jedisct1/piknik
Replica/paste one thing else over the network!
[sight a demo on Asciinema] –
[download the provision code / binaries]
Ever basic a replica/paste clipboard that works over the network?
Piknik seamlessly and securely transfers URLs, code snippets, paperwork, virtually one thing else between arbitrary hosts.
No SSH basic, and hosts can sit within the support of NAT gateways, on assorted networks.
Gain within the clipboard (« reproduction ») without a matter comes in to the customary input:
Magically retrieve that assert material from any assorted host having Piknik installed with the an identical configuration:
Instruct.
Obviously, it would furthermore be extinct to transfer recordsdata as properly:
$ pkc < kitten.gif
$ pkp > kittencopy.gif
$ tar cvf - *.txt | pkc
$ pkp | tar xvf -
In deliver to work around firewalls/NAT gatways, the clipboard assert material transits over TCP thru a staging server.
Nothing transits without end-to-end encryption; the server can no longer learn valuable about what the clipboard in truth accommodates.
Recordsdata might presumably furthermore be shared between assorted working programs, together with MacOS, Linux and House windows.
Installation
Possibility 1: employ precompiled binaries
Precompiled binaries for MacOS, Linux (i386, x86_64, ARM), Win32, Win64, DragonflyBSD, NetBSD and FreeBSD might presumably furthermore be downloaded here:
https://github.com/jedisct1/piknik/releases/most modern
Possibility 2 (on MacOS): employ Homebrew
Possibility Three: bring together the provision code
This mission is written in Jog. So, a Jog compiler is required, moreover to the next incantation:
$ export GOPATH=${GOPATH:-~/inch} ; mkdir -p $GOPATH
$ inch fetch github.com/jedisct1/piknik
The piknik executable file might presumably quiet then be available within the market in $GOPATH/bin.
Setup
Piknik requires a bunch of keys. Generate them all with
This generates random keys (extremely suggested).
A short replacement is to fetch the keys from a password. The same password will continually generate the an identical living of keys, on all platforms. In deliver to full so, add the -password switch:
$ piknik -genkeys -password
The output of the -genkeys deliver is all you will want to construct a configuration file.
Finest reproduction the section for servers on the staging server. Finest reproduction the section for clients on the clients.
Is a bunch gonna act each and each as a staging server and as a client? Ponder on it earlier than copying the « hybrid » section, nonetheless or no longer it is there, involving in case.
The default position for the configuration file is ~/.piknik.toml. Moreover House windows, where dot-recordsdata are no longer so well-liked. On that platform, the file is exclusively known as piknik.toml.
Sample configuration file for a staging server:
Listen = "Zero.Zero.Zero.Zero:8075" # Edit precisely
Psk = "bf82bab384697243fbf616d3428477a563e33268f0f2307dd14e7245dd8c995d"
SignPk = "0c41ca9b0a1b5fe4daae789534e72329a93a352a6ad73d6f1d368d8eff37271c"
Sample configuration file for clients:
Join = "127.Zero.Zero.1:8075" # Edit precisely
Psk = "bf82bab384697243fbf616d3428477a563e33268f0f2307dd14e7245dd8c995d"
SignPk = "0c41ca9b0a1b5fe4daae789534e72329a93a352a6ad73d6f1d368d8eff37271c"
SignSk = "cecf1d92052f7ba87da36ac3e4a745b64ade8f9e908e52b4f7cd41235dfe7481"
EncryptSk = "2f530eb85e59c1977fce726df9f87345206f2a3d40bf91f9e0e9eeec2c59a3e4"
Develop no longer employ these, uh? Fetch your very private keys with the piknik -genkeys deliver.
Edit the Join and Listen properties to replica the staging server IP and port.
And chmod 600 ~/.piknik.toml might presumably no longer be a atrocious plot.
Develop no longer love the default config file position? Employ the -config switch.
Usage (staging server)
Flee the next deliver on the staging server (or employ runit, openrc, systemd, no matter to lag it as a background carrier):
The staging server needs to be publicly accessible. Now not lower than, it ought to be reachable by the clients over TCP with the port you specify within the configuration.
Instructions with out a faithful API key (teach within the customer configuration file) will be rejected by the server.
Usage (clients)
Replica the customary input to the clipboard.
Retrieve the assert material of the clipboard and spit it to the customary output.
-paste is completely a no-op. Here is the default movement if -reproduction modified into no longer specified.
Retrieve the assert material of the clipboard, spit it to the customary output
and determined the clipboard. Now not necessarily on this deliver.
Finest one lucky client will dangle the privilege to ogle the assert material.
That’s it.
Feed it one thing else. Textual assert material, binary records, no matter. As prolonged because it suits in memory.
Urged shell aliases
Wait. The set apart are the pkc and pkp instructions mentioned earlier?
Sample shell aliases:
# pko : reproduction to the clipboard
pko() {
echo "$*" | piknik -reproduction
}
# pkf : reproduction the assert material of to the clipboard
pkf() {
piknik -reproduction < $1
}
# pkc : learn the assert material to reproduction to the clipboard from STDIN
alias pkc='piknik -reproduction'
# pkp : paste the clipboard assert material
alias pkp='piknik -paste'
# pkm : inch the clipboard assert material
alias pkm='piknik -inch'
# pkz : delete the clipboard assert material
alias pkz='piknik -reproduction < /dev/null'
# pkfr [] : send a full itemizing to the clipboard, as a tar archive
pkfr() {
tar czpvf - ${1:-.} | piknik -reproduction
}
# pkpr : extract clipboard assert material sent utilizing the pkfr deliver
alias pkpr='piknik -paste | tar xzhpvf -'
# pkpr : extract clipboard assert material sent utilizing the pkfr deliver
alias pkpr='piknik -paste | tar xzhpvf -'
Piknik integration in 1/Three-birthday celebration capabilities
Employ cases
Employ it to:
- Securely send passwords, API keys, URLs from one host to a different
- Share a clipboard alongside with your teammates (which is frequently quite loads of enjoyable)
- Replica records from/to isolated VMs, without the VMWare tools or shared volumes (immense for unsupported working programs and malware sandboxes)
- Replica recordsdata from/to a House windows machine, without Samba or SSH
- Transfer records between hosts sitting within the support of firewalls/NAT gateways
- Without bother reproduction configuration recordsdata to more than one hosts
- Originate up a behind download at the place of job, retrieve it later at home
- Swiftly backup a file to the cloud earlier than messing with it
- …and more!
Protocol
Neatly-liked definitions:
k: API key
ek: 256-bit symmetric encryption key
ekid: encryption key identity encoded as a 64-bit minute endian integer
m: plaintext
ct: XChaCha20 ek,n (m)
Hk,s: BLAKE2b(domain="SK", key=k, salt=s, size=32)
Len(x): x encoded as a 64-bit minute endian unsigned integer
n: random 192-bit nonce
r: random 256-bit client nonce
r': random 256-bit server nonce
ts: Unix timestamp as a 64-bit minute endian integer
Sig: Ed25519
v: 5
Replica:
-> v || r || h0
h0 := Hk,Zero(v || r)
<- v || r' || h1
h1 := Hk,1(v || r' || h0)
-> 'S' || h2 || Len(n || ct) || ekid || ts || s || n || ct
s := Sig(n || ct)
h2 := Hk,2(h1 || 'S' || ekid || ts || s)
<- Hk,Three(h2)
Transfer/Paste:
Transfer: opcode := 'M'
Paste: opcode := 'G'
-> v || r || h0
h0 := Hk,Zero(v || r)
<- v || r' || h1
h1 := Hk,1(v || r' || H0)
-> opcode || h2
h2 := Hk,2(h1 || opcode)
<- Hk,Three(h2 || ekid || ts || s) || Len(n || ct) || ekid || ts || s || n || ct
s := Sig(n || ct)
License
ISC.
Credit
Piknik draw by EasyPi.
Study Extra
Commentaires récents