Secure end-to-end encrypted file sharing over ssh; forked from openssh.
C Shell Other M4 Makefile C++ Other
Clone or download
BobWall23 Update README.md
Change IronSSH to IronSFTP
Latest commit 626fe07 Nov 12, 2016
Permalink
Failed to load latest commit information.
contrib crank version numbers Jul 24, 2016
debian Add integration tests for ironsftp (#50) Aug 31, 2016
iron Increase max key size (#54) Aug 31, 2016
openbsd-compat Search users for one with a valid salt. Jul 21, 2016
regress Increase max key size (#54) Aug 31, 2016
rpm Add integration tests for ironsftp (#50) Aug 31, 2016
.build.mk Packaging (#37) Aug 26, 2016
.gitignore Packaging (#37) Aug 26, 2016
.skipped-commit-ids upstream commit Jul 8, 2016
.travis.yml Packaging (#37) Aug 26, 2016
CREDITS Updated LICENCE and CREDITS (#48) Aug 29, 2016
INSTALL OpenSSL 1.1.x not currently supported. Jul 14, 2016
LICENCE Updated LICENCE and CREDITS (#48) Aug 29, 2016
Makefile.in Add integration tests for ironsftp (#50) Aug 31, 2016
OVERVIEW upstream commit Jul 15, 2015
PACKAGING.md Fedora22's base image disappeared on us Aug 31, 2016
PROTOCOL upstream commit Apr 8, 2016
PROTOCOL.agent upstream commit May 19, 2016
PROTOCOL.certkeys upstream commit May 3, 2016
PROTOCOL.chacha20poly1305 upstream commit May 3, 2016
PROTOCOL.key - markus@cvs.openbsd.org 2013/12/06 13:34:54 Dec 6, 2013
PROTOCOL.krl upstream commit Jan 30, 2015
PROTOCOL.mux upstream commit Jul 17, 2015
README crank version numbers Jul 24, 2016
README.dns - jakob@cvs.openbsd.org 2003/10/14 19:43:23 Oct 15, 2003
README.md Update README.md Nov 12, 2016
README.platform Add a note about using xlc on AIX. Feb 26, 2016
README.privsep - (djm) [README README.privsep] Mention FreeBSD and NetBSD as being Jun 4, 2005
README.tun - deraadt@cvs.openbsd.org 2006/03/28 00:12:31 Mar 31, 2006
TODO - (dtucker) [TODO WARNING.RNG] Update to reflect current reality. ok… Dec 6, 2004
aclocal.m4 - (djm) [configure.ac aclocal.m4] More tests to detect fallout from Jan 22, 2014
addrmatch.c upstream commit Jul 15, 2015
atomicio.c upstream commit Jan 16, 2015
atomicio.h - djm@cvs.openbsd.org 2010/09/22 22:58:51 Sep 24, 2010
audit-bsm.c - (dtucker) [audit-bsm.c configure.ac] bug #1968: enable workarounds… Feb 23, 2012
audit-linux.c KNF Jul 26, 2016
audit.c - (dtucker) [LICENCE Makefile.in audit-bsm.c audit-linux.c audit.c au… Jan 17, 2011
audit.h - (dtucker) [LICENCE Makefile.in audit-bsm.c audit-linux.c audit.c au… Jan 17, 2011
auth-bsdauth.c upstream commit Oct 25, 2015
auth-chall.c Remove redundant include of stdarg.h. bz#2410 Jun 4, 2015
auth-krb5.c upstream commit May 19, 2016
auth-options.c upstream commit Mar 7, 2016
auth-options.h upstream commit Jan 14, 2015
auth-pam.c retry waitpid on EINTR failure Jul 22, 2016
auth-pam.h Handle PAM_MAXTRIES from modules. Jul 17, 2016
auth-passwd.c upstream commit Jul 22, 2016
auth-rh-rsa.c upstream commit Mar 7, 2016
auth-rhosts.c upstream commit Mar 7, 2016
auth-rsa.c upstream commit Jan 28, 2015
auth-shadow.c - (dtucker) [auth-shadow.c loginrec.c] Include time.h for time(2) pr… Apr 29, 2007
auth-sia.c - dtucker [auth-sia.c] Roll back the change for bug #1241 as it appa… Aug 28, 2009
auth-sia.h - (dtucker) [auth-passwd.c auth-sia.h] Remove duplicate definitions of Apr 5, 2005
auth-skey.c - (dtucker) [auth-skey.c] Add log.h to fix build --with-skey. Aug 27, 2011
auth.c upstream commit Jun 15, 2016
auth.h upstream commit May 4, 2016
auth1.c add --without-ssh1 option to configure Jan 13, 2015
auth2-chall.c upstream commit May 2, 2016
auth2-gss.c upstream commit Jan 19, 2015
auth2-hostbased.c upstream commit Mar 7, 2016
auth2-kbdint.c - millert@cvs.openbsd.org 2014/07/15 15:54:14 Jul 18, 2014
auth2-none.c - millert@cvs.openbsd.org 2014/07/15 15:54:14 Jul 18, 2014
auth2-passwd.c - millert@cvs.openbsd.org 2014/07/15 15:54:14 Jul 18, 2014
auth2-pubkey.c upstream commit Jan 27, 2016
auth2.c upstream commit May 2, 2016
authfd.c upstream commit Dec 7, 2015
authfd.h upstream commit Dec 7, 2015
authfile.c upstream commit Apr 13, 2016
authfile.h upstream commit Jan 8, 2015
bitmap.c upstream commit Sep 16, 2015
bitmap.h add files missed in last commit Jan 14, 2015
blocks.c - (dtucker) [blocks.c fe25519.c ge25519.c hash.c sc25519.c verify.c]… Jan 17, 2014
bufaux.c - (dtucker) [bufaux.c bufbn.c bufec.c buffer.c] Pull in includes.h for Jun 11, 2014
bufbn.c support --without-openssl at configure time Jan 14, 2015
bufec.c - (djm) [bufec.c] Skip this file on !ECC OpenSSL Aug 25, 2014
buffer.c - (dtucker) [bufaux.c bufbn.c bufec.c buffer.c] Pull in includes.h for Jun 11, 2014
buffer.h Include OpenSSL's objects.h before bn.h. Feb 24, 2015
buildpkg.sh.in - (tim) [buildpkg.sh.in] Double up on some backslashes so they end u… Oct 19, 2012
canohost.c upstream commit Mar 7, 2016
canohost.h upstream commit Mar 7, 2016
chacha.c - djm@cvs.openbsd.org 2013/11/21 00:45:44 Nov 21, 2013
chacha.h - djm@cvs.openbsd.org 2014/05/02 03:27:54 May 15, 2014
channels.c upstream commit Jul 22, 2016
channels.h upstream commit Jul 1, 2015
cipher-3des1.c upstream commit Jan 14, 2015
cipher-aes.c - (dtucker) [M auth-chall.c auth-krb5.c auth-pam.c cipher-aes.c ciph… Jun 1, 2013
cipher-aesctr.c Add includes.h for compatibility stuff. Feb 25, 2015
cipher-aesctr.h - markus@cvs.openbsd.org 2014/04/29 18:01:49 May 15, 2014
cipher-bf1.c disable ciphers not supported by OpenSSL Jul 15, 2016
cipher-chachapoly.c upstream commit Jan 14, 2015
cipher-chachapoly.h - djm@cvs.openbsd.org 2014/06/24 01:13:21 Jul 2, 2014
cipher-ctr.c support --without-openssl at configure time Jan 14, 2015
cipher.c disable ciphers not supported by OpenSSL Jul 15, 2016
cipher.h upstream commit Jul 15, 2015
cleanup.c - (djm) [auth-pam.c auth-shadow.c auth2-none.c cleanup.c sshd.c] Aug 5, 2006
clientloop.c upstream commit Jul 23, 2016
clientloop.h upstream commit Jan 13, 2016
compat.c upstream commit Jun 6, 2016
compat.h upstream commit May 27, 2015
config.guess Add Linux powerpc64le and powerpcle entries. Jun 5, 2015
config.sub - (djm) [config.guess config.sub] Update to last versions before the… Apr 18, 2013
configure.ac Packaging (#37) Aug 26, 2016
crc32.c - stevesk@cvs.openbsd.org 2006/04/22 18:29:33 Apr 23, 2006
crc32.h - djm@cvs.openbsd.org 2006/03/25 22:22:43 Mar 26, 2006
crypto_api.h - (dtucker) [crypto_api.h] Wrap stdlib.h include inside #ifdef HAVE_… Jan 17, 2014
deattack.c upstream commit Jan 26, 2015
deattack.h upstream commit Jan 19, 2015
defines.h Move Cygwin IPPORT_RESERVED overrride to defines.h Jul 23, 2016
dh.c upstream commit May 2, 2016
dh.h upstream commit May 2, 2016
digest-libc.c upstream commit May 8, 2015
digest-openssl.c support --without-openssl at configure time Jan 14, 2015
digest.h upstream commit Dec 21, 2014
dispatch.c upstream commit May 10, 2015
dispatch.h cleaner way fix dispatch.h portion of commit Feb 24, 2015
dns.c upstream commit Aug 21, 2015
dns.h upstream commit May 8, 2015
ed25519.c - markus@cvs.openbsd.org 2013/12/09 11:03:45 Dec 18, 2013
entropy.c support --without-openssl at configure time Jan 14, 2015
entropy.h - (dtucker) [entropy.h] Bug #1932: remove old definition of init_rng… Sep 9, 2011
fatal.c - deraadt@cvs.openbsd.org 2006/08/03 03:34:42 Aug 5, 2006
fe25519.c - (dtucker) [blocks.c fe25519.c ge25519.c hash.c sc25519.c verify.c]… Jan 17, 2014
fe25519.h - markus@cvs.openbsd.org 2013/12/09 11:03:45 Dec 18, 2013
fixalgorithms - (dtucker) [Makefile.in configure.ac fixalgorithms] Remove unsupported Jun 11, 2013
fixpaths - (djm) PERL-free fixpaths from stuge-openssh-unix-dev@cdy.org Dec 5, 2002
fixprogs - djm@cvs.openbsd.org 2003/11/21 11:57:03 Nov 21, 2003
ge25519.c - (dtucker) [blocks.c fe25519.c ge25519.c hash.c sc25519.c verify.c]… Jan 17, 2014
ge25519.h upstream commit Feb 16, 2015
ge25519_base.data - markus@cvs.openbsd.org 2013/12/09 11:03:45 Dec 18, 2013
groupaccess.c upstream commit May 10, 2015
groupaccess.h - djm@cvs.openbsd.org 2008/07/04 03:44:59 Jul 4, 2008
gss-genr.c Include signal.h for sig_atomic_t, used by kex.h. May 22, 2015
gss-serv-krb5.c - (dtucker) [auth2-gss.c gss-serv-krb5.c] Include misc.h for fwd_opt… Jul 18, 2014
gss-serv.c upstream commit May 22, 2015
hash.c - (dtucker) [blocks.c fe25519.c ge25519.c hash.c sc25519.c verify.c]… Jan 17, 2014
hmac.c upstream commit Mar 27, 2015
hmac.h - djm@cvs.openbsd.org 2014/06/24 01:13:21 Jul 2, 2014
hostfile.c upstream commit May 10, 2015
hostfile.h upstream commit Feb 16, 2015
includes.h Prevent name collisions with system glob (bz#2463) Oct 28, 2015
install-sh - djm@cvs.openbsd.org 2003/11/21 11:57:03 Nov 21, 2003
iron-common.h Man page, README, license, etc., updates (#46) Aug 28, 2016
iron-gpg.h Add integration tests for ironsftp (#50) Aug 31, 2016
ironsftp.1 Man page, README, license, etc., updates (#46) Aug 28, 2016
kex.c missing openssl/dh.h Jul 15, 2016
kex.h upstream commit May 2, 2016
kexc25519.c upstream commit May 2, 2016
kexc25519c.c upstream commit Jan 26, 2015
kexc25519s.c upstream commit Dec 7, 2015
kexdh.c upstream commit May 2, 2016
kexdhc.c upstream commit May 2, 2016
kexdhs.c upstream commit May 2, 2016
kexecdh.c upstream commit Jan 19, 2015
kexecdhc.c upstream commit Jan 26, 2015
kexecdhs.c upstream commit Dec 7, 2015
kexgex.c upstream commit Jan 19, 2015
kexgexc.c upstream commit May 27, 2015
kexgexs.c upstream commit Jun 14, 2016
key.c upstream commit May 2, 2016
key.h upstream commit Dec 7, 2015
krl.c upstream commit Jan 7, 2016
krl.h upstream commit Jan 7, 2016
log.c upstream commit Jul 15, 2016
log.h upstream commit Jul 15, 2016
loginrec.c Add sys/time.h for gettimeofday. Dec 15, 2015
loginrec.h - (djm) [loginrec.c loginrec.h] Use correct uid_t/pid_t types instea… Nov 4, 2010
logintest.c - (dtucker) [configure.ac defines.h loginrec.c logintest.c] Bug #173… Apr 9, 2010
mac.c upstream commit Jul 8, 2016
mac.h upstream commit Jul 8, 2016
match.c upstream commit May 10, 2015
match.h upstream commit May 10, 2015
md-sha256.c - deraadt@cvs.openbsd.org 2006/08/03 03:34:42 Aug 5, 2006
md5crypt.c - (djm) [audit-bsm.c audit.c auth-bsdauth.c auth-chall.c auth-pam.c] Sep 1, 2006
md5crypt.h - (djm) KNF on md5crypt.c May 18, 2003
mdoc2man.awk - (dtucker) [mdoc2man.awk] Teach it to understand the .Ux macro. Oct 24, 2009
misc.c upstream commit Jul 15, 2016
misc.h upstream commit Jul 15, 2016
mkinstalldirs - djm@cvs.openbsd.org 2003/11/21 11:57:03 Nov 21, 2003
moduli Import updated moduli file from OpenBSD. Mar 1, 2016
moduli.5 - jmc@cvs.openbsd.org 2012/09/26 17:34:38 Nov 6, 2012
moduli.c upstream commit Jan 26, 2015
monitor.c upstream commit Jul 22, 2016
monitor.h upstream commit Jan 19, 2015
monitor_fdpass.c upstream commit Mar 4, 2016
monitor_fdpass.h - djm@cvs.openbsd.org 2007/09/04 03:21:03 Sep 17, 2007
monitor_mm.c don't include stdint.h unless HAVE_STDINT_H set Feb 23, 2015
monitor_mm.h - tedu@cvs.openbsd.org 2014/01/04 17:50:55 Jan 9, 2014
monitor_wrap.c Handle PAM_MAXTRIES from modules. Jul 17, 2016
monitor_wrap.h upstream commit Mar 7, 2016
msg.c upstream commit Jan 15, 2015
msg.h upstream commit Jan 15, 2015
mux.c upstream commit Jun 8, 2016
myproposal.h upstream commit May 2, 2016
nchan.c - djm@cvs.openbsd.org 2010/01/26 01:28:35 Jan 26, 2010
nchan.ms - djm@cvs.openbsd.org 2003/11/21 11:57:03 Nov 21, 2003
nchan2.ms - djm@cvs.openbsd.org 2008/05/15 23:52:24 May 19, 2008
opacket.c upstream commit Jan 27, 2016
opacket.h upstream commit Mar 7, 2016
openssh.xml.in - (tim) [buildpkg.sh.in openssh.xml.in] Allow more flexibility where… Jul 25, 2007
opensshd.init.in 20140314 Mar 14, 2014
packet.c upstream commit Jul 22, 2016
packet.h upstream commit Mar 7, 2016
pathnames.h upstream commit Apr 1, 2016
pkcs11.h - deraadt@cvs.openbsd.org 2013/11/26 19:15:09 Dec 4, 2013
platform-pledge.c Support Illumos/Solaris fine-grained privileges Jan 8, 2016
platform-tracing.c Move platform_disable_tracing into its own file. Jun 15, 2016
platform.c Move platform_disable_tracing into its own file. Jun 15, 2016
platform.h Move prctl PR_SET_DUMPABLE into platform.c. Jun 9, 2016
poly1305.c - (dtucker) [poly1305.c] Wrap stdlib.h include inside #ifdef HAVE_ST… Jan 17, 2014
poly1305.h - djm@cvs.openbsd.org 2014/05/02 03:27:54 May 15, 2014
progressmeter.c Fixed some more publicly visible funcs. Aug 22, 2016
progressmeter.h upstream commit Jan 14, 2015
readconf.c upstream commit Jul 22, 2016
readconf.h upstream commit Jul 15, 2016
readpass.c upstream commit Dec 11, 2015
rijndael.c upstream commit Mar 23, 2015
rijndael.h - (djm) [rijndael.c rijndael.h] Sync with newly-ressurected versions… May 15, 2014
rsa.c - djm@cvs.openbsd.org 2014/06/24 01:13:21 Jul 2, 2014
rsa.h - djm@cvs.openbsd.org 2014/06/24 01:13:21 Jul 2, 2014
sandbox-capsicum.c - (djm) [sandbox-capsicum.c] Don't fatal if Capsicum is offered by Feb 4, 2014
sandbox-darwin.c - (djm) [Makefile.in configure.ac sandbox-capsicum.c sandbox-darwin.c] Jan 17, 2014
sandbox-null.c - (djm) [Makefile.in configure.ac sandbox-capsicum.c sandbox-darwin.c] Jan 17, 2014
sandbox-pledge.c s/SANDBOX_TAME/SANDBOX_PLEDGE/g Oct 14, 2015
sandbox-rlimit.c - (djm) [configure.ac sandbox-capsicum.c sandbox-rlimit.c] Disable Jan 25, 2014
sandbox-seccomp-filter.c Deny lstat syscalls in seccomp sandbox May 19, 2016
sandbox-solaris.c Make Solaris privs code build on older systems. Feb 18, 2016
sandbox-systrace.c (re)wrap SYS_sendsyslog in ifdef. Oct 29, 2015
sc25519.c - (dtucker) [blocks.c fe25519.c ge25519.c hash.c sc25519.c verify.c]… Jan 17, 2014
sc25519.h - markus@cvs.openbsd.org 2013/12/09 11:03:45 Dec 18, 2013
scp.1 upstream commit Jul 17, 2016
scp.c upstream commit Jun 6, 2016
servconf.c upstream commit Jun 24, 2016
servconf.h upstream commit Jul 15, 2015
serverloop.c Remove NO_IPPORT_RESERVED_CONCEPT Apr 8, 2016
serverloop.h - djm@cvs.openbsd.org 2006/03/25 22:22:43 Mar 26, 2006
session.c get_remote_name_or_ip inside LOGIN_NEEDS_UTMPX Jun 20, 2016
session.h upstream commit Mar 7, 2016
sftp-client.c Add integration tests for ironsftp (#50) Aug 31, 2016
sftp-client.h Fix public key handling. Aug 23, 2016
sftp-common.c Fixed some more publicly visible funcs. Aug 22, 2016
sftp-common.h Refactor build, ICL modifications. Aug 15, 2016
sftp-glob.c upstream commit Jan 14, 2015
sftp-server-main.c upstream commit Feb 15, 2016
sftp-server.8 upstream commit Dec 11, 2014
sftp-server.c Remove ironsftp-server, ironscp. Aug 8, 2016
sftp.1 upstream commit Jul 17, 2016
sftp.c Add integration tests for ironsftp (#50) Aug 31, 2016
sftp.h - dtucker@cvs.openbsd.org 2008/06/13 00:12:02 Jun 13, 2008
smult_curve25519_ref.c - markus@cvs.openbsd.org 2013/11/02 21:59:15 Nov 3, 2013
ssh-add.1 upstream commit Mar 31, 2015
ssh-add.c upstream commit Feb 15, 2016
ssh-agent.1 upstream commit Nov 16, 2015
ssh-agent.c Move prctl PR_SET_DUMPABLE into platform.c. Jun 9, 2016
ssh-dss.c upstream commit Apr 21, 2016
ssh-ecdsa.c upstream commit Apr 21, 2016
ssh-ed25519.c upstream commit Apr 21, 2016
ssh-gss.h - djm@cvs.openbsd.org 2014/02/26 20:28:44 Feb 26, 2014
ssh-keygen.1 upstream commit Jun 24, 2016
ssh-keygen.c upstream commit May 2, 2016
ssh-keyscan.1 upstream commit Nov 9, 2015
ssh-keyscan.c upstream commit May 2, 2016
ssh-keysign.8 upstream commit Feb 17, 2016
ssh-keysign.c upstream commit Feb 15, 2016
ssh-pkcs11-client.c upstream commit Dec 11, 2015
ssh-pkcs11-helper.8 - schwarze@cvs.openbsd.org 2013/07/16 00:07:52 Jul 18, 2013
ssh-pkcs11-helper.c upstream commit Feb 15, 2016
ssh-pkcs11.c upstream commit Feb 12, 2016
ssh-pkcs11.h upstream commit Jan 15, 2015
ssh-rsa.c upstream commit Apr 21, 2016
ssh-sandbox.h - (djm) [Makefile.in configure.ac sandbox-capsicum.c sandbox-darwin.c] Jan 17, 2014
ssh.1 upstream commit Jul 17, 2016
ssh.c upstream commit Jul 17, 2016
ssh.h upstream commit Dec 18, 2015
ssh1.h upstream commit May 19, 2016
ssh2.h upstream commit May 19, 2016
ssh_api.c upstream commit May 19, 2016
ssh_api.h various include fixes for portable Feb 23, 2015
ssh_config upstream commit Feb 23, 2016
ssh_config.5 upstream commit Jul 23, 2016
sshbuf-getput-basic.c Move VA_COPY macro into compat header. Jul 15, 2016
sshbuf-getput-crypto.c upstream commit Jan 12, 2016
sshbuf-misc.c upstream commit May 2, 2016
sshbuf.c upstream commit Jan 12, 2016
sshbuf.h upstream commit May 2, 2016
sshconnect.c upstream commit Jan 27, 2016
sshconnect.h upstream commit Nov 16, 2015
sshconnect1.c upstream commit Nov 16, 2015
sshconnect2.c upstream commit Jul 23, 2016
sshd.8 upstream commit Feb 17, 2016
sshd.c upstream commit Jun 6, 2016
sshd_config upstream commit Jul 14, 2016
sshd_config.5 upstream commit Jul 22, 2016
ssherr.c upstream commit Sep 16, 2015
ssherr.h upstream commit Jan 30, 2015
sshkey.c upstream commit Jun 24, 2016
sshkey.h upstream commit May 2, 2016
sshlogin.c upstream commit Jan 7, 2016
sshlogin.h - (djm) [sshlogin.h] Fix prototype merge botch from 2006; bz#2134 Aug 1, 2013
sshpty.c upstream commit Aug 2, 2015
sshpty.h - djm@cvs.openbsd.org 2010/01/09 05:04:24 Jan 9, 2010
sshtty.c - djm@cvs.openbsd.org 2010/01/09 05:04:24 Jan 9, 2010
survey.sh.in - (dtucker) [config.sh.in] Collect oslevel -r too. Feb 15, 2005
ttymodes.c upstream commit May 19, 2016
ttymodes.h upstream commit May 3, 2016
uidswap.c Support Illumos/Solaris fine-grained privileges Jan 8, 2016
uidswap.h - deraadt@cvs.openbsd.org 2006/08/03 03:34:42 Aug 5, 2006
umac.c - guenther@cvs.openbsd.org 2014/07/22 07:13:42 Jul 22, 2014
umac.h - djm@cvs.openbsd.org 2013/07/22 12:20:02 Jul 25, 2013
utf8.c Check for wchar.h and langinfo.h Jul 11, 2016
utf8.h upstream commit Jun 6, 2016
uuencode.c upstream commit Apr 29, 2015
uuencode.h - djm@cvs.openbsd.org 2010/08/31 11:54:45 Aug 31, 2010
verify.c - (dtucker) [blocks.c fe25519.c ge25519.c hash.c sc25519.c verify.c]… Jan 17, 2014
version.h upstream commit Jul 24, 2016
xmalloc.c make existing ssh_malloc_init only for __OpenBSD__ Feb 15, 2016
xmalloc.h upstream commit Feb 15, 2016

README.md

IronSFTP - End-to-end secure file transfer

An alternative to sftp and scp that keeps files encrypted after they're uploaded and allows sharing of files with cryptographic enforcement. See the project homepage for more details.

This project is a fork of the openssh/openssh-portable project from OpenSSH. While most of the project is unchanged, specific additions have been made to create new executables that provide end-to-end security when transferring files to remote servers.

While sftp and scp use ssh to keep files secure while they are being transferred over the network, once those files hit the remote server, they are no longer protected. The ironsftp executable provides additional security. When you put a file on the server using ironsftp, the file is encrypted before it is uploaded, and it stays that way on the server. When you get a file from the server, it is downloaded then decrypted. So the file remains secure until it is at the place you want to use it - on your local machine.

The extension .iron is used to denote secured files. If you run ironsftp and put foo.c on the server, the file will first be encrypted and written to foo.c.iron, then that encrypted file will be written to the remote server. When you get foo.c.iron from the server, if that file can be downloaded, ironsftp will decrypt the file and write foo.c on your local machine. As a convenience, if you get foo.c but that file is not available on the server, ironsftp will try to download and decrypt foo.c.iron.

The process operates the same as sftp, but your files are protected on the remote server.

Key Management

In order to use ironsftp, you must currently have an RSA key in the ~/.ssh/id_rsa file on your local machine. When you start ironsftp the first time, it reads your public and private RSA keys (which may prompt you to enter the passphrase for the private key), then copies them into new key files under ~/.ssh/ironcore/. The RSA key is used for signing encrypted files. ironsftp also generates a Curve25519 key pair - this key is stored in the same place and is used to encrypt data. These new private keys are locked using a passphrase that is generated by using your private ssh RSA key to sign some data. Thus, if your ssh key is locked by a passphrase, your ironcore keys are also locked. Unlocking the ssh key is required to unlock the ironcore keys.

When you use ironsftp to connect to a server, your public key information is uploaded to ~/.ironpubkey. This provides a convenient mechanism for other users connecting to the server to retrieve your public ironcore keys. In particular, if another user connects to the server using ironsftp, she can use your public key information to securely share files with you, as described in the next section.

Secure Sharing

You are also able to share these secure files with other users. When you connect to a server, by default, each file that you upload will be encrypted so that only you can read it. However, if other users on that server have connected to it using ironsftp, their public key information will be available in ~<login>/.ironpubkey. You can use new ironsftp commands to add recipients, so that any subsequent files you upload in that session will be encrypted to those users in addition to you. For example, suppose you are logged in as gumby:

  % ironsftp BigServer
  Connected to BigServer.

  ironsftp> showrcpt
  Currently registered recipients:
    gumby
  ironsftp> addrcpt pokey
  Added login pokey to the recipient list
  ironsftp> addrcpt mrhand
  Unable to retrieve public keys for user mrhand.
  ironsftp> showrcpt
  Currently registered recipients:
    gumby
    pokey
  ironsftp> put foo
  Uploading foo to /home/gumby/foo.iron
  ironsftp>

The file foo.iron on the server is encrypted so that both you and pokey can retrieve and decrypt it. Suppose pokey does

  % ironsftp BigServer
  Connected to BigServer.

  ironsftp> get foo
  Fetching /home/pokey/foo.iron to foo.iron
  Data was encrypted to user gumby
  Message was signed by user gumby, key ID 1234567890ABCDEF.

The file foo.c.iron will be decrypted automatically, and the file foo will be created. If a user other than gumby or pokey downloads the file, she would get a message like this

  ironsftp> get foo
  Fetching /private/tmp/sftp.c.iron to sftp.c.iron
  WARNING: The file "foo" is encrypted, but access is not granted to you,
  so the unencrypted contents cannot be retrieved.

The user would still have foo.iron in the current directory, but it would not be readable.

GnuPG Compatibility

The keys used by ironsftp are stored in the same format that GnuPG uses - public keys are all in ~/.ssh/ironcore/pubring.gpg, and the corresponding secret keys are in individual files in ~/.ssh/ironcore/private-keys-v1.d. All files encrypted by ironsftp can be read by gpg as well. (Since we are using elliptic curve cryptography to encrypt the data, you will need a gpg version 2.1.7 or greater, which in turn requires libgcrypt version 1.7 or later.) If you have a modern version of gpg, you can run something like this to decrypt a file encrypted by ironsftp:

  gpg --homedir ~/.ssh/ironcore -d --output foo foo.iron

Installation

See the project page installation section for supported operating systems and installation details.