Apso: Secrecy for Version Control Systems
In Tibet, Lhasa Apso dogs were used as guardians in temples. Abso means "bark lion sentinel dog".
Apso (the software) is a framework for adding secrecy to version control systems. Usually, version control systems support transfer of encrypted data between clients and the server (in centralized systems) or between clients (in distributed systems). This, however, does not help one who needs to store his versioned content in a potentially hostile host or on removable media. Apso makes this possible by creating encrypted versions of version control repositories.
Features
- Documentation with explanation of concepts, examples of usage and internals overview;
- Written in C++;
- Repositories are encrypted, so the host administrator can do his job without having access to the data;
- Easy to setup and use;
- Access control uses a (configurable) GPG-like PKI;
- Can be configured to use different cryptographic algorithms;
- Only depends on boost (and of course on the version control client and a cryptographic library);
- Distributed version control systems may be added as plugins;
- Cryptographic engines may be added as plugins;
- User interfaces may be added as plugins;
- A friendly developer.
Supported Plugins
Interfaces available for Apso:
- A command-line interface is ready, with smart error-reporting (Apso will tell you all the errors it found in a command)
Version control systems currently available for Apso:
Cryptographic plugins available:There are plans to support Git, Mercurial and Darcs, but not a single line of code was written yet.
Subversion could be supported with a different protocol and some changes in the Subversion client, but I have no plans to personally implement this.
I have no plans to include support for other cryptographic libraries at the moment. I have tried BeeCrypt, libgpgme, Peter Gutmann's CryptLib and Crypto++. I decided to use Nettle, because it was the simplest and easiest to use. The problems I found with other libraries are:
- Cryptographic functions are supposed to be functions, and I didn't feel like studying a big UML diagram or learning about all kinds of filters, envelopes, special streams, and whatever else you'll find in OO cryptoengines;
- Lack of good documentation, with complete examples (not just references generated from code comments).
Getting Apso
Savannah link
Apso is hosted at Savannah. Check the page for Apso there!
License
The initial Apso code was written by me (Jerônimo Pellegrini), and released under the GNU General Public License version 2 (or later, at your choice). There are two files that have been contributed by Jan Pfeifer (cctoos.cc and cctools.h) which are released under the GNU Lesser General Public License version 2 (or later, at your choice). Also, the documentation is released under the GNU Free Documentation Licence version 1.2 (or later, at your choice).
Needless to say: THERE IS NO WARRANTY.
If you are wondering why I have decided to distribute this program under the GNU GPL if it will basically just help people keep their source code closed and safe, consider that some people store all kinds of things under version control that are not supposed to be public, like your homework, PhD thesis, config files, and other things.
Current Status
There are now 2.9k lines of C++ code. The problem is that Apso is just a proof of concept, and I had no time to even work on its architecture before I started coding. I'm working on cleaning up the code. The part that works is:
- Granting and revoking access;
- Pushing and pulling between public and private databases;
- A setup script.
What's not working:
- THE CRYPTOGRAPHIC PLUGIN IMPLEMENTTION IS A PROOF OF CONCEPT! It will be changed in the future;
- The binary will not perform setup. You will have to use the script setup.sh;
- The compromise function is being re-written;
- The documentation is incomplete and outdated.
Helping
If you want to help turn this prototype into a real system, please subscribe to apso-devel at Savannah. Also, please download Apso and see the TODO list. I am currently trying to organize the list of bugs so I can transfer them to the bug tracking system at Savannah.
Important notice
BY SENDING ANY KIND OF CONTRIBUTION TO APSO, YOU ARE RELEASING IT UNDER THE GNU GPL, AND YOU CAN ONLY DO THAT IF YOU ARE THE COPYRIGHT HOLDER OF THE INTELLECTUAL WORK YOU PRODUCE. IF YOU WORK FOR A COMPANY THAT CLAIMS OWNERSHIP OVER EVERYTHING YOU DO, THEN YOU ARE NOT SUPPOSE TO CONTRIBUTE, UNLESS THE COMPANY ITSELF IS WILLING TO LICENSE THE WORK UNDER THE GNU GPL.
Before contributing for the first time, please send an email to apso-devel saying who you are (your full name) and stating that you do have legal right to release code under the GNU GPL.
Downloading
Apso is still in its infancy, but you can already download the prototype. The code is still ugly, because it was written in a hurry.
Apso was debianized by Chad Walstrom. Please get the latest version from the Monotone repository, go to the top dir and use "dpkg-buildpackage -rfakeroot" to build the package. Hopefully, someone will step forward and help making rpms too.
Available versions:
- Apso version 0.2.1 (internal cleanup)
- tar.bz2 ecf0175ba6cd5a1c9e88afa2581cbc24443dac03db0f1bc1ef9716ef524d34dc sig
- tar.gz 34573ec277672d0a73cf5c03d7dfa8947b954a35945c1bea58173fb4ec678998 sig
- deb (unstable) 11e2c54cfa04660f9560a05497f7cd52f0b7729bdadd6c2adddad3d3b77e5564 sig
- deb (unstable) 63be1514ba544815490607fc868d875a32457980103bc271e1b9cac72eeb4c88 sig
- Apso version 0.2.0 (internal cleanup)
- Apso version 0.1.1 (Minor bug fixes)
- Apso version 0.1.0 tar.bz2 c84e5dbcaf76e4b981fb9955fcb08ea85a861df58559294165e4df75a466cbb8 sig
- Apso version 0.0.2 93a21edfb2b5b900304ad55dc1b5ff69c749ffa9068be2f96c5c96eaf404b3b3 sig (Documentation fixes;internal reoganization)
- Apso version 0.0.1 3967cdeb720ba9efd28d409905adff6da32be8cf5a527ee1e9d247f8ec7c69c8 sig (Fixed documentation licensing)
-
Apso version 0.0.0b6d49af35d17dc31606c4a06edb5907ec268ad5a307c8ac266186a9953596d8f sig (Initial prototype)
Since Apso is still a prototype, you may be interested in getting the source from the monotone server.
To sync with the Monotone server, pull the branch from the Monotone database at aleph0.info:
Use monotone version 0.26 or higher (this is NECESSARY) and do the following (you can change "my_database" to some other name that you like):
mtn -d my_database.mtn db init mtn -d my_database.mtn pull mtn.aleph0.info info.aleph0.apso mtn -d my_database.mtn co -b info.aleph0.apso info.aleph0.apso cd info.aleph0.apso
And you are in the source tree.
Compiling
Do whatever you do on your system to install the build dependencies:
- Compilers: gcc and g++ (I used version 4.1 of both)
- Nettle development files (I used version 1.14), and all its dependencies (like gmp, etc).
- Boost development files (I used version 1.33.1)
It's possible that you already have these on your system. Now just compile:
AUTOMAKE=automake-1.9 ACLOCAL=aclocal-1.9 autoreconf --install ./configure make src/apso
WARNING: There are several things mising at the moment! Apso is not yet fully secure. DO NOT TRUST THIS PROTOTYPE! IT DOES NOT GUARANTEE SECRECY YET!
Documentation
For users: Apso comes with an info file where you can find from the basic concepts to examples of usage. It is compiled automatically when you compile Apso. You can read it with info (or pinfo, which I recommend).
For developers:
- Please run Doxygen on the source code (I haven't had time to do that myself yet, but the functions are documented);
- The info file also has a section on the architecture of Apso;
- Papers related to Apso:
- Pellegrini, J. Secrecy in concurrent version control systems. Presented at the Brazilian Symposium on Information nd Computer Security (SBSeg) 2006. [ Slides ] [ Errata ]