aboutsummaryrefslogtreecommitdiff
path: root/2023-linuxdays
diff options
context:
space:
mode:
authorKarel Kočí <cynerd@email.cz>2023-10-07 07:38:42 +0200
committerKarel Kočí <cynerd@email.cz>2023-10-07 07:39:07 +0200
commitd2665d506b876d72acf2d301188bcf78d1f30fdc (patch)
tree77434d3379bba619f4bfe67170b9ae8540eb02d6 /2023-linuxdays
parentf91786db5b9f7e17a94ce7316fef08313c014cf2 (diff)
downloadpresentations-d2665d506b876d72acf2d301188bcf78d1f30fdc.tar.gz
presentations-d2665d506b876d72acf2d301188bcf78d1f30fdc.tar.bz2
presentations-d2665d506b876d72acf2d301188bcf78d1f30fdc.zip
Add presentation about USBKey: LinuxDays 2023
Diffstat (limited to '2023-linuxdays')
-rw-r--r--2023-linuxdays/usbkey/makefile10
-rw-r--r--2023-linuxdays/usbkey/pres.pdfbin0 -> 280580 bytes
-rw-r--r--2023-linuxdays/usbkey/pres.tex244
-rw-r--r--2023-linuxdays/usbkey/where_are_my_keys.jpgbin0 -> 85738 bytes
4 files changed, 254 insertions, 0 deletions
diff --git a/2023-linuxdays/usbkey/makefile b/2023-linuxdays/usbkey/makefile
new file mode 100644
index 0000000..7b97a99
--- /dev/null
+++ b/2023-linuxdays/usbkey/makefile
@@ -0,0 +1,10 @@
+FILE=pres
+
+$(FILE).pdf: $(FILE).tex $(patsubst %.svg,%.pdf,$(wildcard *.svg))
+ pdflatex -shell-escape $<
+
+%.pdf: %.svg
+ inkscape -D -z --file=$< --export-pdf=$@ --export-latex
+
+clean:
+ ls | grep -v -E "($(FILE).tex|makefile|scheme|svg|png|jpg|eps)$$" | xargs rm -rf
diff --git a/2023-linuxdays/usbkey/pres.pdf b/2023-linuxdays/usbkey/pres.pdf
new file mode 100644
index 0000000..c0dad17
--- /dev/null
+++ b/2023-linuxdays/usbkey/pres.pdf
Binary files differ
diff --git a/2023-linuxdays/usbkey/pres.tex b/2023-linuxdays/usbkey/pres.tex
new file mode 100644
index 0000000..443437d
--- /dev/null
+++ b/2023-linuxdays/usbkey/pres.tex
@@ -0,0 +1,244 @@
+\documentclass[aspectratio=169]{beamer}
+\usetheme{metropolis}
+\usepackage{lmodern}
+\usepackage[czech]{babel}
+\usepackage[utf8]{inputenc}
+\usepackage[T1]{fontenc}
+\usepackage{graphicx}
+\usepackage{wrapfig}
+\usepackage{color}
+\usepackage{mathtools}
+\usepackage{hyperref}
+\usepackage{epstopdf}
+\usepackage{amsmath}
+\usepackage{minted}
+\hypersetup{
+ colorlinks,
+ citecolor=black,
+ filecolor=black,
+ linkcolor=black,
+ urlcolor=black
+}
+\usepackage{pdflscape}
+
+\title{USBKey}
+\author{Karel Kočí}
+\date{7.10.2023}
+
+\begin{document}
+
+\frame{\titlepage}
+
+\begin{frame}[fragile]
+ \begin{center}
+ \includegraphics[height=\textheight]{./where_are_my_keys.jpg}
+ \end{center}
+\end{frame}
+
+\begin{frame}[fragile]
+ \frametitle{Požadavky}
+ \begin{itemize}
+ \item Jednoduché ovládání
+ \item Minimum hesel
+ \item Stále k dispozici
+ \item Zálohované
+ \item Práce na více počítačích
+ \item Možnost umístit soubory nespravované nástrojem
+ \item Nezávislé na nastavení systému (FAT)
+ \item Nenahradit pass
+ \end{itemize}
+\end{frame}
+
+\begin{frame}[fragile]
+ \frametitle{První implementace}
+ \begin{minipage}{0.5\textwidth}
+ \begin{itemize}
+ \item 200 řádek kódu v Bash
+ \item Podpora OpenVPN a SSH
+ \end{itemize}
+ \end{minipage} \hfill
+ \begin{minipage}{0.45\textwidth}
+ \begin{itemize}
+ \item Synchronizace pomocí Rsync
+ \item Hardcoded UUID mých klíčenek
+ \end{itemize}
+ \end{minipage} \hfill
+ \begin{minted}{bash}
+#!/bin/sh
+set -e
+UUID_KKEY="a960e5b8-364f-4604-9d1b-f4f6407a0330"
+UUID_WKEY="9fcaf42a-86d5-4e70-828d-fd90aad2d964"
+CRYPT_NAME="usbkey"
+MOUNT_PATH="/media/usbkey"
+op_mount() {
+ # First check if we have key drive
+ if [ ! -e "/dev/disk/by-uuid/$UUID_KKEY" ]; then
+ \end{minted}
+\end{frame}
+
+\begin{frame}[fragile]
+ \frametitle{Nová implementace}
+ \begin{itemize}
+ \item Rozšířitelná pomocí modulů
+ \item Historie a synchronizace pomoci Git
+ \item Konfigurační soubor
+ \item Podpora dalších klíčů
+ \item Zbytek požadavků stejných jako stará verze
+ \end{itemize}
+\end{frame}
+
+\begin{frame}[fragile]
+ \frametitle{Pojďme na to}
+ Minimální závislosti: bash, core-utils, util-linux, sudo, cryptsetup, exfat, git
+ \begin{minted}{console}
+$ git clone https://github.com/Cynerd/usbkey
+$ ln -sf $PWD/usbkey/usbkey ~/.local/bin/usbkey
+$ usbkey -h
+Usage: usbkey [OPTION].. OPERATION ..
+USB key manager
+...
+$ truncate -s 1G usbkey.img
+$ sudo losetup -Pf usbkey.img
+$ lsblk
+NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS
+loop0 7:0 0 1G 0 loop
+$ usbkey format /dev/loop0
+ \end{minted}
+\end{frame}
+
+\begin{frame}[fragile]
+ \frametitle{Přistupujeme}
+ \begin{minted}{console}
+$ lsblk --fs
+NAME FSTYPE FSVER LABEL UUID FSAVAIL FSUSE% MOUNTPOINTS
+loop0 crypto_LUKS 2 76dfcb49-343f-4601-aa04-bf749464db1b
+$ echo 'uuid_keys+=( "76dfcb49-343f-4601-aa04-bf749464db1b" )' > ~/.usbkey
+$ usbkey mount
+$ ls -a /media/usbkey/
+. .. .git
+$ usbkey umount
+$ usbkey git status
+ \end{minted}
+\end{frame}
+
+\begin{frame}[fragile]
+ \frametitle{SSH}
+ \begin{minted}{console}
+$ usbkey mount
+$ usbkey ssh -n test
+Comment: Some
+...
+$ ls /media/usbkey/ssh
+test test.pub
+$ usbkey git log
+$ usbkey ssh test
+$ ls ~/.ssh
+test test.pub
+ \end{minted}
+\end{frame}
+
+\begin{frame}[fragile]
+ \frametitle{Synchronizace}
+ \begin{minted}{console}
+$ truncate -s 1G usbkey_back.img
+$ sudo losetup -Pf usbkey_back.img
+$ usbkey format /dev/loop1
+$ echo 'uuid_keys+=( "76dfcb49-343f-4601-aa04-bf749464db1b" )' >> ~/.usbkey
+$ usbkey sync
+$ usbkey umount
+$ sudo losetup -d /dev/loop0
+$ usbkey mount
+ \end{minted}
+\end{frame}
+
+\begin{frame}[fragile]
+ \frametitle{Syncthing}
+ \begin{minted}{console}
+$ usbkey syncthing -n test
+$ ls /media/usbkey/syncthing/test/
+cert.pem deviceid key.pem
+$ usbkey syncthing test
+$ usbkey syncthing -p test
+AKXQ23B-XLB7W55-TIV4GD6-L2XYHNT-KHBQNY6-CZG7UCX-XIWHI4X-QSTL3QR
+ \end{minted}
+\end{frame}
+
+\begin{frame}[fragile]
+ \frametitle{Wireguard}
+ \begin{minted}{console}
+$ usbkey wireguard -n test
+$ ls /media/usbkey/wireguard/test/
+key pub
+$ usbkey wireguard -p test
+JAK2lKo7mFBS86zb83IO2UNHrZvYXKMz8UgicS8eMh0=
+$ usbkey wireguard -s test
+cCnFVNaMFJkNvPWEZwUYHJzKKlp3Ed44fqJxmhGc+kY=
+$ usbkey wireguard -ng home test
+$ usbkey wireguard -eg home test
+6Vsz5f40pAkre59BrfTH80+Rx0rjEmcMJPMFHMHdmCA=
+ \end{minted}
+\end{frame}
+
+\begin{frame}[fragile]
+ \frametitle{OpenVPN}
+ \begin{minted}{console}
+$ usbkey openvpn -n test
+$ usbkey openvpn test
+$ ls openvpn-test
+ca.crt test.crt test.key
+$ usbkey openvpn -s servrik
+ \end{minted}
+\end{frame}
+
+\begin{frame}[fragile]
+ \frametitle{pass (passwordstore)}
+ \begin{minted}{console}
+$ usbkey pass -u
+$ ls /media/usbkey
+openvpn ssh syncthing wireguard
+$ usbkey gitg
+ \end{minted}
+\end{frame}
+
+\begin{frame}[fragile]
+ \frametitle{GPG}
+ \begin{minted}{console}
+$ usbkey gpg -n
+$ ls /media/usbkey/gpg
+59AC9766C3CDD8059699F2B57EB58B6FEC61207C.key
+ \end{minted}
+\end{frame}
+
+\begin{frame}[fragile]
+ \frametitle{Bezpečnost}
+ \begin{itemize}
+ \item Při propojení má ke klíčům přístup root a celý uživatelský účet
+ \item Klíče se importují na počítač bez hesla
+ \item Vše je pod jedním heslem
+ \item Certifikáty na 50 let
+ \item USBKey není jediná cesta jak data zpřístupnit
+ \end{itemize}
+\end{frame}
+
+\begin{frame}[fragile]
+ \frametitle{Závěr}
+ \begin{itemize}
+ \item \textasciitilde1500 řádek v Bashi
+ \item Podpora SSH, GPG, OpenVPN, Wireguard, Syncthing, Pass
+ \item Uložené na discích šifrovaných pomocí LUKS a exFAT
+ \item Možnost přidávat další moduly
+ \end{itemize}
+ \url{https://gitlab.com/cynerd/usbkey}
+\end{frame}
+
+\begin{frame}
+ \Large Děkuji za pozornost.
+
+ \vspace{1cm}
+
+ \url{git.cynerd.cz}
+
+ \url{https://gitlab.com/cynerd}
+\end{frame}
+
+\end{document}
diff --git a/2023-linuxdays/usbkey/where_are_my_keys.jpg b/2023-linuxdays/usbkey/where_are_my_keys.jpg
new file mode 100644
index 0000000..2fe324f
--- /dev/null
+++ b/2023-linuxdays/usbkey/where_are_my_keys.jpg
Binary files differ