Flightbox CLI Reference
flightbox
Flexible cryptographic toolkit for multi-tenant encryption and signature
flightbox [OPTIONS] COMMAND [ARGS]...
Options
- -v, --verbosity <LVL>
Either CRITICAL, ERROR, WARNING, INFO or DEBUG
- -k, --keystore-pool <keystore_pool>
Folder tree to store keystores (else ~/.witnessangel/keystore_pool is used)
- -c, --cryptainer-storage <cryptainer_storage>
Folder to store cryptainers (else ~/.witnessangel/cryptainers is used)
- -g, --gateway-url <gateway_url>
URL of the web registry endpoint
authenticator
Manage authenticator trustees
flightbox authenticator [OPTIONS] COMMAND [ARGS]...
create
Initialize an authenticator folder with a set of keypairs
The target directory must not exist yet, but its parent directory must exist.
Authenticator passphrase can be provided as WA_PASSPHRASE environment variable, else user will be prompted for it.
No constraints are applied to the lengths of the passphrase or other fields, so beware of security considerations!
flightbox authenticator create [OPTIONS] AUTHENTICATOR_DIR
Options
- --keypair-count <keypair_count>
Count of keypairs to generate (min 1)
- Default:
3
- --owner <owner>
Required Name of the authenticator owner
- --passphrase-hint <passphrase_hint>
Required Non-sensitive hint to help remember the passphrase
Arguments
- AUTHENTICATOR_DIR
Required argument
delete
Delete an authenticator folder along with all its content
flightbox authenticator delete [OPTIONS] AUTHENTICATOR_DIR
Arguments
- AUTHENTICATOR_DIR
Required argument
validate
Verify the metadata and keypairs of an authenticator folder
Authenticator passphrase can be provided as WA_PASSPHRASE environment variable, else user will be prompted for it.
flightbox authenticator validate [OPTIONS] AUTHENTICATOR_DIR
Arguments
- AUTHENTICATOR_DIR
Required argument
view
View metadata and public keypair identifiers of an authenticator
The presence and validity of private keys isn't checked.
flightbox authenticator view [OPTIONS] AUTHENTICATOR_DIR
Options
- -f, --format <format>
- Default:
plain
- Options:
plain | json
Arguments
- AUTHENTICATOR_DIR
Required argument
cryptainer
Manage encrypted containers
flightbox cryptainer [OPTIONS] COMMAND [ARGS]...
decrypt
Turn a cryptainer back into the original media file
This command is for test purposes only, since it only works with INSECURE cryptoconfs where private keys are locally available, and not protected by passphrases.
For real world use cases, see the Witness Angel software suite (Authenticator, Revelation Station...).
flightbox cryptainer decrypt [OPTIONS] CRYPTAINER_NAME
Options
- -o, --output-file <output_file>
Arguments
- CRYPTAINER_NAME
Required argument
delete
Delete a local cryptainer
flightbox cryptainer delete [OPTIONS] CRYPTAINER_NAME
Arguments
- CRYPTAINER_NAME
Required argument
list
List local cryptainers
flightbox cryptainer list [OPTIONS]
Options
- -f, --format <format>
- Default:
plain
- Options:
plain | json
purge
Delete oldest cryptainers per criteria
flightbox cryptainer purge [OPTIONS]
Options
- --max-age <max_age>
Maximum age of cryptainer, in days
- --max-count <max_count>
Maximum count of cryptainers in storage
- --max-quota <max_quota>
Maximum total size of cryptainers, in MBs
summarize
Display a summary of a cryptainer structure
flightbox cryptainer summarize [OPTIONS] CRYPTAINER_NAME
Arguments
- CRYPTAINER_NAME
Required argument
validate
Validate a cryptainer structure
flightbox cryptainer validate [OPTIONS] CRYPTAINER_NAME
Arguments
- CRYPTAINER_NAME
Required argument
cryptoconf
Manage cryptographic configurations
flightbox cryptoconf [OPTIONS] COMMAND [ARGS]...
generate-simple
Generate a simple cryptoconf using subcommands
flightbox cryptoconf generate-simple [OPTIONS] COMMAND1 [ARGS]... [COMMAND2
[ARGS]...]...
Options
- --keychain-uid <keychain_uid>
Default UID for asymmetric keys
add-key-cipher-layer
Add a layer of asymmetric encryption of the key
A symmetric cipher can also be used, resulting in a hybrid encryption scheme.
flightbox cryptoconf generate-simple add-key-cipher-layer [OPTIONS]
Options
- --asym-cipher-algo <asym_cipher_algo>
Required Asymmetric algorithms for key encryption
- Options:
RSA_OAEP
- --trustee-type <trustee_type>
Required Kind of key-guardian used
- Options:
local_keyfactory | authenticator
- --keystore-uid <keystore_uid>
UID of the key-guardian (only for authenticators)
- --keychain-uid <keychain_uid>
Overridden UID for asymmetric key
- --sym-cipher-algo <sym_cipher_algo>
Optional intermediate symmetric cipher, to avoid stacking trustees
- Options:
AES_CBC | AES_EAX | CHACHA20_POLY1305
add-key-shard
Add a shard configuration to a shared secret
flightbox cryptoconf generate-simple add-key-shard [OPTIONS]
Options
- --asym-cipher-algo <asym_cipher_algo>
Required Asymmetric algorithms for key encryption
- Options:
RSA_OAEP
- --trustee-type <trustee_type>
Required Kind of key-guardian used
- Options:
local_keyfactory | authenticator
- --keystore-uid <keystore_uid>
UID of the key-guardian (only for authenticators)
- --keychain-uid <keychain_uid>
Overridden UID for asymmetric key
- --sym-cipher-algo <sym_cipher_algo>
Optional intermediate symmetric cipher, to avoid stacking trustees
- Options:
AES_CBC | AES_EAX | CHACHA20_POLY1305
add-payload-cipher-layer
Add a layer of symmetric encryption of the data
The random symmetric key used for that encryption will then have to be protected by asymmetric encryption.
flightbox cryptoconf generate-simple add-payload-cipher-layer
[OPTIONS]
Options
- --sym-cipher-algo <sym_cipher_algo>
Required Symmetric algorithms for payload encryption
- Options:
AES_CBC | AES_EAX | CHACHA20_POLY1305
summarize
Display a summary of a cryptoconf structure
flightbox cryptoconf summarize [OPTIONS] CRYPTOCONF_FILE
Arguments
- CRYPTOCONF_FILE
Required argument
validate
Ensure that a cryptoconf structure is valid
flightbox cryptoconf validate [OPTIONS] CRYPTOCONF_FILE
Arguments
- CRYPTOCONF_FILE
Required argument
encrypt
Turn a media file into a secure container
flightbox encrypt [OPTIONS] INPUT_FILE
Options
- -o, --output-basename <output_basename>
Basename of the cryptainer storage output file
- -c, --cryptoconf <cryptoconf>
Json crypotoconf file
- --bundle
Combine cryptainer metadata and payload
Arguments
- INPUT_FILE
Required argument
foreign-keystore
Manage locally imported keystores
flightbox foreign-keystore [OPTIONS] COMMAND [ARGS]...
delete
Delete a locally imported keystore
flightbox foreign-keystore delete [OPTIONS] KEYSTORE_UID
Arguments
- KEYSTORE_UID
Required argument
import
Import a remote keystore
flightbox foreign-keystore import [OPTIONS]
Options
- --from-usb
Fetch authenticators from plugged USB devices
- --from-path <from_path>
Fetch authenticator from folder path
- --from-gateway <from_gateway>
Fetch authenticator by uid from gateway
- --include-private-keys
Import private keys when available
list
List locally imported keystores
flightbox foreign-keystore list [OPTIONS]
Options
- -f, --format <format>
- Default:
plain
- Options:
plain | json
view
View metadata and public keypair identifiers of an imported keystore
The presence and validity of private keys isn't checked.
flightbox foreign-keystore view [OPTIONS] KEYSTORE_UID
Options
- -f, --format <format>
- Default:
plain
- Options:
plain | json
Arguments
- KEYSTORE_UID
Required argument