[qubes-users] Convenient untrusted storage for Qubes OS: qcrypt & qcryptd

Wed, 19 Jun 2019 23:14:00 -0700 

Dear all,
Qubes OS has always provided the basic tools to accomplish encrypted storage devices, namely qvm-block [1] and cryptsetup [2]. 


However the combination is neither self-explanatory nor convenient for 
users who come from Operating Systems which provide "plug & play" for 
most devices. This facilitates user mistakes made either manually or 
with self-written software.



Thus I decided a while back to bring my self-written software to release 
grade and therefore present qcrypt and qcryptd at


https://github.com/3hhh/qcrypt


qcrypt can be used to create, open or close encrypted containers from 
dom0 in a way similar to cryptsetup [2] - just with added support for 
the Qubes OS VM infrastructure.



qcryptd attempts to bring back the "plug & play" feeling by providing a 
daemon that automatically opens or closes encrypted containers whenever 
VMs are started, stopped or external devices are attached or removed.



Both are command-line tools and heavily rely on the bash library blib 
[3]. qcryptd requires some configuration in the form of ini files [4].



Feel free to review the code, use it at your own disposal or provide 
feedback (questions, issues @github, ...). I hope it'll be useful not 
only for me alone. ;-)



My code signing key for reference: (1533 C122 5C1B 41AF C46B 33EB) EB03 
A691 DB2F 0833


Best Regards
David


[1] https://www.qubes-os.org/doc/block-devices/
[2] https://gitlab.com/cryptsetup/cryptsetup/wikis/home
[3] https://github.com/3hhh/blib
[4] https://github.com/3hhh/qcrypt/blob/master/conf/examples/ex01.ini

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e77e5686-126b-7976-41e8-4487bd9a6ef2%40hackingthe.net.
For more options, visit https://groups.google.com/d/optout.



Attachment:
smime.p7s

Description: S/MIME Cryptographic Signature






















					Reply via email to