paladin

command module
v0.2.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 17, 2021 License: Apache-2.0 Imports: 1 Imported by: 0

README

Paladin

Go Report Build

With paladin you can pack and unpack captured pcap files. They will be compress with the zstd algorythm and encrypted with chacha20-poly1305.

The generated keys used the curve25519 standard. The files will be encrypted with a shared secret generated from your private key and from the public key of your endpoint. So this secret will never ever be transfered over the wire, thanks to DH.

On the other side you can unpack your encrypted and compressed data with the public key of the packer included in the meta.json file which generated for each capture day. All files listed in the meta.json file and have a blake2 checksum and include the compressed and uncompressed size of the capture day.

Compilation

make; ./bin/paladin

Docker

docker build -t paladin .
docker run -it --rm paladin

If you want a playground you can use docker-compose in tests folder. Please read the Readme file in this folder.

Usage

Generate keys

First of all you need a private key. Paladin generate one for you with x25519.

paladin genkey > privatekey

If you need a public key for the other side you can do it also, looks like wireguard, yep trapped.

 # x25519 public key
paladin pubkey < privatekey > publickey
# oneline generate pirv and pub key
paladin genkey | tee privatekey | paladin pubkey > publickey

After you have generate your private key and has sent the endpoint public key to you its time to add this to your config.

Config

If you the packer or the unpacker you need a configuration with your own private key and the public key of your counter part called here endpoint. You can define your input and output dir so you dont must specify it explicit on the cmd. If you set the move option to true all input files will be moved, also deleted from the input folder.

priv: 7w91pZFQUP5b/NQEfxcirgI9LD3ru8B2WQmdwE+A22g=
endpoint: qXJcc3fw/CkpcG/nTrLFCZ85GvAuNz72t23vWv6N7Uw=
pack

If you want to pack your captured pcap files you can use this command and check before if the our dir exists. You can use the move flag -m to remove the files when they are encrypted from the in dir. Notice that move never delete meta files and struct files. Do this manually.

Note the len of the liid is 12 and checked internally.

 # pack all files from  in to store
paladin pack in/ store
 # pack all files from in to store and move files
paladin pack in/ store -m
 # pack all files from liid to store
paladin pack in/123456789100/ store
 # pack all files from day to store
paladin pack in/23456789100/2020-05-22 store
unpack

On the ohter side you can use the following command to unpack your files

 # pack all files from  in to store
paladin unpack store out
 # unpack all files from store to out and move files
paladin unpack store out -m
 # unpack all files from liid to out
paladin unpack store/23456789100 out
 # unpack all files from day to out
paladin unpack store/123456789100/2020-05-22 out
pull

You can download encrypted files from remote over sftp. The remote host must run a sftp server and must have read access to a store with encrypted files. Pull search for the meta files in this dir and download all files in there. If you change a file that was already downloaded a warning apears on client side. If you delete a file in store this will not be synced to the client. Its a one way to store files. Before you can use pull you must set the remote config in your config file.

remote:
  ip: 127.0.0.1
  port: 2221
  user: foo
  pass: pass

if you want to login with your ssh key you can use this configuration.

remote:
  ip: 127.0.0.1
  port: 2221
  user: foo
  key: ~/.ssh/id_rsa

After this you can download from remote

# paladin pull <remote in> <out>
# download all from remote to down dir
paladin pull all down/
# download liid from remote to down dir
paladin pull 123456789100 down/
# download only the date to down dir
paladin pull 2020-05-22 down/
push

You can upload encrypted files to remote over sftp. The remote host must run a sftp server and must have rw access to a store with encrypted files. Push search for the meta files in given dir and upload all files in there. If you change a file that was already uploaded a warning apears on client side and skip this file. If you delete a file in local store this will not be synced to server. Its a one way to store files. Before you can use push you must set the remote config in your config file, see pull section.

# paladin push <local in> <remote out>
# upload all from dir to remote dir upload
paladin push store upload
# upload liid to remote dir upload
paladin push store/123456789100 upload
# upload only the date to remote dir upload
paladin push store/123456789100/2020-05-22 upload

Struct

Each capture day will be stored in the same structure. This Structure will be parsed from the pcap file name, so its very importand to name the file in this format:

# <liid>_<year>-<month>-<day>_<hour>-<minute>-<second>.pcap
123456789100_2020-05-22_09-08-13.pcap

This will be create the following structure:

123456789100
  2020-01-01
    123456789100_2020-05-22_09-08-13.enc
    123456789100_2020-05-22_09-08-13.enc
    meta.json

Here is a example how you can capture your pcap files with this format. Its recomended to use 200mb pcap files. See scripts in the contrib folder.

tcpdump -C 20 -i eno0 -s 0 -w 123456789100012_$(date +%Y-%m-%d_%H-%M-%S).pcap

Meta

Each capture day has its own meta file. Thats great because we can calculate the compressed size and the real size before we download. And the public key is included so we can generate the shared secret and unpack the files. Dont edit this file manually.

  • size: size of total uncompressed files
  • date: included the date of capture day
  • count: total count of files
  • liid: uniq liid number
  • key: public key of the packer
  • compressed: size of total compressed files
  • files: a map of all files for this capture day with compressed and uncompressed size and a blake2 hashsum
{
  "liid": "123456789100",
  "key": "RG93YjgtRCgXPCi57ASIpkNxLUHApXoJhTw9skxHBHY",
  "date": "2020-06-04",
  "count": 3,
  "size": 1114127,
  "compressed": 930493,
  "files": {
    "123456789100_2020-06-04_10-49-12.enc": {
      "Compressed": 913107,
      "Size": 1079649,
      "Hash": "b6857277a0486df72b7f5b16289bde75cdc7e4843b2b18eb96df2286020a122a"
    },
    "123456789100_2020-06-04_10-56-09.enc": {
      "Compressed": 11503,
      "Size": 26224,
      "Hash": "20b2e161777d8750d0c5b1e8b39f18c8e220a28fd388d18357c3aacf8c2fee47"
    },
    "123456789100_2020-06-04_10-57-07.enc": {
      "Compressed": 5883,
      "Size": 8254,
      "Hash": "92133878233cdaa13f1d2964316c5388d062581fd37a7c17ef701520b6ce42bf"
    }
  }
}

Nix

Build the application binary:

sh nix-build ./release.nix --attr application

Install into Nix user profile:

sh nix-env -f ./release.nix --install --attr application

Install into docker:

sh docker load --input "$(nix-build ./release.nix --attr docker)"

Documentation

The Go Gopher

There is no documentation for this package.

Source Files

View all Source files

Directories

Path Synopsis
pkgs
crypt

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.