Sigchain | Krypton for Teams

Implements the signed hash chain, or sigchain, protocol for Krypton. Learn more here: Overview of the Krypton Sigchain Protocol.

What is Krypton?

Krypton generates and stores an SSH key pair on a mobile phone. The Krypton app is paired with one or more workstations by scanning a QR code presented in the terminal. When using SSH from a paired workstation, the workstation requests a private key signature from the phone. The user then receives a notification and chooses whether to allow the SSH login.

For more information, check out krypt.co.

Dependencies

• Rust 1.24+
• libsodium
• emscripten

Build

$ git clone [email protected]:kryptco/sigchain --recursive
$ cd sigchain
$ cargo build

Components

• sigchain_client: Implements all the various types of Sigchain clients. Examples of clients:
  • DelegatedNetworkClient: a client that has delegated access to a keypair, i.e. it sends Krypton Requests to perform team operation
  • NetworkClient: A client that hits a network Sigchain server
  • TestClient: A client with a mocked Sigchain server.
• libsigchain: Creates a C interface for using a DelegatedNetworkClient. Used by kr for kr team commands
• dashboard_middleware: The local webserver back-end used by the dashboard_yew frontend.
• dashboard_yew: Implements a Web UI in WebAssembly to run a DelegatedNetworkClient in a web UI.
• sigchain_core: Shared components used by all the above.

Security Disclosure Policy

krypt.co follows a 7-day disclosure policy. If you find a security flaw, please send it to [email protected] encrypted to the PGP key with fingerprint B873685251A928262210E094A70D71BE0646732C (Full PGP Key). We ask that you delay publication of the flaw until we have published a fix, or seven days have passed.

License

We are currently working on a new license for Krypton. For now, the code is released under All Rights Reserved.