1cbcontrol(8) cbcontrol(8)
2
6 cbcontrol
7
9 cbcontrol command [ args ]
10
13 cbcontrol is a process run as the super-user, that gets commands from a
14 GUI program cryptobone and either relays these commands to an external
15 Crypto Bone over an encrypted SSH link to a certain, fixed IP address
16 or processes these commands itself, implementing a virtual Crypto Bone
17 as a separate super-user process. The commands for the virtual and the
18 external Crypto Bone are identical.
19 This process is also used internally to copy secret data from a freshly
21 installed Crypto Bone SD card to the local computer.
22
25 A command is executed only if an authentication with a local secret has
26 been successful. This local secret is stored in the Linux file system.
27 The authentication information is provided by the program
29 /usr/lib/cryptobone/getlocalsecret and must match a stored hash of the
30 local secret. If it doesn't, the Crypto Bone does nothing. Almost all
31 commands make use of the encrypted data base of secrets, which is
32 accessible only when the cryptobone daemon (/etc/init.d/cryptoboned)
33 has been started at boot time. The communication between the cryptobone
34 daemon and cbcontrol is possible using a socket.
35 These are the commands that can be sent to a Crypto Bone deamon through
37 a socket:
38 EMAIL STATUS IN
41 displays the status messages and error messages of the fetchmail
42 program that polls an email address used for message exchange.
43 EMAIL STATUS OUT
45 displays the local mail queue.
46 KEY CHANGEEMAIL oldaddress newaddress
48 if oldaddress is in the data base, it is replaced by newaddress.
49 The existing message keys will be used with the new email
50 address.
51 KEY CONTACT email
53 writes "yes" to stdout if a contact email address is registered
54 already or "no" if not.
55 KEY NEWSECRETS
57 writes three new initial secrets to stdout that are assigned to
58 the contact names NN1, NN2 and NN3.
59 KEY RECIPIENTLIST
61 writes a list of registered recipients to stdout.
62 KEY RESET email
64 blocks a communication to the specified email contact address by
65 assigning a new initial secret that is not known outside the
66 data base. This prevents further communication and can only be
67 revoked by using KEY USE email new_initial_secret.
68 KEY USE email initialsecret
70 resets a formerly used contact email address to an initial
71 value. This destroys all message keys currently in use for the
72 contact email address. The only way to continue the conversation
73 is for the contact person to do a reset with the same initial
74 secret for your own email address, too.
75 NETWORK STATUS CONNECT
78 shows the output of ifconfig for the ethernet adapter. Applies
79 to the external Crypto Bone only.
80 NETWORK STATUS FIREWALL
82 shows the status of the internal packet filter firewall.
83 Applies to the external Crypto Bone only.
84 NETWORK STATUS PING
86 checks the connection to a certain registered host on the inter‐
87 net to establish connectivity information.
88 POWEROFF
90 perfoms a shutdown -h now on the external Crypto Bone. Applies
91 to the external Crypto Bone only. The virtual cryptobone uses
92 SYSTEM POWEROFF to destroy all other information in the RAM
93 disk.
94 OWNED
96 write "yes" to stdout if the initial graphical setup of a user's
97 login name has been performed, or "no" if not.
98 READ DESTROY messageid
100 deletes the message from the list and deletes it in the RAM
101 disk.
102 READ MESSAGE messageid
104 writes the specified base64-encoded message in plain text to
105 stdout.
106 READ MESSAGELIST
108 writes a list of message names to stdout.
109 RESET
111 Not yet implemented. If a reset is desired the admin user must
112 call the reset script by hand.
113 SETUP ID
115 writes the content of the user's email address (set by SETUP
116 USER email) to stdout.
117 SETUP USER username
119 sets the user name for an email address that can be used (by
120 fetchmail) to exchange encrypted messages.
121 SETUP SERVER servername
123 sets the server name for an email account that can be used (by
124 fetchmail) to exchange encrypted messages.
125 SETUP PASSWORD password
127 sets the password for the specified email account. This informa‐
128 tion is stored in the RAM disk and can only be read by the
129 super-user.
130 SETUP SHOW
132 writes all three pieces of information used to access an email
133 account to stdin.
134 STATUS
136 writes "active" to stdout if the masterkey is present or "wait‐
137 ing" if not.
138 SYSTEM SUSPEND
140 blocks the use of the encrypted secrets data base by renaming
141 the masterkey. Applies to the external Crypto Bone only.
142 SYSTEM RESUME
144 enables the use of the encrypted secrets data base, if the mas‐
145 terkey was suspended. Applies to the external Crypto Bone only.
146 SYSTEM POWEROFF
148 destroys all information stored in the RAM disk. Not used by
149 the external Crypto Bone. It uses POWEROFF instead.
150 SYSTEM RESTART
152 initialises the RAM disk similar to the boot process of an
153 external Crypto Bone. This command is used only by the virtual
154 Crypto Bone.
155 WRITE email base64string
157 start the process of encrypting and sending the encrypted mes‐
158 sage to the specified email address after processing the
159 base64-encoded plain text string. A message will only be sent
160 out, if a message key for this email address is in the data base
161 and if the message can be AES encrypted with this key success‐
162 fully. Plain text messages are limited to 50000 bytes by the
163 Crypto Bone daemon.
164
168 /usr/lib/cryptobone/cbcontrol
169 /usr/lib/cryptobone/cbcontrol.functions
170 /usr/lib/cryptobone/getlocalsecret
171 /usr/lib/cryptobone/libclr.so.3.4.5
172 /usr/lib/cryptobone/secrets.sock
173 /usr/lib/cryptobone/ssh.sock
174 /usr/lib/cryptobone/database
175 /usr/bin/cryptobone
176
179 libclr(3), cryptoboned(8)
180
183 cbcontrol has been written by Ralf Senderek <innovation@senderek.ie>.
184
187 Of course there aren't bugs, but if you find any, please sent them to innovation@senderek.ie.
188Ralf Senderek cbcontrol(8)