This is an Agenda build of TEA Total by Alex Holden, along with a few
scripts to simplify its use.  TEA Total is Alex' implementation of the
Tiny Encryption Algorithm developed by David Wheeler and Roger Needham
at the Cambridge Computer Laboratory.

Installation instructions are at the bottom of this file.

If I have any more recent versions of this Agenda build, you can probably 
find them from
      http://www.aq.org/~js/agenda/
  
ABOUT TEA AND THIS BUILD

  TEA is alleged to be faster, smaller, and more secure than DES (the
  Defence Encryption Standard).  I'm not a cryptographer, so I can't vouch
  for that. :-)  I do know that DES itself is not considered very secure
  these days.  When you combine that fact with the fact that the Agenda
  itself is a completely insecure platform (from a networked-Linux-box
  point of view, I mean), and that if you lose your Agenda or connect
  it somewhere where it's accessible over the network, anybody can copy
  your encrypted files *and your key* and spend as much time as they like
  working on decrypting them on a full-size computer, you should probably 
  be pretty skeptical of the security represented here.
  
  The TEA algorithm and TEA Total have been put in the public domain 
  by their respective authors.  Anything here that's actually my own 
  work I also put in the public domain; you're welcome to use it however 
  you choose.
  
  I've built teatotal with support for compression, but without support 
  for base64 encoding.
  
  Of course, you can also build tea-total for your desktop from the
  included original sources, so your encrypted files are accessible on
  either platform (assuming you're OK with the security implications 
  of copying the key file).
  
DOCUMENTATION
  
  Pre-formatted manual pages for "tea", "untea", "tea-kgen", and "teatotal"
  are in the "doc" subdirectory here.  The original nroff source is in
  the source tar file, src-tea-total-0.4.tar .  (I renamed it that 
  way so "t*" won't match it, for rsync convenience.)
  
  LICENSE-ORIG is the license file from Alex' source.  My additions 
  are also in the public domain.
  
  More information about the TEA algorithm is at
      http://vader.brad.ac.uk/tea/tea.shtml
  and the canonical source for TEA Total is
      http://www.linuxhacker.org/tea-total/
  
  build-notes describes how I built stuff.
  
  config.inc is the configuration stuff included by the Makefile.
  It's the only thing I had to touch at all to build teatotal for 
  the Agenda.

USAGE
  
  In addition to the "tea", "untea", and "tea-kgen" commands (unchanged
  from the original version) being available, I've added scripts "t",
  "unt", "tshow", and "tsetup", for convenience.
  
  "tsetup" is run once after installation to make the command links to the
  "teatotal" binary and to set up your password-protected default key,
  $HOME/.tea_key .  (This is the key used by the "t", "unt", and "tshow"
  commands.)  Once you've done that, you can delete the tsetup script 
  if you like.
  
  The "t" script encrypts a file, using the default key, after asking you
  for the default keys' password.  If you say "t foo", a file "foo.tea"
  will be created.  The original and encrypted files are listed along with
  their sizes and dates, and you're reminded that you may want to delete
  the original.
  
  The "unt" script decrypts a file with your default key.  The encrypted
  version is not removed.
  
  The "tshow" script decrypts a file with your default key and sends 
  the result to standard output.  (If it's longer than a screenful, 
  you'll need to use the Terminal scrollbar or the hardware buttons 
  to see it all.  For some reason I'm not quite clear on, piping
  the output through "more" doesn't work.)
  
  Eventually, I'd like to have nice FLTK front-ends to all this stuff, 
  but I guess I'll have to learn C++ first. :-)
  
INSTALLATION
  
  To install, rsync the "teatotal" binary, the "tea", "untea", and
  "tea-kgen" symlinks, and the "tsetup", "t", "unt", and "tshow" scripts
  to /usr/local/bin on your Agenda.  You should be able to do that with
  the command
  
      rsync -l -v --progress unt* t* agenda::root/usr/local/bin
  
  (You need the "-l" to preserve the symlinks.)  Then either telnet to
  your Agenda or open a terminal on it, and run the "tsetup" script.
  This will make the symlinks for the various avatars of TEA Total,
  check that the other scripts are in the right place, and then
  create a password-protected key called $HOME/.tea_key (normally
  /home/default/.tea_key).
  
  You will probably have to tap on the screen for a while in order to
  create the key.  That's because creating the key uses random data
  from /dev/random, and that data is generated from random events (like
  touchpad taps) that happen to the Agenda.  If the Agenda doesn't think
  it's seen enough randomness lately, it'll sit and wait for random
  stuff to happen to it before it feeds the random data to tea-kgen.
  (This is the normal Linux behaviour of /dev/random.  If people think
  it's too much hassle and the security hit isn't too big, I could
  rebuild teatotal to use /dev/urandom instead, which doesn't care if
  it's not serving good random data.  I could also be persuaded to 
  build with base64 support if people care.)
  
  WARNING: If you re-run "tsetup" a second time, you'll overwrite 
  your default key.  That means you won't be able to decrypt files 
  you'd previously encrypted with it.
  
  Once the key has been generated, you'll see a prompt saying
      Enter key password:
  Enter the password you want to encrypt your default key with.  You'll
  be asked to enter it a second time to make sure you didn't mistype
  (and that the Agenda's HWR didn't misunderstand you, if you're doing 
  this on the Agenda's screen).  The longer and more random the password,
  of course, the more secure your data is.  If you're going to be 
  backing up your encrypted data to your Linux desktop, you probably 
  should *not* use the same password as your account password - after 
  all, if somebody breaks into your account, they probably already 
  have gotten your account password somehow.
  
  Once you've entered your key password, you can encrypt files with 
  the "t" script, decrypt them with the "unt" script, and view them 
  with the "tshow" script, all of which will prompt you for your key's
  password.
  
  For greater security, you should NOT back up your key,
  /home/default/.tea_key .  (If you're paranoid, you might want to move
  it someplace in flash that's less likely to be backed up, like /etc
  or /usr/local/lib, and make a symlink.)  However, you need to balance
  that against the fact that if you lose your key, you can't access any
  of your files.  (The same is true if you forget your key's password.)
  Since the key is a moderate-length ASCII string, you could back it up
  to a scrap of paper, for minimal network vulnerability. :-)
  
  When deciding where to store what on your Agenda, be aware that 
  /tmp and /var are in RAM, so stuff you put there will be lost on 
  a reset.  Depending on the application, that may be a good or a 
  bad thing. :-)

Hope people find this useful!

-Jay Sekora
 js+agenda@aq.org