Network-binding cryptographic server implementing the Tang protocol, and made to run as a Cloudflare Worker
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
trinity-1686a b78ecce2f4 Update '' 1 month ago
src hide error message 1 month ago
tests init 1 month ago
worker add logging to telegram 1 month ago
.gitignore init 1 month ago
Cargo.lock add logging to telegram 1 month ago
Cargo.toml add logging to telegram 1 month ago Update '' 1 month ago
wrangler.toml change name 1 month ago


Tango-Charlie is a network binding server : it allows a client to decrypt files, but only if the client is in the right network.
It’s made to replace tang in a clevis setup.

Tango-Charlie is made to be deployed on Cloudflare Worker (Cloudflare FaaS platform). Contrary to Tang which allow whoever can contact the server to decrypt data, Tango-Charlie require the public ip of the client to have not changed (or be in the same /64 for ipv6). To do so while being stateless, Tango-Charlie generate keys on the fly, based on client ip and a secret known only to the server.

/!\ This software make heavy use of cryptography, and has not been audited, use at your own risks.

Name was inspired by an old french song