R.I.S.K.S identity management (forked & enhanced)

wizardofhoms · July 12, 2022, 6:15pm

Hello community,

Following a use of the R.I.S.K.S. project for managing identities (and associated data: GPG/SSH keys, pass stores, and other data in tombs), I took time to enhance and ease various processes/actions in it.

The fork can be found at wizardofhoms/risks-scripts · GitHub, and contains a short README describing the enhancements.

In short:

New commands for one-shot & complete creation of identities, and/or associated data stores (GPG/SSH/pass/other tombs).
New commands to format and setup drives (hush/backup)
New commands to slam identities.
New commands to create backups and tombs.
Detailed completions for the entire scripts (risks in VaultVM and risq in AppVM).
Enhanced logging (tomb-style) for the new commands.

Only drawback: now needs ZSH.
Any question will be served as soon as possible.

tanky0u · July 14, 2022, 11:57am

Hey! Thanks a lot for working on RISKS! I was having doubts on using it since the original developer 19hundreds gone awol. I was especially doubtful about the mpw password tool, since it got deprecated/rebranded into spectre.

Do you plan on “bettering” the original guides? I was closely studying them, but the instructions got murkier around “GPG setup - part 1” of it.

wizardofhoms · July 14, 2022, 12:56pm

Hello @tanky0u

So I didn’t originally plan to enhance the guides, but since I have squashed most of their contents into new commands, I will probably do this.
I need to see how to make a new website with them, and then I will update them.
Yes indeed I had to work out the steps a bit, since a few things would not work out of the box.
I will keep you in touch when this is done.

tanky0u · July 14, 2022, 1:11pm

For me, I couldn’t grasp the hierarchy of relationship between the terms, such as

Coffin
Graveyard
Tomb

My confusion was around whether the coffins and graveyards are generated by the tomb tool, or tney are only the fancy naming convention he used for encrypted partitions within encrypted partitions.

I think explaining the general scheme of “what gets to be hid in what” would be helpful.

For making a website, I would suggest using Luke’s Hugo tutorial. Might help with getting a simple informational website off-the ground by mainly using markdown for the content.

Looking forward to seeing more posts from you. And in the meanwhile, don’t mind if I DM you asking about R.I.S.K.S. setups .

wizardofhoms · July 14, 2022, 1:19pm

Ok so point by point:

Graveyards is a directory persisting regardless of your hush drive being mounted and opened. This graveyard contains the tomb files containing, in turn, all the data.
Accordingly -or besides- the hush partition only contains keys that are used to unlock the various tombs and coffins.
The coffin is just an encrypted partition containing the GPG keys that are needed for almost everything (password-store init/use, tomb dig/use, etc). This partition is also persistent (it stays present in the vault qube), but cannot be used (cryptsetup open) without the keys in the hush drive.

This was a brief explanation of those various terms. Makes me think that some of the day-to-day worflow is also quite tricky concerning this, so adding to the TODO list: explaining the terms, checking everything is coherent and secure, and making a few modifications to the commands.

For the rest:

Thanks a lot for the link to the tutorial, will consider this with attention.
Don’t hesitate DMing me, though I might not check my messages every single day. Will try to do as often as possible though !