FFkeystore: paranoid options

FFkeystore has some additional options which will make your life even more inconvenient but increases your personal security.

  1. PARANOID:encrypted hash
  2. PARANOID:hide file date
  3. PARANOID:disable core dumps
  4. PARANOID:double encryption
  1. PARANOID:encrypted hash

    A encrypted hash will make any tampering with the key store file detectable by you. This is accomplished the following way:

    1. to use a key store file with an attached encrypted hash, you must enter a secret to decrypt the hash.
    2. each time you save the key store file, a SHA512 hash is calculated and stored with a own hash password.
    3. because the key is stored in memory during runtime of the application, it can be used to unlock the key store file
    Note:
    Point 3 is important! Enabling this feature will make you entering 2 passwords to decrypt the first password (1x for the encrypted hash and 1x for the password to unlock the key store). After decrypting the first password, you will only need to unlock the key store because the hash store is saved in memory to encrypt the checksum hash when the key store is saved.
    Note:
    The encrypted hash is only meant to be a mechanism to detect malicious changes on the key store file. You still can access the key store file without checking the hash first but is is very hard to change the key store file without knowing the password for the encrypted hash.

    Using this option will use a key store IV (needed to encrypt the hash in the checksum file)

    In case you have forgotten the password for the encrypted hash, you can recover you key store file, please see this link.

  2. PARANOID:hide file date

    This option will modify the file dates of your key store file to 22.2.1943 17:00:00 - the date when Hans and Sophie Scholl were executed.

    This option is enabled by default. With the appearance of paranoid options in the app preferences, you can disable it. Enabling this will hide the information when you key store file was updated or even created because after each save the dates are overwritten with this date.

  3. PARANOID:disable core dumps

    This option will disable the ability to generate a core dump if the process crashes or is sent a SIGABORT
    Note:
    This will not influence the ability to produce kernel dumps. If this is setup on your system, kernel dumps still can be generated.

    This option is enabled by default. With the appearance of paranoid options in the app preferences, you can disable it.
    Note:
    FFkeystore tries to figure out, if kernel dumps are possible on the current machine. If this test is positive and you disallowed core dumps, the application will notify you during start up procedure loudly. You must accept the risk or the application will terminate (you will see KS0015E before). you can disable this with the following setting:
    FF_KEYSTORE_ALLOW_KERNEL_DUMPS = YES

    there is no gui for this, you must do it with the defaults application:
    1: defaults write -app /Applications/FFkeystore.app \
    2: FF_KEYSTORE_ALLOW_KERNEL_DUMPS -bool 'YES'
    3: defaults read -app /Applications/FFkeystore.app
    This assumes, that the application was installed in /Applications, you must change the path, if not. Line 1+2 form the first command (\ at the end is the continuation escape on the shell for multi line commands). Line 3 will show you the settings after you tried to modify them after you had modified them (-bool 'YES' should be transformed to 1 without quotes)

    Note:
    The line numbers 1:, 2: and 3: are not part of the shell command. You must not copy them. Make sure, that there is at least one space after .app at the end of line 1:. The current sample assumes, that you enter command 1 in 2 lines (because of the shell continuation character). You can indeed copy both parts into one line if you make sure that there is a space after the .app at the end of the first line and if you omit the backslash (not needed because you are copy all to one line)

  4. PARANOID:double encryption

    You can encrypt the decrypted clear text with use of a smart card. This will make decryption a 2 pass process:

    1. decrypt password with application
    2. decrypt data with smart card

    Note:
    This will only work if you provide PW1 during decryption. This must be known, wrong ones will not be accepted by the smart card. If you use this feature you should not store additional data on the card because you may see yourself in a position where you must provide PW1 or PW3 or both. This is not a risk in this case, because this is step 2 (see above).
    If during step 1 the wrong password is used, you will get nothing with step 2 even with known smart card passwords. So this function does not really add security but you can make sure, that the smart card must be owned if you ever want to decrypt the data. With this method you will know when someone tries to access your data, so this is only helpful when you must leave the equipment unattended where the key store file is located.

    Also note, if your smart is lost or damaged, you are not able to access clear text because the key is for decryption is stored on the smart card. If you want to be able to recover from that, you must backup the key from the smart card to a safe location.

    There is no visual notification, that you clear text was encrypted with PARANOID:double encryption. So even with correct key store password, you will see random data until you applied step 2 manually. This also means, that there is no visual indication, that you provided the correct key store password - nothing for a sane mind as you will have to make sure, that you enter the correct password in step 1.