└── README.md


/README.md:
--------------------------------------------------------------------------------
 1 | # Qubes Keyboard Project
 2 | 
 3 | The plan is to make a USB keyboard, for use within Qubes, that's end-to-end
 4 | encrypted between the keyboard and `dom0`, so that the untrusted `sys-usb`
 5 | can't log keystrokes. Also, the backlight color of the keyboard will change
 6 | match the color of the AppVM that you're currently highlighting.
 7 | 
 8 | Idea:
 9 | 
10 | First, I'll need a USB keyboard. Then I'll need an embedded device (maybe a
11 | Raspberry Pi), to act as a USB man-in-the-middle: plug the keyboard into the
12 | device, plug the device into the computer. The device will listen for keystrokes
13 | from the keyboard, encrypt them, and forward them, over a USB OTG port, to a
14 | service running in `dom0`. That service will then decrypt them, and type them
15 | for the user. On first setup, the user can install software in `dom0`, and run
16 | it to see a random passphrase. Then they can press a button on the device to put
17 | it in program mode, and type the passphrase, to set a shared key between the two
18 | ends.
19 | 
20 | Components:
21 | 
22 | * Custom qrexec service, like `qubes.KeyboardInput` but `qubes.EncryptedKeyboardInput`
23 | * Software to run on embedded device
24 | * Software to run in `sys-usb`
25 | * Software to run in `dom0`
26 | 
27 | Research:
28 | 
29 | * Logitech G213 Prodigy Keyboard, costs ~$47, is a gaming keyboard with
30 |   adjustable backlight colors
31 | * [glight](https://github.com/sgdw/glight) is a small open source project with
32 |   sample code for controlling this Logitech keyboard's backlight colors
33 | * Simple [guide](https://gist.github.com/gbaman/50b6cca61dd1c3f88f41) for
34 |   setting up OTG modes on the Raspberry Pi Zero
35 | * [libusb](https://pypi.org/project/libusb/) is a python module for communicating
36 |   with USB devices
37 | 
38 | Considerations:
39 | 
40 | * Am I really comfortable with a Raspberry Pi MITMing all my keystrokes? An
41 |   attacker with physical access could easily pop out the SD card and modify to
42 |   log keystrokes, and even connect to wifi and send them over a network. On the
43 |   other hand, attackers can do this with other embedded hardware anyway, like an
44 |   arduino, or even with the keyboard firmware itself. A Raspberry Pi just makes
45 |   their job simpler.
46 | * That said, I can get a Raspberry Pi prototype up in less time, and I already
47 |   understand how to do it. I think I should start with that.
48 | 
49 | Parts:
50 | 
51 | * [Logitech G213 Prodigy Keyboard](https://www.amazon.com/Logitech-Keyboard-Dedicated-Controls-Spill-Resistant/dp/B01K48R5V4), $46.78
52 | * [Micro-USB to USB-A cable](https://www.amazon.com/AmazonBasics-Male-Micro-Cable-Black/dp/B0711PVX6Z/ref=sr_1_3_acs_sk_pb_1_sl_1?ie=UTF8&qid=1542049211&sr=8-3-acs), $4.99
53 | * [Raspberry Pi Zero](https://www.adafruit.com/product/2885), $5.00
54 | * [USB Mini Hub with Power Switch - OTG Micro-USB](https://www.adafruit.com/product/2991), $4.95
55 | * [Adafruit Raspberry Pi Zero Case](https://www.adafruit.com/product/3252), $4.75
56 | 
57 | Total: $66.47 + shipping
58 | 


--------------------------------------------------------------------------------