Skip to content
Secure end-to-end encrypted file sharing over ssh; forked from openssh.
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
contrib
debian
iron
openbsd-compat
regress
rpm
.build.mk
.gitignore
.skipped-commit-ids
.travis.yml
CREDITS
INSTALL
LICENCE
Makefile.in
OVERVIEW
PACKAGING.md
PROTOCOL
PROTOCOL.agent
PROTOCOL.certkeys
PROTOCOL.chacha20poly1305
PROTOCOL.key
PROTOCOL.krl
PROTOCOL.mux
README
README.dns
README.md
README.platform
README.privsep
README.tun
TODO
aclocal.m4
addrmatch.c
atomicio.c
atomicio.h
audit-bsm.c
audit-linux.c
audit.c
audit.h
auth-bsdauth.c
auth-chall.c
auth-krb5.c
auth-options.c
auth-options.h
auth-pam.c
auth-pam.h
auth-passwd.c
auth-rh-rsa.c
auth-rhosts.c
auth-rsa.c
auth-shadow.c
auth-sia.c
auth-sia.h
auth-skey.c
auth.c
auth.h
auth1.c
auth2-chall.c
auth2-gss.c
auth2-hostbased.c
auth2-kbdint.c
auth2-none.c
auth2-passwd.c
auth2-pubkey.c
auth2.c
authfd.c
authfd.h
authfile.c
authfile.h
bitmap.c
bitmap.h
blocks.c
bufaux.c
bufbn.c
bufec.c
buffer.c
buffer.h
buildpkg.sh.in
canohost.c
canohost.h
chacha.c
chacha.h
channels.c
channels.h
cipher-3des1.c
cipher-aes.c
cipher-aesctr.c
cipher-aesctr.h
cipher-bf1.c
cipher-chachapoly.c
cipher-chachapoly.h
cipher-ctr.c
cipher.c
cipher.h
cleanup.c
clientloop.c
clientloop.h
compat.c
compat.h
config.guess
config.sub
configure.ac
crc32.c
crc32.h
crypto_api.h
deattack.c
deattack.h
defines.h
dh.c
dh.h
digest-libc.c
digest-openssl.c
digest.h
dispatch.c
dispatch.h
dns.c
dns.h
ed25519.c
entropy.c
entropy.h
fatal.c
fe25519.c
fe25519.h
fixalgorithms
fixpaths
fixprogs
ge25519.c
ge25519.h
ge25519_base.data
groupaccess.c
groupaccess.h
gss-genr.c
gss-serv-krb5.c
gss-serv.c
hash.c
hmac.c
hmac.h
hostfile.c
hostfile.h
includes.h
install-sh
iron-common.h
iron-gpg.h
ironsftp.1
kex.c
kex.h
kexc25519.c
kexc25519c.c
kexc25519s.c
kexdh.c
kexdhc.c
kexdhs.c
kexecdh.c
kexecdhc.c
kexecdhs.c
kexgex.c
kexgexc.c
kexgexs.c
key.c
key.h
krl.c
krl.h
log.c
log.h
loginrec.c
loginrec.h
logintest.c
mac.c
mac.h
match.c
match.h
md-sha256.c
md5crypt.c
md5crypt.h
mdoc2man.awk
misc.c
misc.h
mkinstalldirs
moduli
moduli.5
moduli.c
monitor.c
monitor.h
monitor_fdpass.c
monitor_fdpass.h
monitor_mm.c
monitor_mm.h
monitor_wrap.c
monitor_wrap.h
msg.c
msg.h
mux.c
myproposal.h
nchan.c
nchan.ms
nchan2.ms
opacket.c
opacket.h
openssh.xml.in
opensshd.init.in
packet.c
packet.h
pathnames.h
pkcs11.h
platform-pledge.c
platform-tracing.c
platform.c
platform.h
poly1305.c
poly1305.h
progressmeter.c
progressmeter.h
readconf.c
readconf.h
readpass.c
rijndael.c
rijndael.h
rsa.c
rsa.h
sandbox-capsicum.c
sandbox-darwin.c
sandbox-null.c
sandbox-pledge.c
sandbox-rlimit.c
sandbox-seccomp-filter.c
sandbox-solaris.c
sandbox-systrace.c
sc25519.c
sc25519.h
scp.1
scp.c
servconf.c
servconf.h
serverloop.c
serverloop.h
session.c
session.h
sftp-client.c
sftp-client.h
sftp-common.c
sftp-common.h
sftp-glob.c
sftp-server-main.c
sftp-server.8
sftp-server.c
sftp.1
sftp.c
sftp.h
smult_curve25519_ref.c
ssh-add.1
ssh-add.c
ssh-agent.1
ssh-agent.c
ssh-dss.c
ssh-ecdsa.c
ssh-ed25519.c
ssh-gss.h
ssh-keygen.1
ssh-keygen.c
ssh-keyscan.1
ssh-keyscan.c
ssh-keysign.8
ssh-keysign.c
ssh-pkcs11-client.c
ssh-pkcs11-helper.8
ssh-pkcs11-helper.c
ssh-pkcs11.c
ssh-pkcs11.h
ssh-rsa.c
ssh-sandbox.h
ssh.1
ssh.c
ssh.h
ssh1.h
ssh2.h
ssh_api.c
ssh_api.h
ssh_config
ssh_config.5
sshbuf-getput-basic.c
sshbuf-getput-crypto.c
sshbuf-misc.c
sshbuf.c
sshbuf.h
sshconnect.c
sshconnect.h
sshconnect1.c
sshconnect2.c
sshd.8
sshd.c
sshd_config
sshd_config.5
ssherr.c
ssherr.h
sshkey.c
sshkey.h
sshlogin.c
sshlogin.h
sshpty.c
sshpty.h
sshtty.c
survey.sh.in
ttymodes.c
ttymodes.h
uidswap.c
uidswap.h
umac.c
umac.h
utf8.c
utf8.h
uuencode.c
uuencode.h
verify.c
version.h
xmalloc.c
xmalloc.h

README.md

IronSFTP - End-to-end secure file transfer

An alternative to sftp and scp that keeps files encrypted after they're uploaded and allows sharing of files with cryptographic enforcement. See the project homepage for more details.

This project is a fork of the openssh/openssh-portable project from OpenSSH. While most of the project is unchanged, specific additions have been made to create new executables that provide end-to-end security when transferring files to remote servers.

While sftp and scp use ssh to keep files secure while they are being transferred over the network, once those files hit the remote server, they are no longer protected. The ironsftp executable provides additional security. When you put a file on the server using ironsftp, the file is encrypted before it is uploaded, and it stays that way on the server. When you get a file from the server, it is downloaded then decrypted. So the file remains secure until it is at the place you want to use it - on your local machine.

The extension .iron is used to denote secured files. If you run ironsftp and put foo.c on the server, the file will first be encrypted and written to foo.c.iron, then that encrypted file will be written to the remote server. When you get foo.c.iron from the server, if that file can be downloaded, ironsftp will decrypt the file and write foo.c on your local machine. As a convenience, if you get foo.c but that file is not available on the server, ironsftp will try to download and decrypt foo.c.iron.

The process operates the same as sftp, but your files are protected on the remote server.

Key Management

In order to use ironsftp, you must currently have an RSA key in the ~/.ssh/id_rsa file on your local machine. When you start ironsftp the first time, it reads your public and private RSA keys (which may prompt you to enter the passphrase for the private key), then copies them into new key files under ~/.ssh/ironcore/. The RSA key is used for signing encrypted files. ironsftp also generates a Curve25519 key pair - this key is stored in the same place and is used to encrypt data. These new private keys are locked using a passphrase that is generated by using your private ssh RSA key to sign some data. Thus, if your ssh key is locked by a passphrase, your ironcore keys are also locked. Unlocking the ssh key is required to unlock the ironcore keys.

When you use ironsftp to connect to a server, your public key information is uploaded to ~/.ironpubkey. This provides a convenient mechanism for other users connecting to the server to retrieve your public ironcore keys. In particular, if another user connects to the server using ironsftp, she can use your public key information to securely share files with you, as described in the next section.

Secure Sharing

You are also able to share these secure files with other users. When you connect to a server, by default, each file that you upload will be encrypted so that only you can read it. However, if other users on that server have connected to it using ironsftp, their public key information will be available in ~<login>/.ironpubkey. You can use new ironsftp commands to add recipients, so that any subsequent files you upload in that session will be encrypted to those users in addition to you. For example, suppose you are logged in as gumby:

  % ironsftp BigServer
  Connected to BigServer.

  ironsftp> showrcpt
  Currently registered recipients:
    gumby
  ironsftp> addrcpt pokey
  Added login pokey to the recipient list
  ironsftp> addrcpt mrhand
  Unable to retrieve public keys for user mrhand.
  ironsftp> showrcpt
  Currently registered recipients:
    gumby
    pokey
  ironsftp> put foo
  Uploading foo to /home/gumby/foo.iron
  ironsftp>

The file foo.iron on the server is encrypted so that both you and pokey can retrieve and decrypt it. Suppose pokey does

  % ironsftp BigServer
  Connected to BigServer.

  ironsftp> get foo
  Fetching /home/pokey/foo.iron to foo.iron
  Data was encrypted to user gumby
  Message was signed by user gumby, key ID 1234567890ABCDEF.

The file foo.c.iron will be decrypted automatically, and the file foo will be created. If a user other than gumby or pokey downloads the file, she would get a message like this

  ironsftp> get foo
  Fetching /private/tmp/sftp.c.iron to sftp.c.iron
  WARNING: The file "foo" is encrypted, but access is not granted to you,
  so the unencrypted contents cannot be retrieved.

The user would still have foo.iron in the current directory, but it would not be readable.

GnuPG Compatibility

The keys used by ironsftp are stored in the same format that GnuPG uses - public keys are all in ~/.ssh/ironcore/pubring.gpg, and the corresponding secret keys are in individual files in ~/.ssh/ironcore/private-keys-v1.d. All files encrypted by ironsftp can be read by gpg as well. (Since we are using elliptic curve cryptography to encrypt the data, you will need a gpg version 2.1.7 or greater, which in turn requires libgcrypt version 1.7 or later.) If you have a modern version of gpg, you can run something like this to decrypt a file encrypted by ironsftp:

  gpg --homedir ~/.ssh/ironcore -d --output foo foo.iron

Installation

See the project page installation section for supported operating systems and installation details.

You can’t perform that action at this time.