From 16c7ea1b357ab518ee5a40f2a663843f064479a9 Mon Sep 17 00:00:00 2001 From: runge Date: Sun, 21 Sep 2008 23:04:47 +0000 Subject: x11vnc: Add symmetric key encryption -enc cipher:keyfile, works with SSVNC. Make -remap work on MacOSX console. update to 0.9.5 strings. Add a couple menu items to tkx11vnc. --- x11vnc/help.c | 76 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 76 insertions(+) (limited to 'x11vnc/help.c') diff --git a/x11vnc/help.c b/x11vnc/help.c index 06ce6a3..f2c9a6a 100644 --- a/x11vnc/help.c +++ b/x11vnc/help.c @@ -1715,6 +1715,79 @@ void print_help(int mode) { "-stunnel3 [pem] Use version 3.x stunnel command line syntax instead of\n" " version 4.x\n" "\n" +"-enc cipher:keyfile Use symmetric encryption with cipher \"cipher\"\n" +" and secret key data in \"keyfile\". If keyfile is\n" +" pw= then \"string\" is used as the key data.\n" +"\n" +" NOTE: It is recommended that you use SSL via the -ssl\n" +" option instead of this option because SSL is well\n" +" understood and takes great care to establish unique\n" +" session keys and is more compatible with other software.\n" +" Use this option if you do not want to deal with SSL\n" +" certificates for authentication and do not want to\n" +" use SSH but want some encryption for your VNC session.\n" +" Or if you must interface with some symmetric key tunnel.\n" +"\n" +" Note that this mode will NOT work with the UltraVNC DSM\n" +" plugins because they alter the RFB protocol in addition\n" +" to tunnelling with the symmetric cipher (an unfortunate\n" +" choice of implementation).\n" +"\n" +" cipher can be one of: arc4, aesv2, aes-cfb, blowfish,\n" +" or 3des. See the OpenSSL documentation for more info.\n" +" The keysize is 128 bits. Here is one way to make a\n" +" keyfile with that many bits:\n" +"\n" +" dd if=/dev/random of=./my.key bs=16 count=1\n" +"\n" +" you will need to securely share this key with the other\n" +" side of the VNC connection (See SSVNC for examples).\n" +"\n" +" Example: -enc blowfish:./my.key\n" +" Example: -enc blowfish:pw=swordfish\n" +"\n" +" By default 16 bytes of random salt followed by 16 bytes\n" +" of random initialization vector are sent at the very\n" +" beginning of the stream. The other side must read these\n" +" and initialize their cipher with them. These values\n" +" make the session key unique (without them the security\n" +" is minimal). Similarly, the other side must send us\n" +" its random salt and IV with those same lengths.\n" +"\n" +" The salt and key data are combined to create a session\n" +" key using an md5 hash as described in EVP_BytesToKey(3).\n" +"\n" +" The exact call is: EVP_BytesToKey(Cipher, EVP_md5(),\n" +" salt, keydata, len, 1, keystr, NULL); where salt is\n" +" the random data as described above, and keydata is the\n" +" shared secret key data. keystr is the resulting session\n" +" key. The cipher is then seeded with keystr and uses\n" +" the random initialization vector as its first block.\n" +"\n" +" To modify the amount of random salt and initialization\n" +" vector use cipher@n,m where n is the salt length and\n" +" m the initialization vector length. E.g.\n" +"\n" +" -enc aes-cfb@8,16:./my.key\n" +"\n" +" It is not a good idea to set either one to zero,\n" +" although you may be forced to if the other side of the\n" +" tunnel is not under your control.\n" +"\n" +" The SSVNC vnc viewer project supplies a symmetric\n" +" encryption tool named \"ultravnc_dsm_helper\" that can\n" +" be used on the viewer side. For example:\n" +"\n" +" ssvncviewer exec='ultravnc_dsm_helper arc4 my.key 0 h:p'\n" +"\n" +" where h:p is the hostname and port of the x11vnc server.\n" +" ultravnc_dsm_helper may also be used standalone to\n" +" provide a symmetric encryption tunnel for any viewer\n" +" or server (VNC or otherwise.)\n" +"\n" +" Also see the 'Non-Ultra DSM' SSVNC option for the\n" +" 'UltraVNC DSM Encryption Plugin' advanced option.\n" +"\n" "-https [port] Choose a separate HTTPS port (-ssl mode only).\n" "\n" " In -ssl mode, it turns out you can use the\n" @@ -2542,6 +2615,9 @@ void print_help(int mode) { " initial state of the modifier is ignored and not reset)\n" " To include button events use \"Button1\", ... etc.\n" "\n" +" -buttonmap currently does not work on MacOSX console\n" +" or in -rawfb mode.\n" +"\n" "-nodragging Do not update the display during mouse dragging events\n" " (mouse button held down). Greatly improves response on\n" " slow setups, but you lose all visual feedback for drags,\n" -- cgit v1.2.1