Following a use of the R.I.S.K.S. project for managing identities (and associated data: GPG/SSH keys, pass stores, and other data in tombs), I took time to enhance and ease various processes/actions in it.
Hey! Thanks a lot for working on RISKS! I was having doubts on using it since the original developer 19hundreds gone awol. I was especially doubtful about the mpw password tool, since it got deprecated/rebranded into spectre.
Do you plan on “bettering” the original guides? I was closely studying them, but the instructions got murkier around “GPG setup - part 1” of it.
So I didn’t originally plan to enhance the guides, but since I have squashed most of their contents into new commands, I will probably do this.
I need to see how to make a new website with them, and then I will update them.
Yes indeed I had to work out the steps a bit, since a few things would not work out of the box.
I will keep you in touch when this is done.
For me, I couldn’t grasp the hierarchy of relationship between the terms, such as
Coffin
Graveyard
Tomb
My confusion was around whether the coffins and graveyards are generated by the tomb tool, or tney are only the fancy naming convention he used for encrypted partitions within encrypted partitions.
I think explaining the general scheme of “what gets to be hid in what” would be helpful.
For making a website, I would suggest using Luke’s Hugo tutorial. Might help with getting a simple informational website off-the ground by mainly using markdown for the content.
Looking forward to seeing more posts from you. And in the meanwhile, don’t mind if I DM you asking about R.I.S.K.S. setups .
Graveyards is a directory persisting regardless of your hush drive being mounted and opened. This graveyard contains the tomb files containing, in turn, all the data.
Accordingly -or besides- the hush partition only contains keys that are used to unlock the various tombs and coffins.
The coffin is just an encrypted partition containing the GPG keys that are needed for almost everything (password-store init/use, tomb dig/use, etc). This partition is also persistent (it stays present in the vault qube), but cannot be used (cryptsetup open) without the keys in the hush drive.
This was a brief explanation of those various terms. Makes me think that some of the day-to-day worflow is also quite tricky concerning this, so adding to the TODO list: explaining the terms, checking everything is coherent and secure, and making a few modifications to the commands.
For the rest:
Thanks a lot for the link to the tutorial, will consider this with attention.
Don’t hesitate DMing me, though I might not check my messages every single day. Will try to do as often as possible though !
Back after quite some significant work on this (more than a year of work on it). Long story short:
Common
All tools have been rewritten from the ground up, using bashly CLI framework to provide a solid CLI tool, and a structured and maintainable codebase. This was deeply needed, as the risks functionality involves quite a lot of code. This also enables easier contributions and development, script generation and testing.
All tools come with detailed completion scripts so as to improve usage workflows.
Complete documentation is available for each tool, including - but not limited to - full installation instructions, full and easy-to-follow usage tutorials (meant to introduce to all the tool’s functionality, hows and why), additional workflows, more succinct explanations of the codebase, security practices, etc.
risks (vault)
The risks CLI is the original presented in this thread. It has been deeply enhanced, with a full set of commands to easily manage devices, identities, datastores, GPG/SSH/pass credentials, backups, and much more.
The security measures of the tool have been significantly enhanced, with all files now double encrypted (with both luks and fscrypt), and names obfuscated so as to preserve a complete segregation of identities, and the highest level of anonymity. See the documentation for the hows and whys.
The documentation has been rewritten to be more succinct, using a rigorous glossary for terms, while explaining as simply as possible how the various components interact together to achieve the tool’s goals.
The risk dom0 CLI is a counterpart to the risks vault CLI. It actually widens the scope of R.I.S.K.S to complete identities infrastructure (network qubes, browsing qubes, etc), and dom0-level management/use/creation/deletion of identities.
This CLI also comes with powerful and detailed completions, so as to make usage as efficient, precise and fast as possible.
As well, a complete documentation is available for this tool (install, usage, other workflows, development, etc.)
Various side-functionalities available through the CLI, like qubes updating and dist-upgrading, split-browser bookmarks management and browsing, VPN creation/management/use, and more.
Since the first version released (and the beginning of this thread) and the latest versions, lots of functionality have been implemented, and the codebase significantly expanded. Those tools are not learned in a single day, and some amount of time is required to take full advantage of them.
Not many people have been using them intensively, and although the codebase is crippled with safety checks and early failure catches, bugs will be present.
Consequently, any issue opened, contribution, pull-request or suggestion is more than welcome.
Kudos to you @wizardofhoms for the amount of work you’ve put into this. I’m keen to try this out and will DM you with some questions relating to my current process.
.