Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
arver is a tool for distributed LUKS key management
tree: c7b21c3a83

Fetching latest commit…

Cannot retrieve the latest commit at this time

Failed to load latest commit information.
bin
features
lib
man
pkg
presentation
spec
tasks
.arver.dist
.autotest
.gitignore
CHANGELOG.textile
Gemfile
Gemfile.lock
README.textile
Rakefile
Todo.txt
arver.gemspec
cucumber.yml
disks

README.textile

arver

Synopsis

arver is a tool to manage encrypted harddisks.

It is tailored for fine-grained access control to LUKS encrypted harddisks by
many users. Additionally it supports automation through scripts and facilitates
key distribution.

As an example it can be used in an organisation to grant access to encrypted
partitions to a team of admins.

Addressed Problems

In a traditional setup with multiple LUKS devices most organisations resort
to password sharing. This has multiple drawbacks, which arver tries to address:

  • In case of an emergency or scheduled password change, everyone needs to learn
    a bunch of new passwords and changing them is cumbersome and time consuming.
  • If the password is leaked, all disks are compromised.
  • As the amount of passwords grows with the number of disks, password patterns
    are common. This has the drawback that you can’t grant per-disk access to others.

Further arver can ease many associated tasks:

  • Arver is scriptable – all actions support script hooks, which means that you can
    recover much faster from outages.
  • Revoking all access for an admin can be done with only one command.
  • Since arver keys are encrypted using publickey cryptography it is very easy to
    safely distribute arver keys.

Usage

arver ships with a detailed man page, describing the usage in detail.

Installation

The easiest way to install arver is by gem

sudo gem install arver

This will install all required dependecies automatically. If your distributions
contains an arver package we recommend installation by your package manager.

The following ruby gems are required for arver:

  • gpgme 2
  • activesupport 2
  • escape
  • highline

For development you will need the following additional gems:

  • rake
  • cucumber
  • rspec

Requirements

arver only works with cryptsetup-luks >= 1.0.5 as previous versions do not
support key slots properly for our usage.

Limitations

  • arver only supports LUKS as backend.
  • arver supports only up to 8 users as LUKS has only 8 key slots (LUKS NUMKEYS).

Known Issues

GPGME and gpg-agent

If arver asks you multiple times for the password, you might consider to use
gpg-agent, so you can decrypt your keypair once and the use it for all your
stored keys.

You can test gpg-agent by trying to decrypt an encrypted file for your user in
data/keys/USERNAME/key_X . It will tell you about possible gpg-erorrs.

Configuring gpg-agent is quite simple and you find information on the following
website: http://dougbarton.us/PGP/gpg-agent.html

If you install gpg-agent like dougbarton recomends, you need to further verify
that the environment variable GPG_AGENT_INFO is accessible within the arver
script. An option is to add the following entry to your .bashrc

if [ -r “${HOME}/.gpg-agent-info” ]; then . ${HOME}/.gpg-agent-info export GPG_AGENT_INFO fi

License

(The MIT License)

Copyright © 2010 arver

Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
‘Software’), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so, subject to
the following conditions:

The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED ‘AS IS’, WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

Something went wrong with that request. Please try again.