Add files and V1 Binary

Author: SATUNIX

Docs/Keycard_API.md

@@ -0,0 +1,120 @@
+# Keycard Implementation
+
+## Introduction
+
+This document outlines the process of integrating Keycard into a Java-based application for symmetrically encrypting and decrypting data, particularly focusing on file-based applications with IPFS (InterPlanetary File System) storage.
+
+## Developers: Criteria for Commits
+
+Contributors should follow these guidelines to ensure consistency and security in the codebase.
+
+### Encryption Process:
+
+#### User Passphrase Input:
+- Ensure secure input handling.
+- Use secure GUI prompts or console inputs that don't echo the passphrase.
+
+#### Signing Passphrase with Keycard:
+- Keycards typically sign a hash of data rather than the passphrase directly.
+- Use the Keycard to securely generate or sign a hash of the passphrase for encryption.
+
+#### Key Generation and Management:
+- Generate a symmetric key based on the signed data, ensuring cryptographic security.
+- Securely handle the key in memory and clear it immediately after use.
+
+#### Integration with GPG:
+- Pass the symmetric key to GPG securely for encryption.
+- Avoid using command-line arguments for key passing.
+
+#### Security Measures:
+- Implement measures to prevent memory dumping.
+- Ensure secure deletion of temporary files or logs containing sensitive data.
+- Use secure file handling libraries in Java.
+
+#### Uploading to IPFS:
+- Maintain the integrity and confidentiality of data during the IPFS upload process.
+- Securely handle IPFS interactions and manage CIDs appropriately.
+
+### Decryption Process:
+
+#### Retrieve File from IPFS:
+- Ensure secure retrieval of the encrypted file from IPFS using the CID.
+
+#### Passphrase Handling:
+- Manage passphrase input securely, similar to the encryption process.
+
+#### Keycard Interaction:
+- Use the Keycard to generate or retrieve the decryption key securely.
+
+#### Decrypting with GPG:
+- Decrypt the file using GPG with the symmetric key derived from the Keycard-signed data.
+- Ensure secure handling of key material during decryption.
+
+#### Post-Decryption Security:
+- Manage decrypted data securely.
+- Clean up any sensitive remnants in memory or temporary storage.
+
+#### Error Handling and Logging:
+- Implement robust error handling for Keycard interactions, GPG operations, and IPFS retrieval.
+- Avoid storing sensitive information in logs.
+
+### General Considerations:
+
+#### Cryptographic Best Practices:
+- Adhere to best practices for key generation, data signing, and symmetric encryption.
+
+#### Code Security:
+- Ensure the Java code handling cryptographic operations is secure against common vulnerabilities.
+
+#### User Feedback:
+- Provide clear and user-friendly feedback for operations, especially for errors or successful operations.
+
+#### Documentation and Testing:
+- Document the process clearly, including prerequisites and configurations.
+- Thoroughly test the application for reliability and security.
+
+## Understanding Keycard Capabilities
+
+### Key Storage:
+- Keycard is designed for secure storage of private keys, commonly used in digital signatures and transaction authentication.
+
+### Signing Operations:
+- Keycard can sign data blocks using stored private keys, adaptable for file-based applications and IPFS storage.
+
+### Encryption/Decryption:
+- While not a primary function, Keycard's signing capabilities can be adapted for encryption/decryption processes in file-based applications.
+
+## Implementation Notes
+
+### Data Flow for Encryption and Decryption Using Java Keycard
+
+#### Encryption:
+- User enters a passphrase.
+- Sign the passphrase with the Keycard.
+- Generate a unique key based on the signed passphrase.
+- Use the key as string data for GPG encryption.
+- Remove sensitive process logs or files to prevent data exposure.
+- Encrypt the data with GPG and pass the encrypted file to IPFS.
+
+#### Decryption:
+- Retrieve the file from IPFS using its CID.
+- User re-enters the passphrase.
+- Sign the passphrase with the Keycard to regenerate the decryption key.
+- Use the key to decrypt the file with GPG.
+- Ensure removal of sensitive logs or temporary files.
+
+## Further Reading for Developers
+
+### Recommended Resources:
+
+- [Official Go API for Keycard](https://github.com/status-im/keycard-go/)
+- [Keycard CLI](https://github.com/status-im/keycard-cli)
+- [Keycard APDU API](https://keycard.tech/docs/apdu/)
+- [Localhost Web3 Application for Keycard](https://keycard.tech/docs/web3.html)
+
+Contributors are encouraged to explore these resources for a deeper understanding of Keycard's capabilities and integration methods.
+
+## Conclusion
+
+By leveraging Keycard's unique capabilities for signing and transaction authentication, developers can create a secure and efficient system for encrypting and decrypting data, particularly for applications involving IPFS storage.
+

IPFSS_IPFS-Secure

@@ -2,7 +2,7 @@
 
 A unique IPFS frontend that you can use to push your files through. Encrypt all traffic with a Asymmetric RSA keypair and GPG. Ensure that you can upload private data to IPFS, and only you can receive and view on another machine. The HTTPS of IPFS.
 
-**Recommended to use PGPCard, Apex, or yubikey for Multi Factor Authentication (MFA), encrypting and decrypting data. Using IPFS in general.**
+**Recommended to use keycard, Apex, or Keycard for Multi Factor Authentication (MFA), encrypting and decrypting data. Using IPFS in general.**
 
 
 SecureIPFS is an application and library set that integrates the InterPlanetary File System (IPFS) with robust RSA encryption in Go, providing a secure method to store and retrieve files. It encrypts files before uploading to IPFS and decrypts them using a corresponding key pair.
@@ -13,24 +13,29 @@ SecureIPFS is an application and library set that integrates the InterPlanetary
    - I can do this but some help would be appreciated.
    - Just need to add IPFS Kubo implementation - this is just a front end for IPFS Get and IPFS Add.
 
-2. **Apex /Flex Implementation.**
+2. **Keycard Implementation.**
    - This is stage two and if you are a developer wanting to help, make a fork, see /Docs/* and add your software, finish / upload with a pull request.
-   - This integration has been restructured from using keycard due to a rather unorthodox workaround. Instead the project will now focus on using both Keycard and the PGP applet. 
+   - Ive therorised a way to securely use the keycard for encrypting and decrypting data. Since a EDCSA Signature is unique to the signers private key and the data they are signing. This is all we need.
+   - You just reverse the process, the file is not being signed, the users unique passphrase is. This way the unique EDCSA signature is unique to the user and the application,
+   - This way an attacker cannot decrypt the IPFS data without the keycard, and they cant just scan the keycard, the need to know the passphrase used for that file, and swipe or otherwise steal the keycard.
+   - This is a way of using in vivo crypto coprocessors for secure MFA and file privacy / security.
 
 
 ## From Dangerous Things with love. 
 
-The Apex Flex and FlexSecure allow us mortal humans to perform cryptographic functions in vivo (under the skin) this fact paired with the above cryptographic MFA (Coupling the GPG key from your card into IPFS), the program provides the user a secure way to keep their data safe. 
+The Apex Flex and FlexSecure allow us mortal humans to perform cryptographic functions in vivo (under the skin) this fact paired with the above cryptographic MFA, provides the user a secure way to keep their data safe. 
 
 ![image](https://github.com/SATUNIX/IPFSS_IPFS-Secure/assets/111553838/c28a0a23-1c19-4e04-b621-ef7b76d92f77)
 
+You may be asking **"but satunix why is this so special?" "These implants can do PGP and OTP!!!"** Well, they sure can, but thats it, good luck loading several applets onto your keycard for each purpose, then trying to navigate and use all of the different block positions keys, algorithims.... and whatever tf. Me personally, I kave a FlexSecure loaded with Keycard. Thus, Keycard must be used for this process. This allows even the noobiest of users ease of control and access. 
+*A load and swipe process.*
 
 >"The ability to carry your OTP authenticator, PGP, and other cryptographic keys, and perform cryptographic functions all in vivo (generate OTP codes, encrypt & decrypt data, etc.) without ever revealing private keys to the NFC interface you are interacting with is a huge step forward for personal digital identity and data security."
    
 ## Key Features
 
 - **Asymmetric Encryption**: Utilize RSA encryption to secure your files. Files are encrypted with a public key and can only be decrypted with the corresponding passphrase protected private key.
-- **Symmetric Encryption**: Utilize a Apex or FlexSecure implant with to use the Multi Factor Symmetric encryption on your files, supply a passphrase for the key, scan your card, files secured. 
+- **Symmetric Encryption**: Utilize a Apex or FlexSecure implant with keycard to use Multi Factor Symmetric encryption on your files, supply a passphrase, scan your card, files secured. 
 - **Decentralized Storage**: Leverage IPFS for secure, encrypted, decentralized, and immutable file storage.
 - **Go Implementation**: Built with Go, taking advantage of its powerful concurrency features and efficient data handling.
 

README.md

@@ -0,0 +1,15 @@
+module IPFSS_IPFS-Secure
+
+go 1.21.4
+
+require github.com/status-im/keycard-go v0.3.2
+
+require (
+	github.com/btcsuite/btcd/btcec/v2 v2.2.0 // indirect
+	github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.1 // indirect
+	github.com/ethereum/go-ethereum v1.10.26 // indirect
+	github.com/go-stack/stack v1.8.1 // indirect
+	golang.org/x/crypto v0.1.0 // indirect
+	golang.org/x/sys v0.2.0 // indirect
+	golang.org/x/text v0.4.0 // indirect
+)

go.mod

@@ -0,0 +1,28 @@
+github.com/btcsuite/btcd/btcec/v2 v2.2.0 h1:fzn1qaOt32TuLjFlkzYSsBC35Q3KUjT1SwPxiMSCF5k=
+github.com/btcsuite/btcd/btcec/v2 v2.2.0/go.mod h1:U7MHm051Al6XmscBQ0BoNydpOTsFAn707034b5nY8zU=
+github.com/btcsuite/btcd/chaincfg/chainhash v1.0.1 h1:q0rUy8C/TYNBQS1+CGKw68tLOFYSNEs0TFnxxnS9+4U=
+github.com/btcsuite/btcd/chaincfg/chainhash v1.0.1/go.mod h1:7SFka0XMvUgj3hfZtydOrQY2mwhPclbT2snogU7SQQc=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/decred/dcrd/crypto/blake256 v1.0.0 h1:/8DMNYp9SGi5f0w7uCm6d6M4OU2rGFK09Y2A4Xv7EE0=
+github.com/decred/dcrd/crypto/blake256 v1.0.0/go.mod h1:sQl2p6Y26YV+ZOcSTP6thNdn47hh8kt6rqSlvmrXFAc=
+github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.1 h1:YLtO71vCjJRCBcrPMtQ9nqBsqpA1m5sE92cU+pd5Mcc=
+github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.1/go.mod h1:hyedUtir6IdtD/7lIxGeCxkaw7y45JueMRL4DIyJDKs=
+github.com/ethereum/go-ethereum v1.10.26 h1:i/7d9RBBwiXCEuyduBQzJw/mKmnvzsN14jqBmytw72s=
+github.com/ethereum/go-ethereum v1.10.26/go.mod h1:EYFyF19u3ezGLD4RqOkLq+ZCXzYbLoNDdZlMt7kyKFg=
+github.com/go-stack/stack v1.8.1 h1:ntEHSVwIt7PNXNpgPmVfMrNhLtgjlmnZha2kOpuRiDw=
+github.com/go-stack/stack v1.8.1/go.mod h1:dcoOX6HbPZSZptuspn9bctJ+N/CnF5gGygcUP3XYfe4=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/status-im/keycard-go v0.3.2 h1:YusIF/bHx6YZis8UTOJrpZFnTs4IkRBdmJXqdiXkpFE=
+github.com/status-im/keycard-go v0.3.2/go.mod h1:wlp8ZLbsmrF6g6WjugPAx+IzoLrkdf9+mHxBEeo3Hbg=
+github.com/stretchr/testify v1.7.2 h1:4jaiDzPyXQvSd7D0EjG45355tLlV3VOECpq10pLC+8s=
+github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1FQKckRals=
+golang.org/x/crypto v0.1.0 h1:MDRAIl0xIo9Io2xV565hzXHw3zVseKrJKodhohM5CjU=
+golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw=
+golang.org/x/sys v0.2.0 h1:ljd4t30dBnAvMZaQCevtY0xLLD0A+bRZXbgLMLU1F/A=
+golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/text v0.4.0 h1:BrVqGRd7+k1DiOgtnFvAkoQEWQvBc25ouMJM6429SFg=
+golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=

go.sum

@@ -0,0 +1,46 @@
+package ipfs_link
+
+import (
+    "bytes"
+    "fmt"
+    "os/exec"
+    "strings"
+)
+
+// AddFileToIPFS adds a file to IPFS and returns the CID (Content Identifier)
+func AddFileToIPFS(filePath string) (string, error) {
+    cmd := exec.Command("ipfs", "add", filePath)
+
+    var out bytes.Buffer
+    cmd.Stdout = &out
+    err := cmd.Run()
+    if err != nil {
+        return "", fmt.Errorf("error adding file to IPFS: %w", err)
+    }
+
+    output := out.String()
+    // Extract CID from the output
+    lines := strings.Split(output, "\n")
+    for _, line := range lines {
+        if strings.Contains(line, "added") {
+            parts := strings.Fields(line)
+            if len(parts) >= 2 {
+                return parts[1], nil // Assuming the CID is the second part
+            }
+        }
+    }
+
+    return "", fmt.Errorf("CID not found in IPFS add output")
+}
+
+// GetFileFromIPFS retrieves a file from IPFS using its CID
+func GetFileFromIPFS(cid, outputPath string) error {
+    cmd := exec.Command("ipfs", "get", cid, "-o", outputPath)
+
+    err := cmd.Run()
+    if err != nil {
+        return fmt.Errorf("error retrieving file from IPFS: %w", err)
+    }
+
+    return nil
+}

ipfs_link/ipfs_link.go

@@ -0,0 +1,56 @@
+package keycard_link
+
+import (
+    "bufio"
+    "bytes"
+    "fmt"
+    "os"
+    "os/exec"
+    "strings"
+)
+
+// GetKeycardPublicKey retrieves the public key from the keycard.
+func GetKeycardPublicKey() (string, error) {
+    // Command to execute
+    cmd := exec.Command("./keycard-linux-amd64", "info")
+
+    // Capture the output of the command
+    var out bytes.Buffer
+    cmd.Stdout = &out
+
+    // Run the command
+    err := cmd.Run()
+    if err != nil {
+        return "", err
+    }
+
+    // Process the output to find the public key
+    scanner := bufio.NewScanner(&out)
+    for scanner.Scan() {
+        line := scanner.Text()
+        if strings.Contains(line, "PublicKey:") {
+            // Assuming the public key is the last element in the line, separated by spaces
+            parts := strings.Fields(line)
+            if len(parts) > 1 {
+                return parts[len(parts)-1], nil
+            }
+        }
+    }
+
+    if err := scanner.Err(); err != nil {
+        return "", err
+    }
+
+    return "", fmt.Errorf("public key not found in the output")
+}
+
+// ReadPassphrase prompts the user to enter a passphrase.
+func ReadPassphrase() (string, error) {
+    fmt.Print("Enter a unique passphrase for this file upload: ")
+    reader := bufio.NewReader(os.Stdin)
+    passphrase, err := reader.ReadString('\n')
+    if err != nil {
+        return "", err
+    }
+    return strings.TrimSpace(passphrase), nil
+}