password strength (using the excellent but not perfect +[zxcvbn library](https://github.com/tsyrogit/zxcvbn-c)), +and shows an estimate of the cost to crack your password, +before backing up the key. + +[[screenshots/4.png]] +(Above is for the password "makesad spindle stick") + +Keysafe is designed so that it should take millions of dollars of computer +time to crack any fairly good password. (This is accomplished using +[Argon2](https://en.wikipedia.org/wiki/Argon2).) +With a truely good password, such as four random words, the cracking cost +should be many trillions of dollars. + +The password is the most important line of defense, but keysafe's design +also makes it hard for an attacker to even find your encrypted secret key. + +For a more in-depth explanation, and some analysis of different attack +vectors (and how keysafe thwarts them), see [[details]]. +Also, there's a [[FAQ]]. + +## News + +[[!inline pages="code/keysafe/news/* and !*/Discussion" show="3"]] + +## Git repository + +`git clone git://keysafe.branchable.com/ keysafe` + +All tags and commits in this repository are gpg signed, and you should +verify the signature before using it. + +## Installation + +You should first install Haskell's stack tool, the readline and argon2 +libraries, and zenity. For example, on a Debian system: + + sudo apt-get install haskell-stack libreadline-dev libargon2-0-dev zenity + +Then to build and install keysafe: + + stack install keysafe + +Note that there is a manpage, but stack doesn't install it yet. + +## Reporting bugs + +Email <id@joeyh.name> + +## Servers + +See [[servers]] for information on the keysafe servers. + +## License + +Keysafe is licensed under the terms of the AGPL 3+ + +## Thanks + +Thanks to Anthony Towns for his help with keysafe's design. |