From 81da10b66d2163b2e2cfed9754f825f2758b081c Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Sat, 10 Mar 2018 12:20:53 -0400 Subject: Revert "removed" This reverts commit 70ac4cb64cc610eff6ed70b5ab81122fb4071615. --- doc/index.mdwn | 93 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 93 insertions(+) create mode 100644 doc/index.mdwn diff --git a/doc/index.mdwn b/doc/index.mdwn new file mode 100644 index 0000000..5c0c670 --- /dev/null +++ b/doc/index.mdwn @@ -0,0 +1,93 @@ +Keysafe securely backs up a gpg secret key or other short secret to the cloud. + +This is not intended for storing Debian Developer keys that yield root on +ten million systems. It's about making it possible for users to use gpg who +currently don't, and who would find it too hard to use `paperkey` to back +up and restore their key as they reinstall their laptop. + +Not yet ready for production use! Needs security review! +May run over your dog! Not suitable for bitcoin keys! + +## Screenshots + +See [[screenshots]]. (Keysafe can also run in text mode in a terminal.) + +## How it works, basically + +The secret key is encrypted using a password, and is split into three +shards, and each is uploaded to a server run by a different entity. Any two +of the shards are sufficient to recover the original key. So any one server +can go down and you can still recover the key. + +Keysafe checks your password strength (using the excellent but not perfect +[zxcvbn library](https://github.com/tsyrogit/zxcvbn-c)), +and shows an estimate of the cost to crack your password, +before backing up the key. + +[[screenshots/4.png]] +(Above is for the password "makesad spindle stick") + +Keysafe is designed so that it should take millions of dollars of computer +time to crack any fairly good password. (This is accomplished using +[Argon2](https://en.wikipedia.org/wiki/Argon2).) +With a truely good password, such as four random words, the cracking cost +should be many trillions of dollars. + +The password is the most important line of defense, but keysafe's design +also makes it hard for an attacker to even find your encrypted secret key. + +For a more in-depth explanation, and some analysis of different attack +vectors (and how keysafe thwarts them), see [[details]]. +Also, there's a [[FAQ]]. + +Here's a video explaining keysafe: + + + + + +## News + +[[!inline pages="news/* and !*/Discussion" show="3"]] + +## Installation + +Keysafe is now available in [Debian experimental](https://wiki.debian.org/DebianExperimental). +Install it from there, or from source. + +## Git repository + +`git clone git://keysafe.branchable.com/ keysafe` or +`git clone https://git.joeyh.name/git/keysafe.git/` + +All tags and commits in this repository are gpg signed, and you should +verify the signature before using it. + +## Building from source + +You should first install Haskell's stack tool, the readline and argon2 +libraries, and zenity. For example, on a Debian system: + + sudo apt-get install haskell-stack libreadline-dev libargon2-0-dev zenity + +Then to build and install keysafe, cd into its source tree and run: + + stack install + +Note that there is a manpage, but stack doesn't install it yet. + +## Reporting bugs + +Post to [[todo]] or email + +## Servers + +See [[servers]] for information on the keysafe servers. + +## License + +Keysafe is licensed under the terms of the AGPL 3+ + +## Thanks + +Thanks to Anthony Towns for his help with keysafe's design. -- cgit v1.2.3