Keysas

Keysas is a modern decontamination station prototype, fast, which aims to be secure.

It provides an easy solution to verify your documents. It can be used as a standalone “decontamination station” or act as a gateway to transfert untrusted files to higher security level networks. Untrusted files are scanned by an antivirus and you can manage and create your own Yara rules and add them easily to Keysas in order to inspect your files with more efficiency. You can also create a whitelist of file types you want to transfert based on their magic number to filter more accurately.

This software has been intentionally made to be as secure as possible using Rust programming langage, Secure Computing mode 2, strong sandboxing through systemd namespaces, LandLock and Apparmor. However if you encounter any security issue, do not hesitate to contact us via Github.

Keysas can be installed on Debian 12 (Bookworm) systems.

This software is written in Rust, under GPL-3.0 license.

Learn more and contribute on Github.

User documentation

Contents:

• Installation
  • Software dependencies
  • Getting Keysas
  • Clamav configuration
  • System wide installation
  • Building Keysas-frontend
  • Building Keysas-admin
• Network gateway (keysas-core)
  • Administration
    • Design
    • System configuration
  • Usage
    • From the untrusted network
    • From the trusted network
  • Download
    • Lastest release
• Decontamination station for USB devices
  • Download
  • Keysas-admin (Desktop client)
  • Fido2 Authentication
    • Enabling the Feature
    • Initialisation de la Yubikey
    • YubiKey Initialization
    • Revoking a YubiKey
  • Using the Keysas Station
  • Hardening of the station
  • Updates
  • Required Hardware
• Keysas-admin application
  • SSH configuration
  • Generate a IKPQPKI
  • Enroll you Keysas stations
  • Sign your outgoing USB keys
• Windows USB firewall
  • Architecture
  • Security Policy configuration
  • Installation
    • Driver compilation
    • Service and application compilation