summaryrefslogtreecommitdiffstats
path: root/x11vnc/help.c
diff options
context:
space:
mode:
authorrunge <runge>2008-09-21 23:04:47 +0000
committerrunge <runge>2008-09-21 23:04:47 +0000
commit16c7ea1b357ab518ee5a40f2a663843f064479a9 (patch)
tree4f8cceaaa9920ae1ca6e4cb0468e5d87f1d63326 /x11vnc/help.c
parenta1e5d55e356f4913169f6dd746b14548cc51695d (diff)
downloadlibtdevnc-16c7ea1b357ab518ee5a40f2a663843f064479a9.tar.gz
libtdevnc-16c7ea1b357ab518ee5a40f2a663843f064479a9.zip
x11vnc: Add symmetric key encryption -enc cipher:keyfile,
works with SSVNC. Make -remap work on MacOSX console. update to 0.9.5 strings. Add a couple menu items to tkx11vnc.
Diffstat (limited to 'x11vnc/help.c')
-rw-r--r--x11vnc/help.c76
1 files changed, 76 insertions, 0 deletions
diff --git a/x11vnc/help.c b/x11vnc/help.c
index 06ce6a3..f2c9a6a 100644
--- a/x11vnc/help.c
+++ b/x11vnc/help.c
@@ -1715,6 +1715,79 @@ void print_help(int mode) {
"-stunnel3 [pem] Use version 3.x stunnel command line syntax instead of\n"
" version 4.x\n"
"\n"
+"-enc cipher:keyfile Use symmetric encryption with cipher \"cipher\"\n"
+" and secret key data in \"keyfile\". If keyfile is\n"
+" pw=<string> then \"string\" is used as the key data.\n"
+"\n"
+" NOTE: It is recommended that you use SSL via the -ssl\n"
+" option instead of this option because SSL is well\n"
+" understood and takes great care to establish unique\n"
+" session keys and is more compatible with other software.\n"
+" Use this option if you do not want to deal with SSL\n"
+" certificates for authentication and do not want to\n"
+" use SSH but want some encryption for your VNC session.\n"
+" Or if you must interface with some symmetric key tunnel.\n"
+"\n"
+" Note that this mode will NOT work with the UltraVNC DSM\n"
+" plugins because they alter the RFB protocol in addition\n"
+" to tunnelling with the symmetric cipher (an unfortunate\n"
+" choice of implementation).\n"
+"\n"
+" cipher can be one of: arc4, aesv2, aes-cfb, blowfish,\n"
+" or 3des. See the OpenSSL documentation for more info.\n"
+" The keysize is 128 bits. Here is one way to make a\n"
+" keyfile with that many bits:\n"
+"\n"
+" dd if=/dev/random of=./my.key bs=16 count=1\n"
+"\n"
+" you will need to securely share this key with the other\n"
+" side of the VNC connection (See SSVNC for examples).\n"
+"\n"
+" Example: -enc blowfish:./my.key\n"
+" Example: -enc blowfish:pw=swordfish\n"
+"\n"
+" By default 16 bytes of random salt followed by 16 bytes\n"
+" of random initialization vector are sent at the very\n"
+" beginning of the stream. The other side must read these\n"
+" and initialize their cipher with them. These values\n"
+" make the session key unique (without them the security\n"
+" is minimal). Similarly, the other side must send us\n"
+" its random salt and IV with those same lengths.\n"
+"\n"
+" The salt and key data are combined to create a session\n"
+" key using an md5 hash as described in EVP_BytesToKey(3).\n"
+"\n"
+" The exact call is: EVP_BytesToKey(Cipher, EVP_md5(),\n"
+" salt, keydata, len, 1, keystr, NULL); where salt is\n"
+" the random data as described above, and keydata is the\n"
+" shared secret key data. keystr is the resulting session\n"
+" key. The cipher is then seeded with keystr and uses\n"
+" the random initialization vector as its first block.\n"
+"\n"
+" To modify the amount of random salt and initialization\n"
+" vector use cipher@n,m where n is the salt length and\n"
+" m the initialization vector length. E.g.\n"
+"\n"
+" -enc aes-cfb@8,16:./my.key\n"
+"\n"
+" It is not a good idea to set either one to zero,\n"
+" although you may be forced to if the other side of the\n"
+" tunnel is not under your control.\n"
+"\n"
+" The SSVNC vnc viewer project supplies a symmetric\n"
+" encryption tool named \"ultravnc_dsm_helper\" that can\n"
+" be used on the viewer side. For example:\n"
+"\n"
+" ssvncviewer exec='ultravnc_dsm_helper arc4 my.key 0 h:p'\n"
+"\n"
+" where h:p is the hostname and port of the x11vnc server.\n"
+" ultravnc_dsm_helper may also be used standalone to\n"
+" provide a symmetric encryption tunnel for any viewer\n"
+" or server (VNC or otherwise.)\n"
+"\n"
+" Also see the 'Non-Ultra DSM' SSVNC option for the\n"
+" 'UltraVNC DSM Encryption Plugin' advanced option.\n"
+"\n"
"-https [port] Choose a separate HTTPS port (-ssl mode only).\n"
"\n"
" In -ssl mode, it turns out you can use the\n"
@@ -2542,6 +2615,9 @@ void print_help(int mode) {
" initial state of the modifier is ignored and not reset)\n"
" To include button events use \"Button1\", ... etc.\n"
"\n"
+" -buttonmap currently does not work on MacOSX console\n"
+" or in -rawfb mode.\n"
+"\n"
"-nodragging Do not update the display during mouse dragging events\n"
" (mouse button held down). Greatly improves response on\n"
" slow setups, but you lose all visual feedback for drags,\n"