1cbcontrol(8)                                                      cbcontrol(8)
2
3
4

NAME

6       cbcontrol
7

SYNOPSIS

9       cbcontrol  command [ args ]
10
11

DESCRIPTION

13       cbcontrol is a process run as the super-user, that gets commands from a
14       GUI program cryptobone and either relays these commands to an  external
15       Crypto  Bone  over an encrypted SSH link to a certain, fixed IP address
16       or processes these commands itself, implementing a virtual Crypto  Bone
17       as  a separate super-user process. The commands for the virtual and the
18       external Crypto Bone are identical.
19
20       This process is also used internally to copy secret data from a freshly
21       installed Crypto Bone SD card to the local computer.
22
23

COMMANDS

25       A command is executed only if an authentication with a local secret has
26       been successful.  This local secret is stored in the Linux file system.
27
28       The   authentication   information   is   provided   by   the   program
29       /usr/lib/cryptobone/getlocalsecret  and must match a stored hash of the
30       local secret. If it doesn't, the Crypto Bone does nothing.  Almost  all
31       commands  make  use  of  the  encrypted  data base of secrets, which is
32       accessible only when the  cryptobone  daemon  (/etc/init.d/cryptoboned)
33       has been started at boot time. The communication between the cryptobone
34       daemon and cbcontrol is possible using a socket.
35
36       These are the commands that can be sent to a Crypto Bone deamon through
37       a socket:
38
39
40       EMAIL STATUS IN
41              displays the status messages and error messages of the fetchmail
42              program that polls an email address used for message exchange.
43
44       EMAIL STATUS OUT
45              displays the local mail queue.
46
47       KEY CHANGEEMAIL oldaddress newaddress
48              if oldaddress is in the data base, it is replaced by newaddress.
49              The  existing  message  keys  will  be  used  with the new email
50              address.
51
52       KEY CONTACT email
53              writes "yes" to stdout if a contact email address is  registered
54              already or "no" if not.
55
56       KEY NEWSECRETS
57              writes  three new initial secrets to stdout that are assigned to
58              the contact names NN1, NN2 and NN3.
59
60       KEY RECIPIENTLIST
61              writes a list of registered recipients to stdout.
62
63       KEY RESET email
64              blocks a communication to the specified email contact address by
65              assigning  a  new  initial  secret that is not known outside the
66              data base. This prevents further communication and can  only  be
67              revoked by using KEY USE email new_initial_secret.
68
69       KEY USE email initialsecret
70              resets  a  formerly  used  contact  email  address to an initial
71              value. This destroys all message keys currently in use  for  the
72              contact email address. The only way to continue the conversation
73              is for the contact person to do a reset with  the  same  initial
74              secret for your own email address, too.
75
76
77       NETWORK STATUS CONNECT
78              shows  the output of ifconfig for the ethernet adapter.  Applies
79              to the external Crypto Bone only.
80
81       NETWORK STATUS FIREWALL
82              shows  the  status  of  the  internal  packet  filter  firewall.
83              Applies to the external Crypto Bone only.
84
85       NETWORK STATUS PING
86              checks the connection to a certain registered host on the inter‐
87              net to establish connectivity information.
88
89       POWEROFF
90              perfoms a shutdown -h now on the external Crypto Bone.   Applies
91              to  the  external  Crypto Bone only. The virtual cryptobone uses
92              SYSTEM POWEROFF to destroy all  other  information  in  the  RAM
93              disk.
94
95       OWNED
96              write "yes" to stdout if the initial graphical setup of a user's
97              login name has been performed, or "no" if not.
98
99       READ DESTROY messageid
100              deletes the message from the list and  deletes  it  in  the  RAM
101              disk.
102
103       READ MESSAGE messageid
104              writes  the  specified  base64-encoded  message in plain text to
105              stdout.
106
107       READ MESSAGELIST
108              writes a list of message names to stdout.
109
110       RESET
111              Not yet implemented. If a reset is desired the admin  user  must
112              call the reset script by hand.
113
114       SETUP ID
115              writes  the  content  of  the user's email address (set by SETUP
116              USER email) to stdout.
117
118       SETUP USER username
119              sets the user name for an email address that  can  be  used  (by
120              fetchmail) to exchange encrypted messages.
121
122       SETUP SERVER servername
123              sets  the  server name for an email account that can be used (by
124              fetchmail) to exchange encrypted messages.
125
126       SETUP PASSWORD password
127              sets the password for the specified email account. This informa‐
128              tion  is  stored  in  the  RAM  disk and can only be read by the
129              super-user.
130
131       SETUP SHOW
132              writes all three pieces of information used to access  an  email
133              account to stdin.
134
135       STATUS
136              writes  "active" to stdout if the masterkey is present or "wait‐
137              ing" if not.
138
139       SYSTEM SUSPEND
140              blocks the use of the encrypted secrets data  base  by  renaming
141              the masterkey.  Applies to the external Crypto Bone only.
142
143       SYSTEM RESUME
144              enables  the use of the encrypted secrets data base, if the mas‐
145              terkey was suspended.  Applies to the external Crypto Bone only.
146
147       SYSTEM POWEROFF
148              destroys all information stored in the RAM disk.   Not  used  by
149              the external Crypto Bone. It uses POWEROFF instead.
150
151       SYSTEM RESTART
152              initialises  the  RAM  disk  similar  to  the boot process of an
153              external Crypto Bone.  This command is used only by the  virtual
154              Crypto Bone.
155
156       WRITE email base64string
157              start  the  process of encrypting and sending the encrypted mes‐
158              sage  to  the  specified  email  address  after  processing  the
159              base64-encoded  plain  text  string. A message will only be sent
160              out, if a message key for this email address is in the data base
161              and  if  the message can be AES encrypted with this key success‐
162              fully. Plain text messages are limited to  50000  bytes  by  the
163              Crypto Bone daemon.
164
165
166

FILES

168       /usr/lib/cryptobone/cbcontrol
169       /usr/lib/cryptobone/cbcontrol.functions
170       /usr/lib/cryptobone/getlocalsecret
171       /usr/lib/cryptobone/libclr.so.3.4.5
172       /usr/lib/cryptobone/secrets.sock
173       /usr/lib/cryptobone/ssh.sock
174       /usr/lib/cryptobone/database
175       /usr/bin/cryptobone
176
177

SEE ALSO

179       libclr(3), cryptoboned(8)
180
181

AUTHORS

183       cbcontrol has been written by Ralf Senderek <innovation@senderek.ie>.
184
185

BUGS

187       Of course there aren't bugs, but if you find any, please sent them to innovation@senderek.ie.
188
189
190
191Ralf Senderek                                                     cbcontrol(8)
Impressum