Network-binding cryptographic server implementing the Tang protocol, and made to run as a Cloudflare Worker
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
trinity-1686a b78ecce2f4 Update 'README.md' 11 months ago
src hide error message 11 months ago
tests init 11 months ago
worker add logging to telegram 11 months ago
.gitignore init 11 months ago
Cargo.lock add logging to telegram 11 months ago
Cargo.toml add logging to telegram 11 months ago
README.md Update 'README.md' 11 months ago
wrangler.toml change name 11 months ago

README.md

Tango-Charlie

Tango-Charlie is a network binding server : it allows a client to decrypt files, but only if the client is in the right network.
It's made to replace tang in a clevis setup.

Tango-Charlie is made to be deployed on Cloudflare Worker (Cloudflare FaaS platform). Contrary to Tang which allow whoever can contact the server to decrypt data, Tango-Charlie require the public ip of the client to have not changed (or be in the same /64 for ipv6). To do so while being stateless, Tango-Charlie generate keys on the fly, based on client ip and a secret known only to the server.

/!\ This software make heavy use of cryptography, and has not been audited, use at your own risks.

Name was inspired by an old french song