Skip to content

Releases: r3dlight/keysas

Kick-ass v2.4

19 Jun 09:34
@r3dlight r3dlight
v2.4
6c7897e
This commit was signed with the committer’s verified signature.
r3dlight sn-anssi
GPG key ID: FA8BEDD1DFACACEE
Learn about vigilant mode.
Compare
Choose a tag to compare
Kick-ass v2.4 Latest
Latest
  • Remove duplicated pragmas
  • Bump dependencies and version to 2.4
  • Private & public key updated for keysas-admin
  • Remove tarpaulin cfgs to avoid warnings
Assets 9
Loading

Big Joe v2.3

27 May 08:34
@r3dlight r3dlight
v2.3
d5d1a67
Compare
Choose a tag to compare
Big Joe v2.3
  • Add protection against a possible TOCTOU scenario using Landlock
  • Bump dependencies (Js+Rust)
  • Update documentation
Assets 2
Loading

Big Daddy v2.2

02 Oct 12:20
@r3dlight r3dlight
v2.2
a38135c
This commit was signed with the committer’s verified signature.
r3dlight sn-anssi
GPG key ID: FA8BEDD1DFACACEE
Learn about vigilant mode.
Compare
Choose a tag to compare
Big Daddy v2.2
Assets 10
Loading

Red Mist v2.1

04 Aug 13:18
@r3dlight r3dlight
v2.1
e5969f6
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Red Mist v2.1
  • Fix security.conf for keysas-transit
  • Add latest keysas-firewall sources
  • Update online documentation
  • Fix Landlock path for yara rules
  • Bump version and dependencies
  • Add Raspberry Pi 4 SD card image
Assets 7
Loading

Hit girl v2.0

13 Jul 06:16
@r3dlight r3dlight
v2.0
41aec7f
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Hit girl v2.0

Files are now passed between daemons as raw file descriptors and using abstract sockets (GNU/Linux only). Each daemon adds metadata and send it to the next daemon using a dedicated abstract socket. Finally, the last daemon (Keysas-out) chooses whether or not to write the file to the output directory according to the corresponding metadata. For each file, a report is systematically created in the output directory (sas_out).

  • Daemons are running under unprivileged users
  • Daemons are sandboxed using systemd (Security drop-in)
  • Daemons are sandboxed using LandLock
  • Daemons are sandboxed using Seccomp (x86_64 & aarch64)

Other binaries or applications available

  • Keysas-io: Daemon watching udev events to verify the signature of any mass storage USB devices and mount it as a IN (no or invalid signature) or OUT device (valid signature).
  • Keysas-sign: Command line utility to import PEM certificate via Keysas-admin
  • Keysas-fido: Command line utility to manage Yubikeys 5 enrollment
  • Keysas-backend: Create a websocket server to send different json values to the keysas-frontend
  • Keysas-frontend: Readonly Vue.js Frontend for the final user
  • Keysas-admin: Desktop application for managing several Keysas stations (Tauri application). It also provides an hybrid post-quantum PKI to sign USB outgoing devices, sign certificat signing reqests (csr) from Keysas stations
  • Keysas-firewall: Windows client (still a WIP)
Assets 5
Loading