What is a KeySafe?
A KeySafe is a small electronic safe that has been modified so that it can be
controlled from a web page. Since a web page is used for control, the safe can
be located in one place and controlled from another. We call it a "KeySafe"
because keys are one of the main things we think someone would lock inside the
unit. The idea is to allow long distance control of access to the contents of
the safe.
How is a KeySafe used?
Typically a KeySafe is used to lockup a set of keys for a chastity device. The
person who wears the device (Wearer) has the safe at his/her location, but
control of the safe is by someone else (Holder) at a (possibly) different
location. This way the person controlling the safe, controls when the device
wearer has access to the keys.
What if you do not have a partner?
In addition to controlling KeySafes, these web pages are designed to help you
find a partner, whether you are looking for a Wearer or a Holder. There are
profile pages available so you can advertise your interests, and matchmaker
features are under development. There is also a feature called "Strict Mistress"
which can control a KeySafe for those without a partner.
What is Strict Mistress?
Strict Mistress is a computer simulated persona who, if you chose, can grant you
permission based on a complicated algorithm. The program offers many levels of
"strictness" depending on the degree of denial you wish, anything from a few
days up to a year between releases is available. If you build a KeySafe, Strict
Mistress can control when the safe unlocks, making Her permissions very real.
What does a (human) Holder need to control the KeySafe?
A Holder needs an Internet connection, and Internet Explorer. From the Holder's
point of view, controlling a wearer's safe, is as easy as browsing any password
protected other web page.
What does a Wearer need to hook up the KeySafe?
In addition to the KeySafe itself, the wearer needs an Internet connection,
Internet Explorer, an RS-232 serial port on his computer, and an ActiveX
control. A perl script is under development, which will enable non-Windows users
to hook up a KeySafe.
How does a KeySafe work?
The Holder clicks on a web page button to indicate that an unlock is allowed. At
some time later, the Wearer logs onto the web site's unlock page, and the web
page sends a specially encoded message to the Wearer's computer, either thru the
browser, or thru a Perl script run by the wearer. This message is then sent out
the PC's serial port, where it is received by the KeySafe embedded computer. The
KeySafe's computer decodes the message, and if valid, unlocks the safe. Messages
that need to go from the KeySafe to the web site, are handled in the same way,
with the direction reversed.
How can I access the KeySafe web pages?
On order to access the KeySafe web pages, you need to setup an account. We want
to limit access to those persons who have a genuine interest in chastity, orgasm
control or related topics. However, setting up an account does not obligate you
to build a KeySafe, offer your keys to anyone, or to play with Strict Mistress.
To setup your own account, Click
here. Or if you already have an account,
Click here.
Why isn't the KeySafe standalone
This has been to approach others have taken. For example, Tammad's safe had a
web server inside it. I find that approach to be a lot less secure than the
approach I used. This is because a stand alone unit must contain the secrets
which allows it to be opened. So that reverse engineering would be ultimately
possible to discover the secret.
With the approach I used, there are no secrets either in the SBC or the
software that would allow you to open the safe. My method uses public key
encryption - the safe's computer knows only the public key, not the private key.
So even if you have the complete schematic of the SBC and the complete source
code for the application, you still would not have enough information to open
the safe.
Another disadvantage of the standalone configuration, is there is no sense of
community. The central web site becomes a place where Holders and wearers can
meet each other, and enjoy the predicaments imposed on the other wearers.
Can you provide more details about your protocol?
Yes, because, once again, knowing the protocol details will not enable you to
unlock a KeySafe. Each message contains the following fields: the safe's serial
number, a random number generated by the web site, a random number generated by
the KeySafe, a text message, a time stamp, and a hash of all the above. The
entire message, all of the before mentioned fields are then encoded using a 1024
bit public or private RSA key. A typical exchange between the web site and the
KeySafe consists of four messages.
The first message is always sent from the web site to the KeySafe. The
KeySafe has no trouble being assured that the message was really from the real
web site, since the hash value is recomputed and must match the hash that was
sent. Only the web site can create such a message, since only the web site knows
the private key. In this first message, the serial number and web generated
random number fields are blank. The KeySafe ignores the time stamp on this first
message.
The second message is from the KeySafe to the web site. The KeySafe replies
with it's serial number, software version, and supplies a random number. The
hash is computed and the result is encoded with the public key. The web site
will decode the message with the private key, test the hash, check that the
serial number matches the registration for this user, that the web random number
supplied in message 2, matches the one from message 1. This message includes the
time interval since the KeySafe software last started running.
Message 3 is sent from the web site to the KeySafe, for example to unlock it.
The web site generates a new random number, includes the KeySafe's random number
from message 2, includes the KeySafe's serial number, computes the hash, and
encodes everything with the 1024 RSA private key. The KeySafe checks everything,
and if correct performs the operation. The time stamp in this message is used to
adjust the KeySafe's clock.
The last message is sent from the KeySafe to the web site, confirming the
action taken.
Since you are using strong encryption, how do you cope with the US
restrictions on export?
If you are asking this question, then you are most aware likely that the US
restricts the exports of encryption software. These restrictions have been
gradually easing, but they are still complicated, and non compliance is a
serious matter. The KeySafe project's encryption could probably qualify under
the new "Open Source" exception, but rather than get involved in all of that, we
simply had that portion of the KeySafe code developed and hosted overseas. The
RSA encryption routines are setup as DLL, which is loaded as needed at runtime.