git Service of IN-Ulm e.V. Explore Help
Sign In
cbiedl
/
tang
1
0
Fork 0
Files
Tree: b136f0618e
Branches Tags
tang
/
doc
/
tang.8.adoc

tang.8.adoc 6.2 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161 
  1. tang(8)
    2. 

  2. =======
    3. 

  3. :doctype: manpage
    4. 

  4. 

  5. == NAME
    6. 

  6. 

  7. tang - Network-Based Cryptographic Binding Server
    8. 

  8. 

  9. == OVERVIEW
    10. 

  10. 

  11. Tang is a service for binding cryptographic keys to network presence. It
    12. 

  12. offers a secure, stateless, anonymous alternative to key escrow services.
    13. 

  13. 

  14. The Tang project arose as a tool to help the automation of decryption.
    15. 

  15. Existing mechanisms predominantly use key escrow systems where a client
    16. 

  16. encrypts some data with a symmetric key and stores the symmetric key in a
    17. 

  17. remote server for later retrieval. The desired goal of this setup is that the
    18. 

  18. client can automatically decrypt the data when it is able to contact the
    19. 

  19. escrow server and fetch the key.
    20. 

  20. 

  21. However, escrow servers have many additional requirements, including
    22. 

  22. authentication (so that clients can't get keys they aren't supposed to have)
    23. 

  23. and transport encryption (so that attackers listening on the network can't
    24. 

  24. eavesdrop on the keys in transit).
    25. 

  25. 

  26. Tang avoids this complexity. Instead of storing a symmetric key remotely,
    27. 

  27. the client performs an asymmetric key exchange with the Tang server. Since
    28. 

  28. the Tang server doesn't store or transport symmetric keys, neither
    29. 

  29. authentication nor encryption are required. Thus, Tang is completely stateless
    30. 

  30. and zero-configuration. Further, clients can be completely anonymous.
    31. 

  31. 

  32. Tang does not provide a client. But it does export a simple REST API and
    33. 

  33. it transfers only standards compliant JSON Object Signing and Encryption
    34. 

  34. (JOSE) objects, allowing you to create your own clients using off the shelf
    35. 

  35. components. For an off-the-shelf automated encryption framework with support
    36. 

  36. for Tang, see the Clevis project. For the full technical details of the Tang
    37. 

  37. protocol, see the Tang project's homepage.
    38. 

  38. 

  39. == GETTING STARTED
    40. 

  40. 

  41. Getting a Tang server up and running is simple:
    42. 

  42. 

  43. ifdef::freebsd[]
    44. 

  44.     $ sudo service tangd enable
    45. 

  45.     $ sudo service tangd start
    46. 

  46. endif::[]
    47. 

  47. ifndef::freebsd[]
    48. 

  48.     $ sudo systemctl enable tangd.socket --now
    49. 

  49. endif::[]
    50. 

  50. 

  51. That's it. The server is now running with a fresh set of cryptographic keys
    52. 

  52. and will automatically start on the next reboot.
    53. 

  53. 

  54. == CONFIGURATION
    55. 

  55. 

  56. Tang intends to be a minimal network service and therefore does not have any
    57. 

  57. configuration. To adjust the network settings, you can override the
    58. 

  58. ifdef::freebsd[]
    59. 

  59. variables in the */usr/local/etc/rc.d/tangd* file.
    60. 

  60. endif::[]
    61. 

  61. ifndef::freebsd[]
    62. 

  62. *tangd.socket* unit file using the standard systemd mechanisms. See
    63. 

  63. link:systemd.unit.5.adoc[*systemd.unit*(5)] and link:systemd.socket.5.adoc[*systemd.socket*(5)] for more information.
    64. 

  64. endif::[]
    65. 

  65. 

  66. == KEY ROTATION
    67. 

  67. 

  68. In order to preserve the security of the system over the long run, you need to
    69. 

  69. periodically rotate your keys. The precise interval at which you should rotate
    70. 

  70. depends upon your application, key sizes and institutional policy. For some
    71. 

  71. common recommendations, see: https://www.keylength.com.
    72. 

  72. 

  73. There is a convenience script to deal with this. See
    74. 

  74. link:tangd-rotate-keys.1.adoc[*tangd-rotate-keys*(1)] for more information.
    75. 

  75. This can also be performed manually as described below.
    76. 

  76. 

  77. To rotate keys, first we need to generate new keys in the key database
    78. 

  78. directory. This is typically */var/db/tang*. For example, you can create
    79. 

  79. new signature and exchange keys with the following commands:
    80. 

  80. 

  81.     # DB=/var/db/tang
    82. 

  82.     # jose jwk gen -i '{"alg":"ES512"}' -o $DB/new_sig.jwk
    83. 

  83.     # jose jwk gen -i '{"alg":"ECMR"}' -o $DB/new_exc.jwk
    84. 

  84. 

  85. Next, rename the old keys to have a leading *.* in order to hide them from
    86. 

  86. advertisement:
    87. 

  87. 

  88.     # mv $DB/old_sig.jwk $DB/.old_sig.jwk
    89. 

  89.     # mv $DB/old_exc.jwk $DB/.old_exc.jwk
    90. 

  90. 

  91. Tang will immediately pick up all changes. No restart is required.
    92. 

  92. 

  93. At this point, new client bindings will pick up the new keys and old clients
    94. 

  94. can continue to utilize the old keys. Once you are sure that all the old
    95. 

  95. clients have been migrated to use the new keys, you can remove the old keys.
    96. 

  96. Be aware that removing the old keys while clients are still using them can
    97. 

  97. result in data loss. You have been warned.
    98. 

  98. 

  99. == HIGH PERFORMANCE
    100. 

  100. 

  101. The Tang protocol is extremely fast. However, in the default setup we
    102. 

  102. use systemd socket activation to start one process per connection. This
    103. 

  103. imposes a performance overhead. For most deployments, this is still probably
    104. 

  104. quick enough, given that Tang is extremely lightweight. But for larger
    105. 

  105. deployments, greater performance can be achieved.
    106. 

  106. 

  107. Our recommendation for achieving higher throughput is to proxy traffic to Tang
    108. 

  108. through your existing web services using a connection pool. Since there is one
    109. 

  109. process per connection, keeping a number of connections open in this setup
    110. 

  110. will enable effective parallelism since there are no internal locks in Tang.
    111. 

  111. 

  112. For Apache, this is possible using the *ProxyPass* directive of the *mod_proxy*
    113. 

  113. module.
    114. 

  114. 

  115. == HIGH AVAILABILITY
    116. 

  116. 

  117. Tang provides two methods for building a high availability deployment.
    118. 

  118. 

  119. 1. Client redundancy (recommended)
    120. 

  120. 2. Key sharing with DNS round-robin
    121. 

  121. 

  122. While it may be tempting to share keys between Tang servers, this method
    123. 

  123. should be avoided. Sharing keys increases the risk of key compromise and
    124. 

  124. requires additional automation infrastructure.
    125. 

  125. 

  126. Instead, clients should be coded with the ability to bind to multiple Tang
    127. 

  127. servers. In this setup, each Tang server will have its own keys and clients
    128. 

  128. will be able to decrypt by contacting a subset of these servers.
    129. 

  129. 

  130. Clevis already supports this workflow through its *sss* plugin.
    131. 

  131. 

  132. However, if you still feel that key sharing is the right deployment strategy,
    133. 

  133. Tang will do nothing to stop you. Just (securely!) transfer all the contents
    134. 

  134. of the database directory to all your servers. Make sure you don't forget the
    135. 

  135. unadvertised keys! Then set up DNS round-robin so that clients will be load
    136. 

  136. balanced across your servers.
    137. 

  137. 

  138. == COMMANDS
    139. 

  139. 

  140. The Tang server provides no public commands.
    141. 

  141. 

  142. == AUTHOR
    143. 

  143. 

  144. Nathaniel McCallum <npmccallum@redhat.com>
    145. 

  145. 

  146. == SEE ALSO
    147. 

  147. 

  148. ifndef::freebsd[]
    149. 

  149. link:systemd.unit.5.adoc[*systemd.unit*(5)],
    150. 

  150. link:systemd.socket.5.adoc[*systemd.socket*(5)],
    151. 

  151. endif::[]
    152. 

  152. link:jose-jwk-gen.1.adoc[*jose-jwk-gen*(1)],
    153. 

  153. link:tang-show-keys.1.adoc[*tang-show-keys*(1)],
    154. 

  154. link:tangd-rotate-keys.1.adoc[*tangd-rotate-keys*(1)]
    155. 

  155. 

  156. == FURTHER READING
    157. 

  157. 

  158. * Clevis    : https://github.com/latchset/clevis
    159. 

  159. * Tang      : https://github.com/latchset/tang
    160. 

  160. * JOSE      : https://datatracker.ietf.org/wg/jose/charter/
    161. 

  161. * mod_proxy : https://httpd.apache.org/docs/2.4/mod/mod_proxy.html
    162.