├── .gitignore ├── .travis.yml ├── README.md └── src ├── Makefile ├── chapter_00_introducing_cryptoparty ├── 00_about_this_book.md ├── 01_preface.md ├── 02_why_privacy_matters.md ├── 03_a_cryptoparty_manifesto.md ├── 04_party_like_its_december_31st_1983.md └── 05_how_to_cryptoparty.md ├── chapter_01_understanding_email ├── 00_basic_tips.md ├── 01_types_of_email.md ├── 02_fears.md ├── 03_secure_connections.md └── 04_secure_emails.md ├── chapter_02_understanding_browsing ├── 00_basic_tips.md ├── 01_fears.md ├── 02_what_happens_when_you_browse.md ├── 03_accounts_and_security.md ├── 04_tracking.md ├── 05_anonymity.md ├── 06_vpn.md ├── chrome_delete_cookies_01.png ├── chrome_delete_cookies_02.png ├── chrome_private_browsing_01.png ├── chrome_private_browsing_02.png ├── firefox_delete_cookies_01.png ├── firefox_delete_cookies_02.png ├── firefox_private_browsing_01.png ├── firefox_private_browsing_02.png ├── firefox_private_browsing_03.png ├── ghostery01.png ├── ghostery02.png ├── ghostery03.png ├── ghostery04.png ├── ghostery05.png ├── ghostery06.png ├── ie_delete_cookies_01.png ├── ie_delete_cookies_02.png ├── ie_private_browsing_01.png └── ie_private_browsing_02.png ├── chapter_03_publishing_and_distribution ├── 00_publishing_anonymously.md ├── 01_anonymous_email.md └── 02_file_sharing.md ├── chapter_04_secure_calls_and_sms ├── 00_secure_calls.md └── 01_secure_messaging_and_chat.md ├── chapter_05_basic_email_security ├── 00_start_using_thunderbird_mail.md ├── 01_setting_up_secure_connections.md ├── 02_some_additional_security_settings.md ├── gmail_imap.png ├── thunderbird.jpg ├── thunderbird_conf_1.png ├── thunderbird_conf_2.png ├── thunderbird_conf_3.png ├── thunderbird_conf_4.png ├── thunderbird_conf_5.png ├── thunderbird_inst_1.jpg ├── thunderbird_inst_2.jpg ├── thunderbird_inst_3.jpg ├── thunderbird_inst_4.jpg ├── thunderbird_inst_5.jpg ├── thunderbird_inst_mac_1.jpg ├── thunderbird_inst_mac_2.jpg ├── thunderbird_inst_mac_3.jpg ├── thunderbird_inst_mac_4.jpg ├── thunderbird_inst_ubuntu_1.jpg ├── thunderbird_inst_ubuntu_2.jpg ├── thunderbird_sec_1.jpg ├── thunderbird_sec_2.jpg ├── thunderbird_sec_3.jpg ├── thunderbird_sec_4.jpg ├── thunderbird_sec_5.jpg ├── thunderbird_sec_6.jpg ├── thunderbird_sec_7.jpg ├── thunderbird_sec_8.jpg └── thunderbird_sec_9.jpg ├── chapter_06_email_encryption ├── 00_introducing_email_encryption_gpg.md ├── 01_installing_gpg_on_windows.md ├── 02_installing_gpg_on_osx.md ├── 03_installing_gpg_on_ubuntu.md ├── 04_installing_gpg_on_android.md ├── 05_creating_your_gpg_keys.md ├── 06_daily_gpg_usage.md ├── 07_webmail_and_gpg.md ├── daily_gpg_1.png ├── daily_gpg_10.png ├── daily_gpg_11.png ├── daily_gpg_12.png ├── daily_gpg_13.png ├── daily_gpg_14.png ├── daily_gpg_15.png ├── daily_gpg_16.png ├── daily_gpg_17.png ├── daily_gpg_18.png ├── daily_gpg_19.png ├── daily_gpg_2.png ├── daily_gpg_20.png ├── daily_gpg_21.png ├── daily_gpg_22.png ├── daily_gpg_23.png ├── daily_gpg_24.png ├── daily_gpg_25.png ├── daily_gpg_26.png ├── daily_gpg_27.png ├── daily_gpg_28.png ├── daily_gpg_29.png ├── daily_gpg_3.png ├── daily_gpg_30.png ├── daily_gpg_31.png ├── daily_gpg_32.png ├── daily_gpg_33.png ├── daily_gpg_34.png ├── daily_gpg_35.png ├── daily_gpg_36.png ├── daily_gpg_37.png ├── daily_gpg_4.png ├── daily_gpg_5.png ├── daily_gpg_6.png ├── daily_gpg_7.png ├── daily_gpg_8.png ├── daily_gpg_9.png ├── enigmail_inst_1.png ├── enigmail_inst_2.png ├── enigmail_inst_3.png ├── enigmail_mac_inst_1.jpg ├── enigmail_mac_inst_2.jpg ├── gpg-schema.jpg ├── gpg_keys_1.png ├── gpg_keys_10.png ├── gpg_keys_11.png ├── gpg_keys_2.png ├── gpg_keys_3.png ├── gpg_keys_4.png ├── gpg_keys_5.png ├── gpg_keys_6.png ├── gpg_keys_7.png ├── gpg_keys_8.png ├── gpg_keys_9.png ├── gpg_mac_inst_1.jpg ├── gpg_mac_inst_2.jpg ├── gpg_mac_inst_3.jpg ├── gpg_mac_inst_4.jpg ├── gpg_mac_inst_5.jpg ├── gpg_mac_inst_6.jpg ├── gpg_mac_inst_7.jpg ├── gpg_mac_inst_8.jpg ├── gpg_send.png ├── gpg_win.png ├── gpg_win_2.png ├── gpg_write.png ├── pgp.jpg ├── pgp_ubuntu_inst_1.png └── pgp_ubuntu_inst_2.png ├── chapter_07_safer_browsing ├── 00_why_firefox.md ├── 01_accessing_firefox_on_ubuntu.md ├── 02_installing_firefox_on_mac_os_x.md ├── 03_installing_firefox_on_windows.md ├── 04_extending_firefox.md ├── 05_proxy_settings.md ├── 06_using_tor.md ├── 07_extending_chrome.md ├── abp_1.png ├── disable_rc4.png ├── ff.jpg ├── ff_mac_inst_1.png ├── ff_mac_inst_2.png ├── ff_mac_inst_3.png ├── ff_mac_inst_4.png ├── ff_mac_inst_5.png ├── ff_mac_inst_8.png ├── ff_proxy_1.png ├── ff_proxy_2.png ├── ff_ubuntu_1.png ├── ff_ubuntu_2.png ├── ff_win_inst_1.png ├── ff_win_inst_2.png ├── ff_win_inst_3.png ├── ff_win_inst_4.png ├── ff_win_inst_5.png ├── https_everywhere.png ├── https_everywhere_2.png ├── https_everywhere_3.png ├── https_everywhere_4.png ├── https_everywhere_5.png ├── https_everywhere_6.png ├── https_schema.jpg ├── tor_1.png ├── tor_10.png ├── tor_11.png ├── tor_2.png ├── tor_3.png ├── tor_4.png ├── tor_5.png ├── tor_6.png ├── tor_7.png ├── tor_8.png └── tor_9.png ├── chapter_08_passwords ├── 00_keeping_passwords_safe.md ├── 01_installing_keepass.md ├── 02_encrypting_passwords_with_a_password_manager.md ├── keepass_1.png ├── keepass_10.png ├── keepass_11.png ├── keepass_12.png ├── keepass_13.png ├── keepass_14.png ├── keepass_15.png ├── keepass_16.png ├── keepass_2.png ├── keepass_3.png ├── keepass_4.png ├── keepass_5.png ├── keepass_6.png ├── keepass_7.png ├── keepass_8.png ├── keepass_9.png ├── mng_1.png ├── mng_10.png ├── mng_11.png ├── mng_12.png ├── mng_13.png ├── mng_14.png ├── mng_15.png ├── mng_16.png ├── mng_17.png ├── mng_2.png ├── mng_3.png ├── mng_4.png ├── mng_5.png ├── mng_6.png ├── mng_7.png ├── mng_8.png └── mng_9.png ├── chapter_09_using_vpn ├── 00_getting_setting_up_and_testing_a_vpn_account.md ├── 01_vpn_on_ubuntu.md ├── 02_vpn_on_osx.md ├── 03_vpn_on_windows.md ├── 04_make_sure_it_works.md ├── vpn_osx_02.jpg ├── vpn_osx_03.jpg ├── vpn_osx_04.jpg ├── vpn_osx_05.jpg ├── vpn_osx_06.jpg ├── vpn_osx_07.jpg ├── vpn_osx_08.jpg ├── vpn_osx_09.jpg ├── vpn_osx_09b.jpg ├── vpn_osx_10.jpg ├── vpn_osx_11.jpg ├── vpn_osx_12.jpg ├── vpn_osx_13.jpg ├── vpn_ubuntu_001.png ├── vpn_ubuntu_002.png ├── vpn_ubuntu_003.png ├── vpn_ubuntu_004.png ├── vpn_ubuntu_005.png ├── vpn_ubuntu_006.png ├── vpn_ubuntu_007.png ├── vpn_ubuntu_008.png ├── vpn_ubuntu_009.png ├── vpn_ubuntu_010.png ├── vpn_ubuntu_011.png ├── vpn_ubuntu_012.png ├── vpn_ubuntu_013.png ├── vpn_ubuntu_014.png ├── vpn_ubuntu_015.png ├── vpn_ubuntu_016.png ├── vpn_windows_01.jpg ├── vpn_windows_02.jpg ├── vpn_windows_03.jpg ├── vpn_windows_04.jpg ├── vpn_windows_05.jpg ├── vpn_windows_06.jpg ├── vpn_windows_07.jpg ├── vpn_windows_08.jpg ├── vpn_windows_09.jpg ├── vpn_windows_10.jpg ├── vpn_windows_11.jpg ├── vpn_windows_12.jpg ├── vpn_windows_13.jpg └── vpn_windows_14.jpg ├── chapter_10_disk_encryption ├── 00_installing_truecrypt.md ├── 01_using_truecrypt.md ├── 02_setting_up_a_hidden_volume.md ├── 03_securely_destroying_data.md ├── 04_LUKS.md ├── destroy_data_001.png ├── destroy_data_002.png ├── destroy_data_003.png ├── destroy_data_004.jpg ├── destroy_data_005.jpg ├── destroy_data_006.jpg ├── destroy_data_007.jpg ├── destroy_data_008.jpg ├── destroy_data_009.png ├── destroy_data_010.png ├── destroy_data_011.png ├── destroy_data_012.png ├── destroy_data_013.png ├── destroy_data_014.png ├── disks_000_launch.png ├── disks_001.png ├── disks_001_with_steps.png ├── disks_001_with_steps.svg ├── disks_002_format.png ├── disks_003_formatencryptedfilledout.png ├── disks_004_formatconfirmation.png ├── disks_005_lock.png ├── disks_005_with_steps.png ├── disks_005_with_steps.svg ├── disks_006_locked.png ├── disks_006_with_steps.png ├── disks_006_with_steps.svg ├── disks_007_passphrase_prompt.png ├── hidden_vol_001.png ├── hidden_vol_002.png ├── hidden_vol_004.png ├── hidden_vol_005.png ├── hidden_vol_006.png ├── hidden_vol_007.png ├── hidden_vol_014.png ├── tc_001.png ├── tc_002.png ├── tc_003.png ├── tc_004.png ├── tc_005.png ├── tc_006.png ├── tc_007.png ├── tc_008.png ├── tc_009.jpg ├── tc_010.jpg ├── tc_011.jpg ├── tc_012.jpg ├── tc_013.jpg ├── using_tc_001.png ├── using_tc_002.png ├── using_tc_003.png ├── using_tc_004.png ├── using_tc_005.png ├── using_tc_006.png ├── using_tc_007.png ├── using_tc_008.png ├── using_tc_009.png ├── using_tc_010.png ├── using_tc_011.png ├── using_tc_012.png ├── using_tc_013.png ├── using_tc_014.png ├── using_tc_015.png └── using_tc_016.png ├── chapter_11_call_encryption ├── 00_installing_csipsimple.md ├── ostn_1.png ├── ostn_2.png └── ostn_3.png ├── chapter_12_instant_messaging_encryption └── 00_setting_up_encrypted_messaging.md ├── chapter_13_secure_file_sharing ├── 00_installing_i2p_on_ubuntu.md ├── 01_downloading_i2p_torrent.md ├── 02_onionshare.md ├── i2p_1.jpg ├── i2p_2.jpg ├── i2p_3.jpg ├── onionshare_1.png ├── onionshare_2.png ├── onionshare_3.png ├── onionshare_4.png ├── onionshare_5.png ├── onionshare_6.png └── onionshare_7.png ├── chapter_14_appendices ├── assets │ ├── crypto_1.png │ ├── crypto_2.png │ └── crypto_3.png ├── contributions.md ├── cryptography.md ├── glossary.md └── the_necessity_of_open_source.md ├── convert_to_epub.sh ├── convert_to_html.sh ├── convert_to_md.sh ├── convert_to_tex.sh ├── cover-800.jpg ├── cover.jpg ├── cover.pdf ├── extract_toc.py ├── handbook.css └── metadata.xml /.gitignore: -------------------------------------------------------------------------------- 1 | src/build 2 | cryptoparty-handbook-html 3 | .project 4 | /dist 5 | /metadata.opf 6 | /cover.jpg 7 | -------------------------------------------------------------------------------- /.travis.yml: -------------------------------------------------------------------------------- 1 | language: haskell 2 | 3 | notifications: 4 | email: false 5 | irc: 6 | - "irc.oftc.net#cryptoparty" 7 | 8 | before_install: 9 | - sudo apt-get update 10 | 11 | install: 12 | - sudo apt-get install pandoc texlive-science texlive-fonts-recommended texlive-latex-extra zip python-beautifulsoup 13 | 14 | script: 15 | - cd src 16 | - make clean 17 | - make install 18 | 19 | -------------------------------------------------------------------------------- /src/Makefile: -------------------------------------------------------------------------------- 1 | BUILD_DIR=build 2 | DIST_DIR=../dist 3 | 4 | TEX_DIR=${BUILD_DIR}/tex 5 | BOOK_DIR=${BUILD_DIR}/. 6 | 7 | # Only set if not overriden by an environment variable 8 | DATE?=`date +%F` 9 | 10 | all: latex-pdf combined 11 | 12 | ${BUILD_DIR}: 13 | mkdir ${BUILD_DIR} 14 | 15 | ${DIST_DIR}: 16 | mkdir ${DIST_DIR} 17 | 18 | ${TEX_DIR}/main.tex: ${BUILD_DIR} convert_to_tex.sh 19 | ./convert_to_tex.sh ${TEX_DIR} 20 | 21 | latex-pdf: ${TEX_DIR}/main.tex 22 | pdflatex --output-dir=${TEX_DIR} ${TEX_DIR}/main.tex >/dev/null 23 | # The second run will fix the TOC 24 | pdflatex --output-dir=${TEX_DIR} ${TEX_DIR}/main.tex >/dev/null 25 | 26 | ${BOOK_DIR}/book.md: ${BUILD_DIR} 27 | ./convert_to_md.sh ${BOOK_DIR} 28 | 29 | combined: ${BOOK_DIR}/book.md 30 | 31 | install: combined latex-pdf ${DIST_DIR} 32 | cp ${TEX_DIR}/main.pdf ${BOOK_DIR}/../${DIST_DIR}/cryptoparty-handbook-${DATE}.pdf 33 | cp ${BOOK_DIR}/book.md ${BOOK_DIR}/../${DIST_DIR}/cryptoparty-handbook-${DATE}.md 34 | ./convert_to_epub.sh 35 | ./convert_to_html.sh 36 | (cd ${DIST_DIR}; zip -9qr cryptoparty-handbook-${DATE}-html.zip cryptoparty-handbook-${DATE}) 37 | (cd ${DIST_DIR}; sha256sum cryptoparty-handbook-${DATE}.* cryptoparty-handbook-${DATE}-html.zip > SHA256SUM) 38 | 39 | clean: ${BUILD_DIR} 40 | rm -Rf ${BUILD_DIR}/* 41 | rm -Rf ${BUILD_DIR}/../cryptoparty-handbook-html 42 | find -type l -delete 43 | -------------------------------------------------------------------------------- /src/chapter_00_introducing_cryptoparty/00_about_this_book.md: -------------------------------------------------------------------------------- 1 | About This Book 2 | =============== 3 | 4 | The CryptoParty Handbook was born from a suggestion by Marta Peirano ([http://petitemedia.es](http://petitemedia.es)) and Adam Hyde ([http://booksprints.net](http://booksprints.net)) after the first Berlin CryptoParty, held on the 29th of August, 2012. Julian Oliver ([http://julianoliver.com](http://julianoliver.com)) and Danja Vasiliev ([http://k0a1a.net](http://k0a1a.net)), co-organisers of the Berlin CryptoParty along with Marta were very enthusiastic about the idea, seeing a need for a practical working book with a low entry-barrier to use in subsequent parties. Asher Wolf, originator of the CryptoParty movement, was then invited to run along and the project was born. 5 | 6 | This book was written in the first 3 days of October 2012 at Studio Weise7, Berlin, surrounded by fine food and a small ocean of coffee. Approximately 20 people were involved in its creation, some more than others, some local and some far. 7 | 8 | The writing methodology used, BookSprint ([http://booksprints.net](http://booksprints.net)), is all about minimising any obstruction between expertise and the published page. Face-to-face discussion and dynamic task-assignment were a huge part of getting the job done, like any good CryptoParty! 9 | 10 | The open source, web-based (HTML5 and CSS) writing platform BookType ([http://booktype.pro](http://booktype.pro)) was chosen for the editing task, helping such a tentacular feat of parallel development to happen with relative ease. Asher also opened a couple of TitanPad pages to crowd-source the Manifesto and HowTo CryptoParty chapters. 11 | 12 | Combined, this became the official CryptoParty Handbook by midnight October the 3rd, GMT+1. 13 | 14 | The Book Sprint was 3 days in length and the full list of onsite participants included: 15 | 16 | * Adam Hyde (facilitator) 17 | * Marta Peirano 18 | * Julian Oliver 19 | * Danja Vasiliev 20 | * Asher Wolf ([http://cryptoparty.org](http://cryptoparty.org)) 21 | * Jan Gerber 22 | * Malte Dik 23 | * Brian Newbold 24 | * Brendan Howell ([http://wintermute.org](http://wintermute.org) 25 | * AT 26 | * Carola Hesse 27 | * Chris Pinchen ([http://chokepointproject.net/](http://chokepointproject.net)). 28 | * Cover art by Emile Denichaud ([http://about.me/denichaud](http://about.me/denichaud)) 29 | 30 | This version of the handbook has since moved to GitHub to collaboratively edit it. Find it at [https://github.com/cryptoparty/handbook](https://github.com/cryptoparty/handbook). 31 | If you see areas that need improvement or simply come across a typo, create a GitHub account and start editing, commenting or creating issues. For help using git and GitHub, see [https://help.github.com/](https://help.github.com/). 32 | 33 | CryptoParty HandBook Credits 34 | 35 | Facilitated by: 36 | 37 | * Adam Hyde 38 | 39 | Core Team: 40 | 41 | * Marta Peirano 42 | * Asher Wolf 43 | * Julian Oliver 44 | * Danja Vasiliev 45 | * Malte Dik 46 | * Jan Gerber 47 | * Brian Newbold 48 | * Brendan Howell 49 | 50 | Assisted by: 51 | 52 | * Teresa Dillon 53 | * AT 54 | * Carola Hesse 55 | * Chris Pinchen 56 | * 'LiamO' 57 | * 'l3lackEyedAngels' 58 | * 'Story89' 59 | * Travis Tueffel 60 | 61 | GitHub migration, packaging and maintenance by: 62 | 63 | * Yuval Adam 64 | * Samuel Carlisle 65 | * Daniel Kinsman 66 | * pettter 67 | * Jens Kubieziel 68 | * Uwe Lippmann 69 | * Kai Engert 70 | 71 | Cover Image by Emile Denichaud. 72 | 73 | Other material included: 74 | 75 | * [https://www.flossmanuals.net/bypassing-censorship](https://www.flossmanuals.net/bypassing-censorship) 76 | 77 | The manuals used in the second half of this book borrow from 2 books sprinted by FLOSS (free/libre/open-source software) manuals: 78 | 79 | * "How to Bypass Internet Censorship" 2008 & 2010 Adam Hyde (Facilitator), Alice Miller, Edward Cherlin, Freerk Ohling, Janet Swisher, Niels Elgaard Larsen, Sam Tennyson, Seth Schoen, Tomas Krag, Tom Boyle, Nart Villeneuve, Ronald Deibert, Zorrino Zorrinno, Austin Martin, Ben Weissmann, Ariel Viera, Niels Elgaard Larsen, Steven Murdoch, Ross Anderson, Helen Varley Jamieson, Roberto Rastapopoulos, Karen Reilly, Erinn Clark, Samuel L. Tennyson, A Ravi 80 | 81 | * "Basic Internet Security" 2011 Adam Hyde (Facilitator), Jan Gerber, Dan Hassan, Erik Stein, Sacha van Geffen, Mart van Santen, Lonneke van der Velden, Emile den Tex and Douwe Schmidt 82 | 83 | All content in the CryptoParty Handbook is licensed under the [Creative Commons Attribution-ShareAlike 3.0 Unported (CC BY-SA 3.0)](https://creativecommons.org/licenses/by-sa/3.0/). 84 | 85 | All chapters © the contributors unless otherwise noted below. 86 | -------------------------------------------------------------------------------- /src/chapter_00_introducing_cryptoparty/01_preface.md: -------------------------------------------------------------------------------- 1 | Preface 2 | ======= 3 | 4 | This book is a collective and ongoing effort in that it is based on the two [FLOSS Manuals](https://www.flossmanuals.net) [How to Bypass Internet Censorship](https://flossmanuals.net/bypassing-censorship) and [Basic Internet Security](https://flossmanuals.net/basic-internet-security/) and collaboratively edited on [Github](https://github.com/cryptoparty/handbook) although other venues of collaborative editing are investigated. 5 | 6 | Its goal is to give a comprehensive resource to people who would like to attend or organize a CryptoParty but lack the local expertise or just confidence in doing so. All chapters are designed to be self-contained. 7 | 8 | All content in the *CryptoParty Handbook* is licensed under the [Creative Commons Attribution-ShareAlike 3.0 Unported (CC BY-SA 3.0)](https://creativecommons.org/licenses/by-sa/3.0/). The authors are listed in *Appendix A: Contributions*. 9 | -------------------------------------------------------------------------------- /src/chapter_00_introducing_cryptoparty/02_why_privacy_matters.md: -------------------------------------------------------------------------------- 1 | Why Privacy Matters 2 | =================== 3 | 4 | Privacy is a fundamental human right. It is recognized in many countries to be as central to individual human dignity and social values as Freedom of Association and Freedom of Speech. Simply put, privacy is the border where we draw a line between how far a society can intrude into our personal lives. 5 | 6 | Countries differ in how they define privacy. In the UK for example, privacy laws can be traced back to the 1300s when the English monarchy created laws protecting people from eavesdroppers and peeping toms. These regulations referred to the intrusion of a person’s comfort and not even the King of England could enter into a poor persons house without their permission. From this perspective, privacy is defined in terms of personal space and private property. In 1880 American lawyers, Samuel Warren and Louis Brandeis described privacy as the 'right to be left alone'. In this case, privacy is synonymous with notions of solitude and the right for a private life. In 1948, the Universal Declaration of Human Rights specifically protected territorial and communications privacy which by that became part of constitutions worldwide. The European Commission on Human Rights and the European Court of Human Rights also noted in 1978 that privacy encompasses the right to establish relationships with others and develop emotional well-being. 7 | 8 | Today, a further facet of privacy increasingly perceived is the personal data we provide to organizations, online as well as offline. How our personal data is used and accessed drives the debate about the laws that govern our behavior and society. This in turn has knock-on effects on the public services we access and how businesses interact with us. It even has effects on how we define ourselves. If privacy is about the borders which govern who we give permission to watch us and track aspects of our lives, then the amount and type of personal information gathered, disseminated and processed is paramount to our basic civil liberties. 9 | 10 | An often heard argument, when questions of privacy and anonymity come up, goes along the lines of, "I only do boring stuff. Nobody will be interested in it anyway" or, "I have nothing to hide". Both of these statements are easily defeated. 11 | 12 | Firstly, a lot of companies are very interested in what boring things you do precisely so they have opportunity to offer "excellent" products fitting interests. In this way their advertising becomes much more efficient - they are able to tailor specifically to assumed needs and desires. Secondly you do have lots to hide. Maybe you do not express it in explicitly stated messages to friends and colleagues, but your browsing - if not protected by the techniques laid out in this book - will tell a lot about things you might rather keep secret: the ex-partner you search for using Google, illnesses you research or movies you watch are just few examples. 13 | 14 | Another consideration is that just because you might not have something to hide at this moment, you may very well in future. Putting together all the tools and skills to protect yourself from surveillance takes practice, trust and a bit of effort. These are things you might not be able to achieve and configure right when you need them most and need not take the form of a spy movie. An obsessed, persistent stalker, for example, is enough to heavily disrupt your life. The more you follow the suggestions given in this book, the less impact attacks like this will have on you. Companies may also stalk you too, finding more and more ways to reach into your daily life as the reach of computer networking itself deepens. 15 | 16 | Finally, a lack of anonymity and privacy does not just affect you, but all the people around you. If a third party, like your Internet Service Provider, reads your email, it is also violating the privacy of all the people in your address book. This problem starts to look even more dramatic when you look at the issues of social networking websites like Facebook. It is increasingly common to see photos uploaded and tagged without the knowledge or permission of the people affected. 17 | 18 | While we encourage you to be active politically to maintain your right to privacy, we wrote this book in order to empower people who feel that maintaining privacy on the Internet is also a personal responsibility. We hope these chapters will help you reach a point where you can feel that you have some control over how much other people know about you. Each of us has the right to a private life, a right to explore, browse and communicate with others as one wishes, without living in fear of prying eyes. 19 | -------------------------------------------------------------------------------- /src/chapter_00_introducing_cryptoparty/03_a_cryptoparty_manifesto.md: -------------------------------------------------------------------------------- 1 | A CryptoParty Manifesto 2 | ======================= 3 | 4 | > **"Man is least himself when he talks in his own person. Give him a mask, and he will tell you the truth." - Oscar Wilde** 5 | 6 | In 1996, John Perry Barlow, co-founder of the [Electronic Frontier Foundation (EFF)](https://www.eff.org/), wrote 'A Declaration of the Independence of Cyberspace'. It includes the following passage: 7 | 8 | > Cyberspace consists of transactions, relationships, and thought itself, arrayed like a standing wave in the web of our communications. Ours is a world that is both everywhere and nowhere, but it is not where bodies live. 9 | 10 | > We are creating a world that all may enter without privilege or prejudice accorded by race, economic power, military force, or station of birth. 11 | 12 | > We are creating a world where anyone, anywhere may express his or her beliefs, no matter how singular, without fear of being coerced into silence or conformity. 13 | 14 | Sixteen years later, and the Internet has changed the way we live our lives. It has given us the combined knowledge of humankind at our fingertips. We can form new relationships and share our thoughts and lives with friends worldwide. We can organise, communicate and collaborate in ways never thought possible. This is the world we want to hand down to our children, a world with a free Internet. 15 | 16 | Unfortunately, not all of John Perry Barlow's vision has come to pass. Without access to online anonymity, we can not be free from privilege or prejudice. Without privacy, free expression is not possible. 17 | 18 | The problems we face in the 21st Century require all of humanity to work together. The issues we face are serious: climate change, energy crises, state censorship, mass surveillance and on-going wars. We must be free to communicate and associate without fear. We need to support free and open source projects which aim to increase the commons' knowledge of technologies that we depend on [http://opensourceecology.org/wiki](http://opensourceecology.org/wiki) Contribute! 19 | 20 | To realise our right to privacy and anonymity online, we need peer-reviewed, crowd-sourced solutions. CryptoParties provide the opportunity to meet up and learn how to use these solutions to give us all the means with which to assert our right to privacy and anonymity online. 21 | 22 | 1. We are all users, we fight for the user and we strive to empower the user. We assert user requests are why computers exist. We trust in the collective wisdom of human beings, not software vendors, corporations or governments. We refuse the shackles of digital gulags, lorded over by vassal interests of governments and corporations. We are the CypherPunk Revolutionaries. 23 | 24 | 2. The right to personal anonymity, pseudonymity and privacy is a basic human right. These rights include life, liberty, dignity, security, right to a family, and the right to live without fear or intimidation. No government, organisation or individual should prevent people from accessing the technology which underscores these basic human rights. 25 | 26 | 3. Privacy is the right of the individual. Transparency is a requirement of governments and corporations who act in the name of the people. 27 | 28 | 4. The individual alone owns the right to their identity. Only the individual may choose what they share. Coercive attempts to gain access to personal information without explicit consent is a breach of human rights. 29 | 30 | 5. All people are entitled to cryptography and the human rights crypto tools afford, regardless of race, colour, sex, language, religion, political or other opinion, national or social origin, property, birth, political, jurisdictional or international status of the country or territory in which a person resides. 31 | 32 | 6. Just as governments should exist only to serve their citizens - so too, cryptography should belong to the people. Technology should not be locked away from the people. 33 | 34 | 7. Surveillance cannot be separated from censorship, and the slavery it entails. No machine shall be held in servitude to surveillance and censorship. Crypto is a key to our collective freedom. 35 | 36 | 8. Code is speech: code is human created language. To ban, censor or lock cryptography away from the people is to deprive human beings from a human right, the freedom of speech. 37 | 38 | 9. Those who would seek to stop the spread of cryptography are akin to the 15th century clergy seeking to ban the printing press, afraid their monopoly on knowledge will be undermined. 39 | 40 | -------------------------------------------------------------------------------- /src/chapter_00_introducing_cryptoparty/04_party_like_its_december_31st_1983.md: -------------------------------------------------------------------------------- 1 | Party like it's December 31st 1983 2 | ================================== 3 | 4 | ## What is CryptoParty? 5 | 6 | *CryptoParty* is a decentralized, global initiative to introduce basic tools for protecting privacy, anonymity and overall security on the Internet to the general public. 7 | 8 | The idea was conceived in the wake of the [Australian Cybercrime Legislation Amendment Bill 2011](http://theconversation.edu.au/cybercrime-bill-makes-it-through-but-what-does-that-mean-for-you-8953) and the reasoning is that laws like this are without substance when everybody encrypts their communication. 9 | 10 | CryptoParties are neither commercially nor politically aligned, and free and open to attend for everyone as long as they live the following *guiding principles*: 11 | 12 | ### Be excellent to each other 13 | 14 | CryptoParties are environments where people feel welcome and safe to learn and teach no matter their background or level of expertise. All questions are relevant, all explanation shall be targeted at the person with least pre-knowledge. 15 | 16 | This also means that any form of harassment or other behaviour that makes people uncomfortable has no place at CryptoParties. In our experience situations like these (as seldom as they occur) stem rather from social ineptitude than malice and can thus be resolved by making people aware of their behaviour and its effect on others, but in last consequence it is on the organizers of the CryptoParty to ask people to leave if they do not adhere to this very simple rule. Be excellent to each other. Awareness is key in this regard. 17 | 18 | 19 | ### Do things 20 | 21 | CryptoParties happen because people make them happen. The most amazing and unforeseen learning experiences happen because people make them happen. If you are uncertain if what you have in mind is on topic or if other people are interested as well: Propose it anyway and see what other people have to say. If you are too shy to propose to the whole room: Ask the person standing next to you first. 22 | 23 | On a more global scale, there is a mailing list [](https://cryptoparty.is/mailman/listinfo/global) which is open for questions and discussion of all kind, as well as country and city-specific mailing lists and other resources which can be found on https://cryptoparty.in . 24 | 25 | For a guide on how to organize CryptoParties please be referred to the chapter of the same name. 26 | 27 | -------------------------------------------------------------------------------- /src/chapter_01_understanding_email/03_secure_connections.md: -------------------------------------------------------------------------------- 1 | Secure Connections 2 | ================== 3 | 4 | Can other people read along when I check my email? 5 | -------------------------------------------------- 6 | 7 | As discussed in the Chapter **Basic Tips**, whether you use webmail or an email program you should always be sure to use encryption for the entire session, from login to logout. This will keep anyone from spying on your communication with your email provider. Thankfully, this is easily done due to the popular use of *TLS/SSL* connections on email servers (See appendix **TLS/SSL**). 8 | 9 | A TLS/SSL connection in the browser, when using webmail, will appear with `https` in the URL instead of the standard `http`, like so: 10 | 11 | `https://gigglemail.com` 12 | 13 | If your webmail host does not provide a TLS/SSL service then you should consider discontinuing use of that account; even if your emails themselves are not especially private or important, your account can very easily be hacked by "sniffing" your password! If it is not enabled already be sure to turn it on in your account options. At the time of writing, Google's Gmail and Hotmail / Microsoft Live both automatically switch your browser to using a secure connection. 14 | 15 | If you are using an email program like Thunderbird, Mail.app or Outlook, be sure to check that you are using TLS/SSL in the options of the program. See the chapter **Setting Up Secure Connections** in the section **Email Security**. 16 | 17 | Notes 18 | ----- 19 | 20 | It's important to note that the administrators at providers like Hotmail or Google, that host, receive or forward your email can read your email even if you are using secure connections. It is also worth nothing that the cryptographic keys protecting a TLS/SSL connection can be deliberately disclosed by site operators, or copied without their permission, breaching the confidentiality of that connection. It is also possible for a Certificate Authority to be corrupted or compromised so that it creates false certificates for keys held by eavesdroppers, making it much easier for a Man In The Middle Attack on connections using TLS/SSL (See Glossary for "Man in the Middle Attack"). An example of compromised E-mail providers is discussed here, implicating America's NSA and several email providers: [http://cryptome.info/0001/nsa-ssl-email.htm](http://cryptome.info/0001/nsa-ssl-email.htm) 21 | 22 | We also note here that a *Virtual Private Network* also a good way of securing your connections when sending and reading email but requires using a VPN client on your local machine connecting to a server. See the chapter **Virtual Private Networking** in the **Browsing** section. 23 | -------------------------------------------------------------------------------- /src/chapter_01_understanding_email/04_secure_emails.md: -------------------------------------------------------------------------------- 1 | Secure Emails 2 | ============= 3 | 4 | It is possible to send and receive secure email using standard current email programs by adding a few add-ons. The essential function of these add-ons is to make the message body (but not the To:, From:, CC: and Subject: fields) unreadable by any 3rd party that intercepts or otherwise gains access to your email or that of your conversation partner. This process is known as encryption. 5 | 6 | Secure email is generally done using a technique called *Public-Key Cryptography*. Public-Key Cryptography is a clever technique that uses two code keys to send a message. Each user has a *public key*, which can only be used to encrypt a message but not to decrypt it. The public keys are quite safe to pass around without worrying that somebody might discover them. The *private keys* are kept secret by the person who receives the message and can be used to decode the messages that are encoded with the matching public key. 7 | 8 | In practice, that means if Rosa wants to send Heinz a secure message, she only needs his public key which encodes the text. Upon receiving the email, Heinz then uses his private key to decrypt the message. If he wants to respond, he will need to use Rosa's public key to encrypt the response, and so on. 9 | 10 | What software can I use to encrypt my email? 11 | -------------------------------------------- 12 | 13 | The most popular setup for public-key cryptography is to use *Gnu Privacy Guard (GPG)* to create and manage keys and an add-on to integrate it with standard email software. Using GPG will give you the option of encrypting sensitive mail and decoding incoming mail that has been encrypted but it will not force you to use it all the time. In years past, it was quite difficult to install and set up email encryption but recent advances have made this process relatively simple. 14 | 15 | See section **Email Encryption** for working with GPG in the scope of your operating system and email program. 16 | 17 | If you use a *webmail* service and wish to encrypt your email this is more difficult. You can use a GPG program on your computer to encrypt the text using your public key or you can use an add-on, like Lock The Text ([http://lockthetext.sourceforge.net/](http://lockthetext.sourceforge.net/)). If you want to keep your messages private, we suggest using a dedicated email program like Thunderbird instead of webmail. 18 | -------------------------------------------------------------------------------- /src/chapter_02_understanding_browsing/03_accounts_and_security.md: -------------------------------------------------------------------------------- 1 | Accounts and Security 2 | ===================== 3 | 4 | When you browse, you may be logged into various services, sometimes at the same time. It may be a company website, your email or a social networking site. Our accounts are important to us because highly sensitive information about us and others is stored on machines elsewhere on the Internet. 5 | 6 | Keeping your accounts secure requires more than just a strong password (see section **Passwords**) and a secure communication link with the server via TLS/SSL (see chapter **Secure Connection**). Unless specified otherwise, most browsers will store your login data in tiny files called cookies, reducing the need for you re-type your password when you reconnect to those sites. This means that someone with access to your computer or phone may be able to access your accounts without having to steal your password or do sophisticated snooping. 7 | 8 | As smart phones have become more popular there has been a dramatic rise in account hijacking with stolen phones. Laptops theft presents a similar risk. If you do choose to have the browser save your passwords then you have a few options to protect yourself: 9 | 10 | * Use a screen lock. If you have a phone and prefer an unlock pattern system get in the habit of wiping the screen so an attacker can not guess the pattern from finger smears. On a Laptop, you should set your screensaver to require a password as well as a password on start-up. 11 | * Encrypt your hard disk. TrueCrypt is an open and secure disk encryption system for Windows 7/Vista/XP, Mac OS X and Linux. OSX and most Linux distributions provide the option for disk encryption on install. 12 | * Android Developers: do not enable USB debugging on your phone by default. This allows an attacker using the Android *ADB Shell* on a computer to access your phone's hard disk without unlocking the phone. 13 | 14 | Can malicious web sites take over my accounts? 15 | ---------------------------------------------- 16 | 17 | Those special cookies that contain your login data are a primary point of vulnerability. One particularly popular technique for stealing login data is called click-jacking, where the user is tricked into clicking on a seemingly innocuous link, executing a script that takes advantage of the fact you are logged in. The login data can then be stolen, giving the remote attacker access to your account. While this is a very complicated technique, it has proven effective on several occasions. Both Twitter and Facebook have seen cases of login sessions being stolen using these techniques. 18 | 19 | It's important to develop a habit for thinking before you click on links to sites while logged into your accounts. One technique is to use another browser entirely that is not logged into your accounts as a tool for testing the safety of a link. Always confirm the address (URL) in the link to make sure it is spelled correctly. It may be a site with a name very similar to one you already trust. Note that links using URL shorteners (like http://is.gd and http://bit.ly) present a risk as you cannot see the actual link you are requesting data from. 20 | 21 | If using Firefox on your device, use the add-on [NoScript](http://noscript.net) as it mitigates many of the *Cross Site Scripting* techniques that allow for your cookie to be hijacked but it will disable many fancy features on some web sites. 22 | -------------------------------------------------------------------------------- /src/chapter_02_understanding_browsing/chrome_delete_cookies_01.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_02_understanding_browsing/chrome_delete_cookies_01.png -------------------------------------------------------------------------------- /src/chapter_02_understanding_browsing/chrome_delete_cookies_02.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_02_understanding_browsing/chrome_delete_cookies_02.png -------------------------------------------------------------------------------- /src/chapter_02_understanding_browsing/chrome_private_browsing_01.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_02_understanding_browsing/chrome_private_browsing_01.png -------------------------------------------------------------------------------- /src/chapter_02_understanding_browsing/chrome_private_browsing_02.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_02_understanding_browsing/chrome_private_browsing_02.png -------------------------------------------------------------------------------- /src/chapter_02_understanding_browsing/firefox_delete_cookies_01.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_02_understanding_browsing/firefox_delete_cookies_01.png -------------------------------------------------------------------------------- /src/chapter_02_understanding_browsing/firefox_delete_cookies_02.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_02_understanding_browsing/firefox_delete_cookies_02.png -------------------------------------------------------------------------------- /src/chapter_02_understanding_browsing/firefox_private_browsing_01.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_02_understanding_browsing/firefox_private_browsing_01.png -------------------------------------------------------------------------------- /src/chapter_02_understanding_browsing/firefox_private_browsing_02.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_02_understanding_browsing/firefox_private_browsing_02.png -------------------------------------------------------------------------------- /src/chapter_02_understanding_browsing/firefox_private_browsing_03.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_02_understanding_browsing/firefox_private_browsing_03.png -------------------------------------------------------------------------------- /src/chapter_02_understanding_browsing/ghostery01.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_02_understanding_browsing/ghostery01.png -------------------------------------------------------------------------------- /src/chapter_02_understanding_browsing/ghostery02.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_02_understanding_browsing/ghostery02.png -------------------------------------------------------------------------------- /src/chapter_02_understanding_browsing/ghostery03.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_02_understanding_browsing/ghostery03.png -------------------------------------------------------------------------------- /src/chapter_02_understanding_browsing/ghostery04.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_02_understanding_browsing/ghostery04.png -------------------------------------------------------------------------------- /src/chapter_02_understanding_browsing/ghostery05.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_02_understanding_browsing/ghostery05.png -------------------------------------------------------------------------------- /src/chapter_02_understanding_browsing/ghostery06.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_02_understanding_browsing/ghostery06.png -------------------------------------------------------------------------------- /src/chapter_02_understanding_browsing/ie_delete_cookies_01.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_02_understanding_browsing/ie_delete_cookies_01.png -------------------------------------------------------------------------------- /src/chapter_02_understanding_browsing/ie_delete_cookies_02.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_02_understanding_browsing/ie_delete_cookies_02.png -------------------------------------------------------------------------------- /src/chapter_02_understanding_browsing/ie_private_browsing_01.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_02_understanding_browsing/ie_private_browsing_01.png -------------------------------------------------------------------------------- /src/chapter_02_understanding_browsing/ie_private_browsing_02.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_02_understanding_browsing/ie_private_browsing_02.png -------------------------------------------------------------------------------- /src/chapter_03_publishing_and_distribution/01_anonymous_email.md: -------------------------------------------------------------------------------- 1 | Anonymous Email 2 | =============== 3 | 4 | Every data packet traveling through the Internet contains information about its sender and its recipient. This applies to email as well as any other network communication. There are several ways to reduce identifying information but no way to remove it completely. 5 | 6 | Sending From Throw-away Email Accounts 7 | -------------------------------------- 8 | 9 | One option is to use a throw-away email account. This is an account set up at a service like Gmail or Hotmail, used once or twice for anonymous exchange. When signing up for the account, you will need to provide fake information about your name and location. After using the account for a short amount of time, say 24 hours, you should never log in again. If you need to communicate further, then create a new account. 10 | 11 | It is very important to keep in mind that these services keep logs of the IP addresses of those using them. If you are sending highly sensitive information, you will need to combine a throw away email account with Tor in order keep your IP address hidden. 12 | 13 | If you are not expecting a reply, then an anonymous remailer like AnonEmail or Silentsender may be a useful solution. A remailer is a server that receives messages with instructions on where to send the data and acts as a relay, forwarding it from a generic address without revealing the identity of the original sender. This works best when combined with an email provider like Hushmail or RiseUp who are specially set up for secure email connections. 14 | 15 | Both of these methods are useful, but only if you always remember that the intermediary himself knows where the original message came from and can read the messages as they come in. Despite their claims to protect your identity, these services often have user agreements that indicate their right "to disclose to third parties certain registration data about you" or they are suspected to be compromised by secret services. The only way to safely use this technique is to not trust these services at all, and apply extra security measures: send via Tor using a throw-away email address. 16 | 17 | If you only need to receive email, services like Mailinator and MintEmail give you an email address that destroys itself after a few hours. When signing up for any account, you should provide fake information about your name and location and protect yourself by using Tor. 18 | 19 | Be Careful about what you say! 20 | ------------------------------ 21 | 22 | The content of your message can give away your identity. If you mention details about your life, your geography, social relations or personal appearance, people may be able to determine who is sending the message. Even word choice and style of writing can be used to guess who might be behind anonymous emails. 23 | 24 | You should not use the same user name for different accounts or use a name that you are already linked to like a childhood nickname or a favorite book character. You should never use your secret email for normal personal communication. If someone knows your secrets, do not communicate with that person using this email address. If your life depends on it, change your secret email address often as well as between providers. 25 | 26 | Finally, once you have your whole email set up to protect your identity, vanity is your worst enemy. You need to avoid being distinct. Do not try to be clever, flamboyant or unique. Even the way you break your paragraphs is valuable data for identification, especially these days when every school essay and blog post you have written is available in the Internet. Powerful organizations can actually use these texts to build up a database that can "fingerprint" writing. 27 | -------------------------------------------------------------------------------- /src/chapter_04_secure_calls_and_sms/00_secure_calls.md: -------------------------------------------------------------------------------- 1 | Secure Calls 2 | ============ 3 | 4 | Phone calls made over the normal telecommunications system have some forms of protection from third party interception, i.e. GSM mobile phones calls are encrypted. GSM calls are not encrypted end-to-end however and telephone providers are increasingly forced to give governments and law enforement organisations access to your calls. In addition to this the encryption used in GSM has been cracked and now anyone with enough interest and capital can buy the equipment to intercept calls. A GSM Interceptor ([http://en.intercept.ws/catalog/2087.html](http://en.intercept.ws/catalog/2087.html) is an off the shelf device to record mobile phone conversations when in the vicinity of the call. Centralised or proprietary systems like Skype also encrypt calls but have built in backdoors for secret services and governments and are at the behest of their owner (in Skype's case Microsoft). Additionally, there are a whole classification of devices called IMSI catchers which can further gather information about mobile phones, including the content of your communication. 5 | 6 | However, there are a variety of tools you can use to secure your phone using end-to-end encryption. 7 | 8 | iOS - Installing Signal 9 | --------------------------- 10 | 11 | From the makers of TextSecure is a free and open source tool named Signal. [https://itunes.apple.com/us/app/signal-private-messenger/id874139669?mt=8](https://itunes.apple.com/us/app/signal-private-messenger/id874139669?mt=8) Signal uses similar same encryption methods as SilentCircle but provides their service with free and using open source tools. Additionally, the GUI is extremely easy to use. Signal will transparently detect if you are calling a fellow Signal user and ask if you wish to make a "secure call" (with Signal) or "insecure call" (without end-to-end encryption). 12 | 13 | 14 | Android - Installing RedPhone 15 | --------------------------- 16 | 17 | Also from the makers of Signal, there is a free and open source tool named Redphone. [https://play.google.com/store/apps/details?id=org.thoughtcrime.redphone&hl=en](https://play.google.com/store/apps/details?id=org.thoughtcrime.redphone&hl=en) Again, RedPhone uses the similar encryption methods as SilentCircle but provides their service with free and using open source tools. Again, the GUI will transparently detect if you are calling a fellow Signal or RedPhone user and ask if you wish to make a "secure call" (with RedPhone) or "insecure call" (without end-to-end encryption). Unfortunately, RedPhone requires the Google Play framework so it will not work on phones without it (stock Cyanogenmod or similar ROMs). 18 | -------------------------------------------------------------------------------- /src/chapter_04_secure_calls_and_sms/01_secure_messaging_and_chat.md: -------------------------------------------------------------------------------- 1 | Secure Messaging 2 | ================ 3 | 4 | SMS are short messages sent between mobile phones. The text is sent without encryption and can be read and stored by mobile phone providers and other parties with access to the network infrastructure to which you're connected. To protect your messages from interception you need to use end-to-end encryption on your text messages. 5 | 6 | Android 7 | ------- 8 | * **TextSecure** - WhisperSystems provide an SMS encryption system for Android called TextSecure, based on public key cryptography which ensures that messages are encrypted on the wire and are also stored in an encrypted database on the device, however to ensure encryption on the wire, both parties must be using the application. It is [Open Source](https://github.com/WhisperSystems/TextSecure/) and available through the [Play Store](https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms&hl=en) 9 | 10 | The encryption technology behind it (named //axolotl//) extends the OTR protocol so that messages can be encrypted and send even if not all of the communicating parties are online. 11 | -------------------------------------------------------------------------------- /src/chapter_05_basic_email_security/gmail_imap.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_05_basic_email_security/gmail_imap.png -------------------------------------------------------------------------------- /src/chapter_05_basic_email_security/thunderbird.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_05_basic_email_security/thunderbird.jpg -------------------------------------------------------------------------------- /src/chapter_05_basic_email_security/thunderbird_conf_1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_05_basic_email_security/thunderbird_conf_1.png -------------------------------------------------------------------------------- /src/chapter_05_basic_email_security/thunderbird_conf_2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_05_basic_email_security/thunderbird_conf_2.png -------------------------------------------------------------------------------- /src/chapter_05_basic_email_security/thunderbird_conf_3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_05_basic_email_security/thunderbird_conf_3.png -------------------------------------------------------------------------------- /src/chapter_05_basic_email_security/thunderbird_conf_4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_05_basic_email_security/thunderbird_conf_4.png -------------------------------------------------------------------------------- /src/chapter_05_basic_email_security/thunderbird_conf_5.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_05_basic_email_security/thunderbird_conf_5.png -------------------------------------------------------------------------------- /src/chapter_05_basic_email_security/thunderbird_inst_1.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_05_basic_email_security/thunderbird_inst_1.jpg -------------------------------------------------------------------------------- /src/chapter_05_basic_email_security/thunderbird_inst_2.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_05_basic_email_security/thunderbird_inst_2.jpg -------------------------------------------------------------------------------- /src/chapter_05_basic_email_security/thunderbird_inst_3.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_05_basic_email_security/thunderbird_inst_3.jpg -------------------------------------------------------------------------------- /src/chapter_05_basic_email_security/thunderbird_inst_4.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_05_basic_email_security/thunderbird_inst_4.jpg -------------------------------------------------------------------------------- /src/chapter_05_basic_email_security/thunderbird_inst_5.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_05_basic_email_security/thunderbird_inst_5.jpg -------------------------------------------------------------------------------- /src/chapter_05_basic_email_security/thunderbird_inst_mac_1.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_05_basic_email_security/thunderbird_inst_mac_1.jpg -------------------------------------------------------------------------------- /src/chapter_05_basic_email_security/thunderbird_inst_mac_2.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_05_basic_email_security/thunderbird_inst_mac_2.jpg -------------------------------------------------------------------------------- /src/chapter_05_basic_email_security/thunderbird_inst_mac_3.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_05_basic_email_security/thunderbird_inst_mac_3.jpg -------------------------------------------------------------------------------- /src/chapter_05_basic_email_security/thunderbird_inst_mac_4.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_05_basic_email_security/thunderbird_inst_mac_4.jpg -------------------------------------------------------------------------------- /src/chapter_05_basic_email_security/thunderbird_inst_ubuntu_1.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_05_basic_email_security/thunderbird_inst_ubuntu_1.jpg -------------------------------------------------------------------------------- /src/chapter_05_basic_email_security/thunderbird_inst_ubuntu_2.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_05_basic_email_security/thunderbird_inst_ubuntu_2.jpg -------------------------------------------------------------------------------- /src/chapter_05_basic_email_security/thunderbird_sec_1.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_05_basic_email_security/thunderbird_sec_1.jpg -------------------------------------------------------------------------------- /src/chapter_05_basic_email_security/thunderbird_sec_2.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_05_basic_email_security/thunderbird_sec_2.jpg -------------------------------------------------------------------------------- /src/chapter_05_basic_email_security/thunderbird_sec_3.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_05_basic_email_security/thunderbird_sec_3.jpg -------------------------------------------------------------------------------- /src/chapter_05_basic_email_security/thunderbird_sec_4.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_05_basic_email_security/thunderbird_sec_4.jpg -------------------------------------------------------------------------------- /src/chapter_05_basic_email_security/thunderbird_sec_5.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_05_basic_email_security/thunderbird_sec_5.jpg -------------------------------------------------------------------------------- /src/chapter_05_basic_email_security/thunderbird_sec_6.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_05_basic_email_security/thunderbird_sec_6.jpg -------------------------------------------------------------------------------- /src/chapter_05_basic_email_security/thunderbird_sec_7.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_05_basic_email_security/thunderbird_sec_7.jpg -------------------------------------------------------------------------------- /src/chapter_05_basic_email_security/thunderbird_sec_8.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_05_basic_email_security/thunderbird_sec_8.jpg -------------------------------------------------------------------------------- /src/chapter_05_basic_email_security/thunderbird_sec_9.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_05_basic_email_security/thunderbird_sec_9.jpg -------------------------------------------------------------------------------- /src/chapter_06_email_encryption/00_introducing_email_encryption_gpg.md: -------------------------------------------------------------------------------- 1 | Introducing mail encryption (PGP) 2 | ================================= 3 | 4 | ![PGP](pgp.jpg) 5 | 6 | This chapter will introduce you to some basic concepts behind mail encryption. It is important to read to get some feeling of how mail encryption actually works and what its caveats and limitations are. **PGP** (Pretty Good Privacy) is the protocol we shall use for e-mail encryption. This protocol allows us to digitally sign and encrypt mail messages. It works on an end-to-end basis: messages will be encrypted on your own computer and will only be decrypted by the recipient of the message. There is no possibility for a 'man-in-the-middle' to decipher the contents of your encrypted message. This *excludes* the subject lines and the 'from' and 'to' addresses, which unfortunately are not encrypted in this protocol. 7 | 8 | After having introduced these basic concepts, the next chapters will give you a hands-on guide to install the necessary tools on your operating system and get encryption up and running. We will focus on using Enigmail which is an extension for Thunderbird that helps you manage PGP encryption for your email. The installation process for Enigmail / PGP is different for Mac OSX, Windows and Ubuntu so please see the appropriate chapters in this section for instructions. 9 | 10 | ![GPG Schema](gpg-schema.jpg) 11 | 12 | Using a key-pair to encrypt your mail 13 | ------------------------------------- 14 | 15 | A crucial concept in mail encryption is the usage of so-called *key-pairs*. A key-pair is just two separate files sitting on your harddisk or USB stick. Whenever you want to encrypt mails for a certain mail-account, you will need to have these files available to yourself in some form. If they are sitting at home on your computer, you will not be able to decrypt mail at the office. Putting them on a USB stick should provide a solution to this problem. 16 | 17 | A key-pair consists of the two different keys: a public key and a secret key. 18 | 19 | The public key: you can give this key to other people, so they can send you encrypted mails. This file does not have to be kept secret. 20 | 21 | The secret key: this basically is your secret file to decrypt emails people send to you. It should *never* be given to someone else. 22 | 23 | Sending encrypted mails to other people: you need their public key 24 | ------------------------------------------------------------------ 25 | 26 | I have five colleagues at work and I want to send encrypted mails to them. I need to have public keys for each of their addresses. They can send me these keys using ordinary mail, or they can give them to me in person, or put them on a USB stick, or they can have their keys on a website. It doesn't matter, as long as I can trust those keys really belong to the person I want to correspond with. My software puts the keys on my `keyring', so my mail application knows how to send them encrypted mails. 27 | 28 | Receiving encrypted mails from other people: they need my public key 29 | -------------------------------------------------------------------- 30 | 31 | For my five (or thirty) colleagues to be able to send *me* encrypted mails, the process goes the other way around. I need to distribute my public key to each of them. 32 | 33 | Conclusion: encryption requires public key distribution! 34 | -------------------------------------------------------- 35 | 36 | All the people in a network of friends or colleagues wanting to send each other encrypted emails, need to distribute their public keys to each other, while keeping their secret keys a closely guarded secret. The software described in this chapter will help you do this key management. -------------------------------------------------------------------------------- /src/chapter_06_email_encryption/01_installing_gpg_on_windows.md: -------------------------------------------------------------------------------- 1 | Installing PGP on Windows 2 | ========================= 3 | 4 | To complicate matters a little - PGP is the protocol used for encrypting e-mail by various softwares. To get PGP to work with Thunderbird we need to install GPG - a free software implementation of PGP *and* Enigmail - an extension of Thunderbird that allows you to use GPG... Confused?! Don't worry about it, all you have to know is how to encrypt your email with PGP and you need to install *both* GPG and Enigmail. Here is how to do it... 5 | 6 | Installing PGP (GPG) on Microsoft Windows 7 | ----------------------------------------- 8 | 9 | The GNU Privacy Guard (GnuPG) is software which is required to send PGP encrypted or signed emails. It is necessary to install this software before being able to do any encryption. 10 | 11 | Head to the website of the Gpg4win project. Go to [http://gpg4win.org/](http://gpg4win.org/) 12 | 13 | On the left side of the website, you will find a 'Download' link. Click on it. 14 | 15 | ![GPG Windows](gpg_win.png) 16 | 17 | This will take you to a page where you can download the Gpg4Win. Click on the button which offers you the latest stable version (not beta) of Gpg4Win. 18 | 19 | ![GPG Windows](gpg_win_2.png) 20 | 21 | This will download you an .exe file. Depending on your browser, you may have to double-click on this downloaded file (named something like `gpg4qin-2.1.0.exe`) before something happens. Windows will ask you if you are sure you want to install this program. Answer yes. 22 | 23 | Then complete the installation by agreeing to the license, choosing appropriate language and accepting the default options by clicking 'Next', unless you have a particular reason not to. 24 | 25 | The installer will ask you where to put the application on your computer. The default setting should be fine but make a note of it as we may need this later. Click on 'Next' when you agree. 26 | 27 | Installing with the Enigmail extension 28 | -------------------------------------- 29 | 30 | After you have successfully installed the **PGP** software as we described above you are now ready to install the **Enigmail** add-on. 31 | 32 | Enigmail is a Thunderbird add-on that lets you protect the privacy of your email conversations. Enigmail is simply an interface that lets you use PGP encryption from within Thunderbird. 33 | 34 | Enigmail is based on public-key cryptography. In this method, each individual must generate her/his own personal key pair. The first key is known as the private key. It is protected by a password or passphrase, guarded and never shared with anyone. 35 | 36 | The second key is known as the public key. This key can be shared with any of your correspondents. Once you have a correspondent's public key you can begin sending encrypted e-mails to this person. Only she will be able to decrypt and read your emails, because she is the only person who has access to the matching private key. 37 | 38 | Similarly, if you send a copy of your own public key to your e-mail contacts and keep the matching private key secret, only you will be able to read encrypted messages from those contacts. 39 | 40 | Enigmail also lets you attach digital signatures to your messages. The recipient of your message who has a genuine copy of your public key will be able to verify that the e-mail comes from you, and that its content was not tampered with on the way. Similarly, if you have a correspondent's public key, you can verify the digital signatures on her messages. 41 | 42 | Installation steps 43 | ------------------ 44 | 45 | To begin installing Enigmail, perform the following steps: 46 | 47 | 1. Open **Thunderbird**, then `Select Tools > Add-ons` to activate the *Add-ons* window; the Add-ons window will appear with the default *Get Add-ons* pane enabled. 48 | 49 | 2. Enter enigmail in the search bar, like below, and click on the search icon. 50 | 51 | ![Enigmail Install](enigmail_inst_1.png) 52 | 53 | 3. Simply click on the 'Add to Thunderbird' button to start the installation. 54 | 55 | 4. Thunderbird will ask you if you are certain you want to install this add-on. We trust this application so we should click on the 'Install now' button. 56 | 57 | ![Enigmail Install](enigmail_inst_2.png) 58 | 59 | 5. After some time the installation should be completed and the following window should appear. Please click on the 'Restart Thunderbird' button. 60 | 61 | ![Enigmail Install](enigmail_inst_3.png) 62 | -------------------------------------------------------------------------------- /src/chapter_06_email_encryption/02_installing_gpg_on_osx.md: -------------------------------------------------------------------------------- 1 | Installing PGP on OSX 2 | ===================== 3 | 4 | The GNU Privacy Guard (GnuPG) is software which enables you to send PGP encrypted or signed emails. It is necessary to install this software before being able to do any encryption. This chapter covers the installation steps required to install GnuPG on Mac OSX. 5 | 6 | Getting started 7 | --------------- 8 | 9 | For this chapter we assume you have the latest version of: 10 | 11 | * OSX installed (10.6.7) 12 | * Thunderbird (3.1.10) 13 | 14 | **Note on OSX Mail:** It is possible to use PGP with the build-in mail program of OSX. But we do not recommend this because this option relies on a hack of the program which is neither open or supported by its developer and breaks with every update of the mail program. So unless you really have no other option we advice you to switch to Mozilla Thunderbird as your default mail program if you want to use PGP. 15 | 16 | Downloading and installing the Software 17 | --------------------------------------- 18 | 19 | 1. For OSX there is a bundle available which will install everything you need in one installation. You can get it by directing your browser to [http://www.gpgtools.org/](http://www.gpgtools.org/) and clicking on the big blue disk with "Download GPGTools Installer" written under it. It will redirect you to another page on [http://www.gpgtools.org/installer/index.html](http://www.gpgtools.org/installer/index.html) where you can actually download the software. 20 | 21 | *(nb. We are using the latest version Firefox for this manual, so the screens might look a little bit different if you are using a different browser)* 22 | 23 | ![GPG Install](gpg_mac_inst_1.jpg) 24 | 25 | 2. Download the software by choosing 'Save File' and clicking 'OK' in the dialogue. 26 | 27 | ![GPG Install](gpg_mac_inst_2.jpg) 28 | 29 | 3. Navigate to the folder where you normally store your downloads (Mostly the desktop or the downloads folder surprisingly) en double click the '.DMG' file to open the virtual disk containing the installer. 30 | 31 | ![GPG Install](gpg_mac_inst_3.jpg) 32 | 33 | 4. Open the installer by double-clicking on the icon. 34 | 35 | ![GPG Install](gpg_mac_inst_4.jpg) 36 | 37 | 5. The program will check your computer to see if it can run on the computer. 38 | 39 | (Note, if you're Mac is bought before 2006 it will not have an intel processor required to run this software and the installation will fail. Sadly it is beyond the scope op this manual to also take into account computers over five year old) 40 | 41 | ![GPG Install](gpg_mac_inst_5.jpg) 42 | 43 | You will be guided by the program through the next steps like accepting the license agreement. But stop pressing all the OK's and Agrees as soon as you come to the 'Installation Type' screen: 44 | 45 | ![GPG Install](gpg_mac_inst_6.jpg) 46 | 47 | 6. Clicking 'Customize' will open this screen where you several options of programs and software to install. You can click on each one of them to get a little bit of information on what is is, what it does and why you might need it. 48 | 49 | ![GPG Install](gpg_mac_inst_7.jpg) 50 | 51 | As said in the intro; we advise against using Apple Mail in combination with PGP. Therefore you won't be needing 'GPGMail', as this enables PGP on Apple Mail, and you can uncheck it. 52 | 53 | '**Enigmail**' on the other hand is very important as it is the component that will enable Thunderbird to use PGP. In the screen shot here it is greyed out as the installer wasn't able to identify my installation of Thunderbird. Since this seems to be a bug. You can also install Enigmail from within Thunderbird as is explained in another chapter. 54 | 55 | If the option is not greyed out in your installation, you should tick it. 56 | 57 | After you checked all the components you want to install click 'Install' to proceed. The installer will ask you for your password and after you enter that the installation will run and complete; Hooray! 58 | 59 | ![GPG Install](gpg_mac_inst_8.jpg) 60 | 61 | Installing up Engimail 62 | ---------------------- 63 | 64 | 1. Open **Thunderbird**, then `Select Tools > Add-ons` to activate the *Add-ons* window; the Add-ons window will appear with the default *Get Add-ons* pane enabled. 65 | 66 | In the Add-On window, you can search for 'Enigmail' and install the extension by clicking 'Add to Thunderbird ...' 67 | 68 | 2. After you open the Add-On window, you can search for 'Enigmail' and install the extension by clicking 'Add to Thunderbird ...' 69 | 70 | ![GPG Install](enigmail_mac_inst_1.jpg) 71 | 72 | 3. Click on 'Install Now' to download and install the extension. 73 | 74 | ![GPG Install](enigmail_mac_inst_2.jpg) 75 | 76 | **Be aware that you will have to restart Thunderbird to use the functionality of this extension!** 77 | 78 | Now that you have successfully downloaded and installed Enigmail and PGP you can go on to the Chapter that deals with setting up the software for use. -------------------------------------------------------------------------------- /src/chapter_06_email_encryption/03_installing_gpg_on_ubuntu.md: -------------------------------------------------------------------------------- 1 | Installing PGP on Ubuntu 2 | ======================== 3 | 4 | We will use the Ubuntu Software Centre for installing PGP (Enigmail and accessories). First open the Ubuntu Software Center through the Unity menu by typing 'software' into the Unity search area 5 | 6 | ![PGP Install](pgp_ubuntu_inst_1.png) 7 | 8 | Click on the 'Ubuntu Software Center'. 9 | 10 | Type into the search field 'Enigmail' and search results should be returned automatically: 11 | 12 | Highlight the Enigmail item (it should be highlighted by default) and click 'Install' and you will be asked to authenticate the installation process. 13 | 14 | ![PGP Install](pgp_ubuntu_inst_2.png) 15 | 16 | Enter your password and click 'Authenticate'. The installation process will begin. 17 | 18 | When the process is completed you get very little feedback from Ubuntu. The progress bar at the top left disappears. The 'In Progress' text on the right also disappears. Enigmail should now be installed. 19 | -------------------------------------------------------------------------------- /src/chapter_06_email_encryption/04_installing_gpg_on_android.md: -------------------------------------------------------------------------------- 1 | Installing GPG on Android 2 | ========================= 3 | 4 | With the growing usage of mobile phones for e-mail, it's interesting to be able to use GPG also on your mobile. This way you can still read the messages sent to you in GPG on your phone and not only on your computer. 5 | 6 | Install the *Android Privacy Guard (APG)* and *K-9 Mail* applications to your Android device from the Google Play Store or another trusted source. 7 | 8 | 1. Generate a new private key that uses DSA-Elgamal with your PC's GPG installation (You can only create keys with up to 1024bit key length on Android itself). 9 | 2. Copy the private key to your Android device. 10 | 3. Import the private key to APG. You may wish to have APG automatically delete the plaintext copy of your private key from your Android device's filesystem. 11 | 4. Set-up your e-mail accounts in *K-9 Mail*. 12 | 5. In the settings for each account, under *Cryptography*, make sure that K-9 Mail knows to use APG. You can also find options here to make K-9 Mail automatically sign your messages and/or encrypt them if APG can find a public key for the recipient(s). 13 | 6. Try it out. 14 | 15 | APG 16 | --- 17 | 18 | This is a small tool which makes GPG encryption possible on the phone. You can use APG to manage your private and public keys. The options in the application are quite straightforward if you are a little knowledge of GPG in general. 19 | 20 | Management of keys is not very well implemented yet. The best way is to manually copy all your public keys to the SD card in the APG folder. Then it's easy to import your keys. After you've imported your public and private keys, GPG encrypting, signing and decrypting will be available for other applications as long as these applications have integrated encryption/GPG. 21 | 22 | GPG enabled e-mail on Android: K-9 Mail 23 | --------------------------------------- 24 | 25 | The default mail application does not support GPG. Luckily there is an excellent alternative: K-9 Mail. This application is based on the original Android mail application but with some improvements. The application can use APG as it's GPG provider. Setting up K-9 Mail is straightforward and similar to setting up mail in the Android default mail application. In the settings menu there is an option to enable "Cryptography" for GPG mail signing. 26 | 27 | If you want to access your GPG mails on your phone this application is a must have. 28 | 29 | Please note, due to some small bugs in K-9 Mail and/or APG, it's very advisable to disable HTML mail and use only Plain text. HTML mails are not encrypted nicely and are often not readable. -------------------------------------------------------------------------------- /src/chapter_06_email_encryption/05_creating_your_gpg_keys.md: -------------------------------------------------------------------------------- 1 | Creating your PGP keys 2 | ====================== 3 | 4 | Enigmail comes with a nice wizard to help you create a public/private key pair (see the chapter introducing PGP for an explanation). You can start the wizard at any time within Thunderbird by selecting `OpenPGP > Setup Wizard` from the menu on top. 5 | 6 | 1. This is what the wizard looks like. Please read the text on every window carefully. It provides useful information and helps you setup PGP to your personal preferences. In the first screen, click on Next to start the configuration. 7 | 8 | ![GPG Keys](gpg_keys_1.png) 9 | 10 | 2. The wizard asks you whether you want to sign all your outgoing mail messages. Signing all your messages is a good choice. If you choose not to, you can still manually decide to sign a message when you are composing it. Click on the 'Next' button after you have made a decision. 11 | 12 | ![GPG Keys](gpg_keys_2.png) 13 | 14 | 3. On the following screen, the wizard asks you whether you want to encrypt *all* your outgoing mail messages. Unlike signing of mails, encryption requires the recipient to have PGP software installed. You should probably answer 'no' to this question, so that you will send normal (unencrypted) mail by default. After you have made your decision, click on the 'Next' button. 15 | 16 | ![GPG Keys](gpg_keys_3.png) 17 | 18 | 4. On the following screen the wizard asks if it can change some of your mail formatting settings to better work with PGP. It is a good choice to answer 'Yes' here. This will mean that by default, mail will be composed in plain text rather than HTML. Click on the 'Next' button after you have made your decision. 19 | 20 | ![GPG Keys](gpg_keys_4.png) 21 | 22 | 5. In the following screen, select one of your mail accounts; the default is selected for you if you only have one. In the 'Passphrase' text box you must enter a password. This is a *new* password which is used to protect your private key. It is **very important** to remember this password, because you cannot read your own encrypted emails if you forget it. Make it a **strong** password, ideally 20 characters or longer. Please see the chapter on passwords for help on creating unique, long and easy to remember passwords. After you have selected your account and created a passphrase, click on the 'Next' button. 23 | 24 | ![GPG Keys](gpg_keys_5.png) 25 | 26 | 6. In the following screen the wizard summarizes the actions it will take to enable PGP encryption for your account. If you are satisfied, click the 'Next' button. 27 | 28 | ![GPG Keys](gpg_keys_6.png) 29 | 30 | 7. Your keys will be created by the wizard, which will take some time. When completed, click on the 'Next' button. 31 | 32 | ![GPG Keys](gpg_keys_7.png) 33 | 34 | 8. You now have your own PGP key-pair. The wizard will ask you if you also want to create a 'Revocation certificate'. This is a file which can be used to inform everyone if your private key is compromised, for example if your laptop is stolen. Think of it as a 'kill switch' for your PGP identity. You may also wish to revoke the key simply because you have generated a new one, and the old one is obsolete. 35 | 36 | ![GPG Keys](gpg_keys_8.png) 37 | 38 | 9. If you decided to generate a revocation certificate, the wizard will ask you where the file should be saved. The dialog will look different depending on which operating system you use. It is a good idea to rename the file to something sensible like my_revocation_certificate. Click on 'Save' when you you have decided on a location. 39 | 40 | ![GPG Keys](gpg_keys_9.png) 41 | 42 | 10. If you decided to generate a revocation certificate, the wizard informs you it has been successfully stored. You may want to print it out or burn it to a CD and keep it in a safe place. 43 | 44 | ![GPG Keys](gpg_keys_10.png) 45 | 46 | 11. The wizard will inform you it has completed. 47 | 48 | ![GPG Keys](gpg_keys_11.png) 49 | 50 | Congratulations, you now have a fully PGP-configured mail client. In the next chapter we will explain how to manage your keys, sign messages and do encryption. Thunderbird can help you do a lot of these things automatically. -------------------------------------------------------------------------------- /src/chapter_06_email_encryption/07_webmail_and_gpg.md: -------------------------------------------------------------------------------- 1 | Webmail and PGP 2 | =============== 3 | 4 | The only safe way of encrypting email inside of the browser window is to encypt it outside and then copy & paste the encrypted text into the browser window. 5 | 6 | For example, write the text in a text editor like gedit, vim or kate and save it as .txt file (in this example "message.txt". Then type 7 | 8 | gpg -ase -r -r message.txt 9 | 10 | A new file called "message.asc" will be created. It contains the encrypted message and can thus be either attached to an email or its content safely copy & pasted into the browser window. 11 | 12 | To decrypt a message from the browser window, simply type `gpg` into the command line and hit Enter. Then copy & paste the message to be decrpyted into the commandline window and after being asked for your passphrase hit Ctrl+D (this enters a end-of-file character and prompts gpg to output the cleartext message). 13 | 14 | If using the commandline seems too cumbersome to you, you might consider installing a helper application like gpgApplet, kgpg or whatever application ships with your operating system. 15 | -------------------------------------------------------------------------------- /src/chapter_06_email_encryption/daily_gpg_1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_06_email_encryption/daily_gpg_1.png -------------------------------------------------------------------------------- /src/chapter_06_email_encryption/daily_gpg_10.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_06_email_encryption/daily_gpg_10.png -------------------------------------------------------------------------------- /src/chapter_06_email_encryption/daily_gpg_11.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_06_email_encryption/daily_gpg_11.png -------------------------------------------------------------------------------- /src/chapter_06_email_encryption/daily_gpg_12.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_06_email_encryption/daily_gpg_12.png -------------------------------------------------------------------------------- /src/chapter_06_email_encryption/daily_gpg_13.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_06_email_encryption/daily_gpg_13.png -------------------------------------------------------------------------------- /src/chapter_06_email_encryption/daily_gpg_14.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_06_email_encryption/daily_gpg_14.png -------------------------------------------------------------------------------- /src/chapter_06_email_encryption/daily_gpg_15.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_06_email_encryption/daily_gpg_15.png -------------------------------------------------------------------------------- /src/chapter_06_email_encryption/daily_gpg_16.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_06_email_encryption/daily_gpg_16.png -------------------------------------------------------------------------------- /src/chapter_06_email_encryption/daily_gpg_17.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_06_email_encryption/daily_gpg_17.png -------------------------------------------------------------------------------- /src/chapter_06_email_encryption/daily_gpg_18.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_06_email_encryption/daily_gpg_18.png -------------------------------------------------------------------------------- /src/chapter_06_email_encryption/daily_gpg_19.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_06_email_encryption/daily_gpg_19.png -------------------------------------------------------------------------------- /src/chapter_06_email_encryption/daily_gpg_2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_06_email_encryption/daily_gpg_2.png -------------------------------------------------------------------------------- /src/chapter_06_email_encryption/daily_gpg_20.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_06_email_encryption/daily_gpg_20.png -------------------------------------------------------------------------------- /src/chapter_06_email_encryption/daily_gpg_21.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_06_email_encryption/daily_gpg_21.png -------------------------------------------------------------------------------- /src/chapter_06_email_encryption/daily_gpg_22.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_06_email_encryption/daily_gpg_22.png -------------------------------------------------------------------------------- /src/chapter_06_email_encryption/daily_gpg_23.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_06_email_encryption/daily_gpg_23.png -------------------------------------------------------------------------------- /src/chapter_06_email_encryption/daily_gpg_24.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_06_email_encryption/daily_gpg_24.png -------------------------------------------------------------------------------- /src/chapter_06_email_encryption/daily_gpg_25.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_06_email_encryption/daily_gpg_25.png -------------------------------------------------------------------------------- /src/chapter_06_email_encryption/daily_gpg_26.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_06_email_encryption/daily_gpg_26.png -------------------------------------------------------------------------------- /src/chapter_06_email_encryption/daily_gpg_27.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_06_email_encryption/daily_gpg_27.png -------------------------------------------------------------------------------- /src/chapter_06_email_encryption/daily_gpg_28.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_06_email_encryption/daily_gpg_28.png -------------------------------------------------------------------------------- /src/chapter_06_email_encryption/daily_gpg_29.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_06_email_encryption/daily_gpg_29.png -------------------------------------------------------------------------------- /src/chapter_06_email_encryption/daily_gpg_3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_06_email_encryption/daily_gpg_3.png -------------------------------------------------------------------------------- /src/chapter_06_email_encryption/daily_gpg_30.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_06_email_encryption/daily_gpg_30.png -------------------------------------------------------------------------------- /src/chapter_06_email_encryption/daily_gpg_31.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_06_email_encryption/daily_gpg_31.png -------------------------------------------------------------------------------- /src/chapter_06_email_encryption/daily_gpg_32.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_06_email_encryption/daily_gpg_32.png -------------------------------------------------------------------------------- /src/chapter_06_email_encryption/daily_gpg_33.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_06_email_encryption/daily_gpg_33.png -------------------------------------------------------------------------------- /src/chapter_06_email_encryption/daily_gpg_34.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_06_email_encryption/daily_gpg_34.png -------------------------------------------------------------------------------- /src/chapter_06_email_encryption/daily_gpg_35.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_06_email_encryption/daily_gpg_35.png -------------------------------------------------------------------------------- /src/chapter_06_email_encryption/daily_gpg_36.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_06_email_encryption/daily_gpg_36.png -------------------------------------------------------------------------------- /src/chapter_06_email_encryption/daily_gpg_37.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_06_email_encryption/daily_gpg_37.png -------------------------------------------------------------------------------- /src/chapter_06_email_encryption/daily_gpg_4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_06_email_encryption/daily_gpg_4.png -------------------------------------------------------------------------------- /src/chapter_06_email_encryption/daily_gpg_5.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_06_email_encryption/daily_gpg_5.png -------------------------------------------------------------------------------- /src/chapter_06_email_encryption/daily_gpg_6.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_06_email_encryption/daily_gpg_6.png -------------------------------------------------------------------------------- /src/chapter_06_email_encryption/daily_gpg_7.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_06_email_encryption/daily_gpg_7.png -------------------------------------------------------------------------------- /src/chapter_06_email_encryption/daily_gpg_8.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_06_email_encryption/daily_gpg_8.png -------------------------------------------------------------------------------- /src/chapter_06_email_encryption/daily_gpg_9.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_06_email_encryption/daily_gpg_9.png -------------------------------------------------------------------------------- /src/chapter_06_email_encryption/enigmail_inst_1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_06_email_encryption/enigmail_inst_1.png -------------------------------------------------------------------------------- /src/chapter_06_email_encryption/enigmail_inst_2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_06_email_encryption/enigmail_inst_2.png -------------------------------------------------------------------------------- /src/chapter_06_email_encryption/enigmail_inst_3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_06_email_encryption/enigmail_inst_3.png -------------------------------------------------------------------------------- /src/chapter_06_email_encryption/enigmail_mac_inst_1.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_06_email_encryption/enigmail_mac_inst_1.jpg -------------------------------------------------------------------------------- /src/chapter_06_email_encryption/enigmail_mac_inst_2.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_06_email_encryption/enigmail_mac_inst_2.jpg -------------------------------------------------------------------------------- /src/chapter_06_email_encryption/gpg-schema.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_06_email_encryption/gpg-schema.jpg -------------------------------------------------------------------------------- /src/chapter_06_email_encryption/gpg_keys_1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_06_email_encryption/gpg_keys_1.png -------------------------------------------------------------------------------- /src/chapter_06_email_encryption/gpg_keys_10.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_06_email_encryption/gpg_keys_10.png -------------------------------------------------------------------------------- /src/chapter_06_email_encryption/gpg_keys_11.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_06_email_encryption/gpg_keys_11.png -------------------------------------------------------------------------------- /src/chapter_06_email_encryption/gpg_keys_2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_06_email_encryption/gpg_keys_2.png -------------------------------------------------------------------------------- /src/chapter_06_email_encryption/gpg_keys_3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_06_email_encryption/gpg_keys_3.png -------------------------------------------------------------------------------- /src/chapter_06_email_encryption/gpg_keys_4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_06_email_encryption/gpg_keys_4.png -------------------------------------------------------------------------------- /src/chapter_06_email_encryption/gpg_keys_5.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_06_email_encryption/gpg_keys_5.png -------------------------------------------------------------------------------- /src/chapter_06_email_encryption/gpg_keys_6.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_06_email_encryption/gpg_keys_6.png -------------------------------------------------------------------------------- /src/chapter_06_email_encryption/gpg_keys_7.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_06_email_encryption/gpg_keys_7.png -------------------------------------------------------------------------------- /src/chapter_06_email_encryption/gpg_keys_8.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_06_email_encryption/gpg_keys_8.png -------------------------------------------------------------------------------- /src/chapter_06_email_encryption/gpg_keys_9.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_06_email_encryption/gpg_keys_9.png -------------------------------------------------------------------------------- /src/chapter_06_email_encryption/gpg_mac_inst_1.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_06_email_encryption/gpg_mac_inst_1.jpg -------------------------------------------------------------------------------- /src/chapter_06_email_encryption/gpg_mac_inst_2.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_06_email_encryption/gpg_mac_inst_2.jpg -------------------------------------------------------------------------------- /src/chapter_06_email_encryption/gpg_mac_inst_3.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_06_email_encryption/gpg_mac_inst_3.jpg -------------------------------------------------------------------------------- /src/chapter_06_email_encryption/gpg_mac_inst_4.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_06_email_encryption/gpg_mac_inst_4.jpg -------------------------------------------------------------------------------- /src/chapter_06_email_encryption/gpg_mac_inst_5.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_06_email_encryption/gpg_mac_inst_5.jpg -------------------------------------------------------------------------------- /src/chapter_06_email_encryption/gpg_mac_inst_6.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_06_email_encryption/gpg_mac_inst_6.jpg -------------------------------------------------------------------------------- /src/chapter_06_email_encryption/gpg_mac_inst_7.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_06_email_encryption/gpg_mac_inst_7.jpg -------------------------------------------------------------------------------- /src/chapter_06_email_encryption/gpg_mac_inst_8.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_06_email_encryption/gpg_mac_inst_8.jpg -------------------------------------------------------------------------------- /src/chapter_06_email_encryption/gpg_send.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_06_email_encryption/gpg_send.png -------------------------------------------------------------------------------- /src/chapter_06_email_encryption/gpg_win.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_06_email_encryption/gpg_win.png -------------------------------------------------------------------------------- /src/chapter_06_email_encryption/gpg_win_2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_06_email_encryption/gpg_win_2.png -------------------------------------------------------------------------------- /src/chapter_06_email_encryption/gpg_write.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_06_email_encryption/gpg_write.png -------------------------------------------------------------------------------- /src/chapter_06_email_encryption/pgp.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_06_email_encryption/pgp.jpg -------------------------------------------------------------------------------- /src/chapter_06_email_encryption/pgp_ubuntu_inst_1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_06_email_encryption/pgp_ubuntu_inst_1.png -------------------------------------------------------------------------------- /src/chapter_06_email_encryption/pgp_ubuntu_inst_2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_06_email_encryption/pgp_ubuntu_inst_2.png -------------------------------------------------------------------------------- /src/chapter_07_safer_browsing/00_why_firefox.md: -------------------------------------------------------------------------------- 1 | Why Firefox? 2 | ============ 3 | 4 | Firefox is open source software, developed by the non-profit organisation, the Mozilla Foundation. As such, it is independent from the interests of any one specific company although a [large portion of its funding comes from Google](https://en.wikipedia.org/wiki/Mozilla_Foundation#Financing) for its placement as the default search engine within the Firefox browser. It is also highly extensible through the add-ons and plugins, which allows users greater control over how the browser acts as compared to Internet Explorer or Chrome (and it's open-source'd version, Chromium). It should however be noted that this extensibility through add-ons is a double-edged sword and as such add-ons also have great power to subvert the browsers normal activities as well as enhance them. 5 | 6 | If you are uncomfortable with Google as the default search engine, this can be changed through the 'Manage Search Engines...' option from the pull-down menu of the search box. Some more pro-privacy search engines that are worth considering are [Startpage](https://www.startpage.com/) and [DuckDuckGo](https://duckduckgo.com/). 7 | 8 | -------------------------------------------------------------------------------- /src/chapter_07_safer_browsing/01_accessing_firefox_on_ubuntu.md: -------------------------------------------------------------------------------- 1 | Accessing Firefox on Ubuntu 2 | =========================== 3 | 4 | Firefox is already installed on Ubuntu by default. To open it, click on the Unity side bar where you see the Firefox icon: 5 | 6 | ![Firefox on Ubuntu](ff_ubuntu_1.png) 7 | 8 | Firefox starts and a welcome window opens: 9 | 10 | ![Firefox on Ubuntu](ff_ubuntu_2.png) 11 | -------------------------------------------------------------------------------- /src/chapter_07_safer_browsing/02_installing_firefox_on_mac_os_x.md: -------------------------------------------------------------------------------- 1 | Installing on Mac OS X 2 | ====================== 3 | 4 | 1. To download Firefox, visit [https://www.mozilla.org/firefox](https://www.mozilla.org/firefox) and click on the big green button labeled "Firefox Free Download". The download should start automatically, if it does not, click the link to download it manually. 5 | 6 | ![Mac OS X Firefox Install](ff_mac_inst_1.png) 7 | 8 | 2. When prompted, click **OK**. 9 | 10 | ![Mac OS X Firefox Install](ff_mac_inst_2.png) 11 | 12 | Once the download is complete a window similar to this appears: 13 | 14 | ![Mac OS X Firefox Install](ff_mac_inst_3.png) 15 | 16 | 3. Click and drag the **Firefox** icon on top of the **Applications** icon. 17 | 18 | 4. When the installation is finished, close the two small Firefox windows. 19 | 5. Eject the Firefox disk image. If this does not work by normal means, select the disk image icon and then, in the Finder menu, select `File > Eject Firefox`. 20 | 6. Now, open the **Applications** directory and drag the **Firefox** icon to the dock: 21 | 22 | ![Mac OS X Firefox Install](ff_mac_inst_4.png) 23 | 24 | 7. Click the **Firefox** icon in the Dock to start Firefox. The Import Wizard dialog box appears: 25 | 26 | ![Mac OS X Firefox Install](ff_mac_inst_5.png) 27 | 28 | 8. To import your bookmarks, passwords and other data from Safari, click **Continue**. If you don't want to import anything, just select **Cancel**. 29 | 30 | Congratulations, you are now ready to use Firefox! 31 | 32 | ![Mac OS X Firefox Install](ff_mac_inst_8.png) -------------------------------------------------------------------------------- /src/chapter_07_safer_browsing/03_installing_firefox_on_windows.md: -------------------------------------------------------------------------------- 1 | Installing Firefox on Windows 2 | ============================= 3 | 4 | 1. To download Firefox, visit [https://www.mozilla.com/firefox/](https://www.mozilla.com/firefox/). 5 | 6 | ![Windows Firefox Install](ff_win_inst_1.png) 7 | 8 | 2. Click the download button and the installation file will begin to download to your computer. 9 | 10 | 3. Once the download is complete, double-click the installation file to start the Firefox installation wizard. 11 | 12 | * If you are running Windows Vista, you may get a User Account Control prompt. In this case, allow the setup to run by clicking **Continue**. 13 | * If you are running Windows 7, you will be asked whether to allow Firefox to make changes to your computer. Click on **Yes**. 14 | 15 | A welcome screen appears. 16 | 17 | 4. Click **Next** to continue. You will be asked if you would like the standard installation, or whether you would like to customize it. Choose the standard installation and click **Next**. 18 | 19 | ![Windows Firefox Install](ff_win_inst_2.png) 20 | 21 | 5. You will be asked if you want Firefox to be your default browser. This is recommended. 22 | 23 | ![Windows Firefox Install](ff_win_inst_3.png) 24 | 25 | 6. Click **Install**. 26 | 27 | 7. To import your bookmarks and other data from other browsers (for example Internet Explorer), click **Continue**. If you don't want to import anything, just select **Cancel**. 28 | 29 | ![Windows Firefox Install](ff_win_inst_4.png) 30 | 31 | 8. Once Firefox has been installed, click **Finish** to close the setup wizard. 32 | 33 | If the **Launch Firefox now** check box is checked, Firefox will start after you click **Finish**. Otherwise you can launch Firefox through the start menu. 34 | 35 | ### Windows Vista Users 36 | 37 | If at any time throughout the installation process you are prompted with a User Account Control (UAC) window, press Continue, Allow, or Accept. 38 | 39 | Troubleshooting 40 | --------------- 41 | 42 | If you have problems starting Firefox, see [https://support.mozilla.com/kb/Firefox+will+not+start](https://support.mozilla.com/kb/Firefox+will+not+start) -------------------------------------------------------------------------------- /src/chapter_07_safer_browsing/05_proxy_settings.md: -------------------------------------------------------------------------------- 1 | Proxy Settings 2 | ============== 3 | 4 | A proxy server allows you to reach a Web site or other Internet location even when direct access is blocked in your country or by your ISP. There are many different kinds of proxies, including: 5 | 6 | * Web proxies, which only require that you know the address to the proxy Web site, which may have a URL similar to `http://proxy.com/cgi-bin/nph-proxy.cgi` 7 | * HTTP proxies, which require that you modify your Browser settings. HTTP proxies only work for Web content. You may get the information about a HTTP proxy in the format `proxy.example.com:3128` or `192.168.0.1:8080`. 8 | * SOCKS proxies, which also require that you modify your Browser settings. SOCKS proxies work for many different Internet applications, including e-mail and instant messaging tools. The SOCKS proxy information looks just like HTTP proxy information. 9 | 10 | You can use a Web proxy directly without any configuration by typing in the URL. The HTTP and SOCKS proxies, however, have to be configured in your Web browser. 11 | 12 | Default Firefox proxy configuration 13 | ----------------------------------- 14 | 15 | In Firefox you can change the settings for using a proxy. You'll need to open the Options or Preferences window of Firefox. You can find this in the menu, by clicking on the top of the Window and selecting `Edit > Preferences` on Linux or `Tools > Options` on Windows. 16 | 17 | Go to the Network section and open the Advanced tab. 18 | 19 | ![Firefox Proxy Settings](ff_proxy_1.png) 20 | 21 | Select Settings, click on "Manual proxy configuration" and enter the information of the proxy server you want to use. Please remember that HTTP proxies and SOCKS proxies work differently and have to be entered in the corresponding fields. If there is a colon (:) in your proxy information, that is the separator between the proxy address and the port number. Your screen should look like this: 22 | 23 | ![Firefox Proxy Settings](ff_proxy_2.png) 24 | 25 | After you click OK, your configuration will be saved and your Web browser will automatically connect through that proxy on all future connections. If you get an error message such as, "The proxy server is refusing connections" or "Unable to find the proxy server", there is a problem with your proxy configuration. In that case, repeat the steps above and select "No proxy" in the last screen to deactivate the proxy. 26 | -------------------------------------------------------------------------------- /src/chapter_07_safer_browsing/07_extending_chrome.md: -------------------------------------------------------------------------------- 1 | Extending Google Chrome 2 | ======================= 3 | 4 | Chrome is Google's browser. Here are some useful tips and extensions: 5 | 6 | Disabling Instant Search 7 | ------------------------ 8 | 9 | Chrome can search as you type. The advantage of this is that you get search 10 | suggestions and can use Google's predictions - but the disadvantage is that 11 | every character you type is sent to Google's servers, where it may be logged. 12 | 13 | To disable, open Chrome's settings by clicking the menu button at the right of 14 | the address bar and clicking Settings. Or, simply type `chrome://settings/` in 15 | your address bar. 16 | 17 | Ensure that the **Enable Instant for faster searching (omnibox input may be 18 | logged)** checkbox is unchecked. 19 | 20 | AdBlock for Chrome 21 | ------------------ 22 | 23 | Just like Firefox, AdBlock removes ads. Install from [this Chrome Webstore 24 | page](https://chrome.google.com/webstore/detail/adblock/gighmmpiobklfepjocnamgkkbiglidom). 25 | 26 | HTTPS Everywhere 27 | ---------------- 28 | 29 | Forces encrypted https connections wherever possible. Installation link can be 30 | found on the [EFF HTTPS Everywhere 31 | homepage](https://www.eff.org/https-everywhere). 32 | 33 | PrivacyFix 34 | ---------- 35 | 36 | PrivacyFix (beta) gives you a dashboard view of your privacy settings on 37 | Facebook and Google, as well as Do-Not-Track headers and tracking cookies. It 38 | provides links to quickly change these privacy settings without digging through 39 | many drilldown pages. Install from the [Chrome web store 40 | page](https://chrome.google.com/webstore/detail/privacyfix-by-privacychoi/pmejhjjecaldkllonlokhkglbdbkdcni) 41 | -------------------------------------------------------------------------------- /src/chapter_07_safer_browsing/abp_1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_07_safer_browsing/abp_1.png -------------------------------------------------------------------------------- /src/chapter_07_safer_browsing/disable_rc4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_07_safer_browsing/disable_rc4.png -------------------------------------------------------------------------------- /src/chapter_07_safer_browsing/ff.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_07_safer_browsing/ff.jpg -------------------------------------------------------------------------------- /src/chapter_07_safer_browsing/ff_mac_inst_1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_07_safer_browsing/ff_mac_inst_1.png -------------------------------------------------------------------------------- /src/chapter_07_safer_browsing/ff_mac_inst_2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_07_safer_browsing/ff_mac_inst_2.png -------------------------------------------------------------------------------- /src/chapter_07_safer_browsing/ff_mac_inst_3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_07_safer_browsing/ff_mac_inst_3.png -------------------------------------------------------------------------------- /src/chapter_07_safer_browsing/ff_mac_inst_4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_07_safer_browsing/ff_mac_inst_4.png -------------------------------------------------------------------------------- /src/chapter_07_safer_browsing/ff_mac_inst_5.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_07_safer_browsing/ff_mac_inst_5.png -------------------------------------------------------------------------------- /src/chapter_07_safer_browsing/ff_mac_inst_8.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_07_safer_browsing/ff_mac_inst_8.png -------------------------------------------------------------------------------- /src/chapter_07_safer_browsing/ff_proxy_1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_07_safer_browsing/ff_proxy_1.png -------------------------------------------------------------------------------- /src/chapter_07_safer_browsing/ff_proxy_2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_07_safer_browsing/ff_proxy_2.png -------------------------------------------------------------------------------- /src/chapter_07_safer_browsing/ff_ubuntu_1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_07_safer_browsing/ff_ubuntu_1.png -------------------------------------------------------------------------------- /src/chapter_07_safer_browsing/ff_ubuntu_2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_07_safer_browsing/ff_ubuntu_2.png -------------------------------------------------------------------------------- /src/chapter_07_safer_browsing/ff_win_inst_1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_07_safer_browsing/ff_win_inst_1.png -------------------------------------------------------------------------------- /src/chapter_07_safer_browsing/ff_win_inst_2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_07_safer_browsing/ff_win_inst_2.png -------------------------------------------------------------------------------- /src/chapter_07_safer_browsing/ff_win_inst_3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_07_safer_browsing/ff_win_inst_3.png -------------------------------------------------------------------------------- /src/chapter_07_safer_browsing/ff_win_inst_4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_07_safer_browsing/ff_win_inst_4.png -------------------------------------------------------------------------------- /src/chapter_07_safer_browsing/ff_win_inst_5.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_07_safer_browsing/ff_win_inst_5.png -------------------------------------------------------------------------------- /src/chapter_07_safer_browsing/https_everywhere.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_07_safer_browsing/https_everywhere.png -------------------------------------------------------------------------------- /src/chapter_07_safer_browsing/https_everywhere_2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_07_safer_browsing/https_everywhere_2.png -------------------------------------------------------------------------------- /src/chapter_07_safer_browsing/https_everywhere_3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_07_safer_browsing/https_everywhere_3.png -------------------------------------------------------------------------------- /src/chapter_07_safer_browsing/https_everywhere_4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_07_safer_browsing/https_everywhere_4.png -------------------------------------------------------------------------------- /src/chapter_07_safer_browsing/https_everywhere_5.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_07_safer_browsing/https_everywhere_5.png -------------------------------------------------------------------------------- /src/chapter_07_safer_browsing/https_everywhere_6.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_07_safer_browsing/https_everywhere_6.png -------------------------------------------------------------------------------- /src/chapter_07_safer_browsing/https_schema.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_07_safer_browsing/https_schema.jpg -------------------------------------------------------------------------------- /src/chapter_07_safer_browsing/tor_1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_07_safer_browsing/tor_1.png -------------------------------------------------------------------------------- /src/chapter_07_safer_browsing/tor_10.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_07_safer_browsing/tor_10.png -------------------------------------------------------------------------------- /src/chapter_07_safer_browsing/tor_11.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_07_safer_browsing/tor_11.png -------------------------------------------------------------------------------- /src/chapter_07_safer_browsing/tor_2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_07_safer_browsing/tor_2.png -------------------------------------------------------------------------------- /src/chapter_07_safer_browsing/tor_3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_07_safer_browsing/tor_3.png -------------------------------------------------------------------------------- /src/chapter_07_safer_browsing/tor_4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_07_safer_browsing/tor_4.png -------------------------------------------------------------------------------- /src/chapter_07_safer_browsing/tor_5.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_07_safer_browsing/tor_5.png -------------------------------------------------------------------------------- /src/chapter_07_safer_browsing/tor_6.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_07_safer_browsing/tor_6.png -------------------------------------------------------------------------------- /src/chapter_07_safer_browsing/tor_7.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_07_safer_browsing/tor_7.png -------------------------------------------------------------------------------- /src/chapter_07_safer_browsing/tor_8.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_07_safer_browsing/tor_8.png -------------------------------------------------------------------------------- /src/chapter_07_safer_browsing/tor_9.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_07_safer_browsing/tor_9.png -------------------------------------------------------------------------------- /src/chapter_08_passwords/00_keeping_passwords_safe.md: -------------------------------------------------------------------------------- 1 | Keeping passwords safe 2 | ====================== 3 | 4 | Passwords are like keys in the physical world. If you lose a password you will not be able to get in, and if others copy or steal it they can use it to enter. A good password should not be easy for others to guess and not easy to crack with computers, while still being easy for you to remember. 5 | 6 | Password length and complexity 7 | ------------------------------ 8 | 9 | To protect your passwords from being guessed, length and complexity are important. Passwords like the name of your pet or a birth date are very unsafe, as is using single word that can be found in a dictionary. Do not use a password containing only numbers. Most importantly a secure password is long. Using combinations of lower case letters, capitals, numbers and special characters can improve the security, but length is still the most important factor. 10 | 11 | For use with important accounts like the pass phrase which protects your PGP/GPG or TrueCrypt encrypted data, or the password for your main email account, use 20 characters or more, the longer the better. See [this XKCD cartoon](https://xkcd.com/936/) `"correct horse battery staple"` vis-à-vis `"Tr0ub4dor&3"` for an explanation. 12 | 13 | Easy to remember and secure passwords 14 | ------------------------------------- 15 | 16 | One way to create strong and easy to remember passwords is to use sentences. 17 | 18 | A few examples: 19 | 20 | * `IloveDouglasAdamsbecausehe'sreallyawesome.` 21 | * `Peoplelovemachinesin2029A.D.` 22 | * `BarneyfromHowIMetYourMotherisAWESOME!` 23 | 24 | Sentences are easy to remember, even if they are 50 characters long and contain uppercase characters, lowercase characters, symbols and numbers. 25 | 26 | Minimizing damage 27 | ----------------- 28 | 29 | It is important to minimize the damage if one of your passwords is ever compromised. Use different passwords for different websites or accounts, that way if one is compromised, the others are not. Change your passwords from time to time, especially for accounts you consider to be sensitive. By doing this you can block access to an attacker who may have learned your old password. 30 | 31 | Using a password manager 32 | ------------------------------------------- 33 | 34 | Remembering a lot of different passwords can be difficult. One solution is to use a dedicated application to manage most of your passwords. The next section in this chapter will discuss *Keepass*, a free and open source password manager with no known vulnerabilities, so long as you chose a sufficiently long and complex "master password" to secure it with. 35 | 36 | For website passwords only, another option is the built-in password manager of the Firefox browser. Make sure to set a master password, otherwise this is very insecure! 37 | 38 | Physical protection 39 | ------------------- 40 | 41 | When using a public computer such as at a library, an internet cafe, or any computer you do not own, there are several dangers. Using "over the shoulder" surveillance, someone, possibly with a camera, can watch your actions and may see the account you log in to and the password you type. A less obvious threat is software programs or hardware devices called "keystroke loggers" that record what you type. They can be hidden inside a computer or a keyboard and are not easily spotted. Do not use public computers to log in to your private accounts, such as email. If you do, change your passwords as soon as you get back to a computer you own and trust. 42 | 43 | Other caveats 44 | ------- 45 | 46 | Some applications such as chat or mail programs may ask you to save or "remember" your username and password, so that you don't have to type them every time the program is opened. Doing so may mean that your password can be retrieved by other programs running on the machine, or directly from your hard disk by someone with physical access to it. 47 | 48 | If your login information is sent over an insecure connection or channel, it might fall into the wrong hands. See the chapters on secure browsing for more information. -------------------------------------------------------------------------------- /src/chapter_08_passwords/01_installing_keepass.md: -------------------------------------------------------------------------------- 1 | Installing KeePass 2 | ================== 3 | 4 | We will cover installing KeePass on Ubuntu and Windows. 5 | 6 | Mac OSX comes with an excellent built-in password manager called Keychain that is just as safe. Downsides are that it isn't Open Source and doesn't work on other systems. If you'd need to take your passwords from one Operating System to another it is better to stick with Keepass after all. How to use Keychain is covered in the next chapter. 7 | 8 | Installing KeePassX on Ubuntu 9 | ----------------------------- 10 | 11 | To install on Ubuntu we will use the Ubuntu Software Center. Type KeePass in the search field at the top right and the application KeePassX should automatically appear in the listing. 12 | 13 | Highlight the item (it may already be highlighted by default) and then press 'Install'. You will be asked to Authorise the installation process: 14 | 15 | ![Keepass Install](keepass_1.png) 16 | 17 | Enter your password and press 'Authenticate' the installation process will then begin. 18 | 19 | Ubuntu does not offer very good feedback to show the software is installed. If the green progress indicator on the left has gone and the progress bar on the right has gone then you can assumed the software is installed. 20 | 21 | Installing KeePass on Windows 22 | ----------------------------- 23 | 24 | First visit the [KeePass download webpage](http://keepass.info/download.html) and choose the appropriate installer. For this chapter we are using the [current installer](http://downloads.sourceforge.net/keepass/KeePass-2.15-Setup.exe). 25 | 26 | Download this to your computer then double click on the installer. You will first be asked to select a language, we will choose English: 27 | 28 | ![Keepass Install](keepass_2.png) 29 | 30 | Press 'OK' and you will be shown the following screen: 31 | 32 | ![Keepass Install](keepass_3.png) 33 | 34 | Just press 'Next >' and go to the next screen: 35 | 36 | ![Keepass Install](keepass_4.png) 37 | 38 | In the screen shown above we must select 'I accept the agreement' otherwise we will not be able to install the software. Choose this option and then press 'Next >'. In the next screen you will be asked to determine the installation location. You can leave this with the defaults unless you have good reason to change them. 39 | 40 | ![Keepass Install](keepass_5.png) 41 | 42 | Click on 'Next >' and continue. 43 | 44 | ![Keepass Install](keepass_6.png) 45 | 46 | The above image shows the KeePass components you can choose from. Just leave the defaults as they are and press 'Next >'. You will come to a new screen: 47 | 48 | ![Keepass Install](keepass_7.png) 49 | 50 | This doesn't do anything but give you a summary of your options. Press 'Install' and the installation process will begin. 51 | 52 | ![Keepass Install](keepass_8.png) 53 | 54 | Installing KeePass on Mac OS X 55 | ------------------------------ 56 | 57 | Although Keychain in Mac OS X does an excellent job of storing your passwords, you may want to run your own password database and manager. KeePass allows this added flexibility. First visit the KeePass download webpage [http://keepass.info/download.html](http://keepass.info/download.html) and choose the appropriate installer. Although the official installers are listed at the top of the page, there are unofficial/contributed installers further down. Scroll down to find [KeePass 2.x for Mac OS X][http://keepass2.openix.be/](http://keepass2.openix.be/): 58 | 59 | ![Keepass Install](keepass_9.png) 60 | 61 | As this is an external link, your browser will be redirected to [http://keepass2.openix.be/](http://keepass2.openix.be/): 62 | 63 | ![Keepass Install](keepass_10.png) 64 | 65 | Note here that you must install the Mono framework first, so that KeePass can run in OS X. So click on each of the links [Mono 2.10.5](http://download.mono-project.com/archive/2.10.5/macos-10-x86/0/MonoFramework-MRE-2.10.5_0.macos10.xamarin.x86.dmg) and [KeePass2.18](http://keepass2.openix.be/KeePass2.18.dmg) to download the DMG files to your computer. Double-click on each of the DMGs in your downloads folder to unpack the volumes to your desktop. 66 | 67 | The Mono Package installer is in case called something similar to 'MonoFramework-MRE-2.10.5_0.macos10.xamarin.x86.pkg', so double-click on this document: 68 | 69 | ![Keepass Install](keepass_11.png) 70 | 71 | The installer will open and run: 72 | 73 | ![Keepass Install](keepass_12.png) 74 | 75 | Follow each of the steps by clicking 'Continue', the next step being 'Read Me'. Inhere is important information such as all of the files that the package will install, including information on how to uninstall Mono: 76 | 77 | ![Keepass Install](keepass_13.png) 78 | 79 | Click 'Continue' to the next screen, the license. Clicking 'Continue' on the license screen pops up the agree/disagree dialogue box. If you agree with the license conditions, the installation will continue: 80 | 81 | ![Keepass Install](keepass_14.png) 82 | 83 | The following two steps in the installation ask you to choose an installation destination, and check there is enough space on the install disk. When the installation has completed, you will see this screen: 84 | 85 | ![Keepass Install](keepass_15.png) 86 | 87 | Now you can quit the installer. Next take a look at the KeePass disk image, double-click to open it, and drag the KeePass application into your Applications folder: 88 | 89 | ![Keepass Install](keepass_16.png) 90 | 91 | 92 | 93 | Now KeePass is ready to use for Mac OS X. 94 | -------------------------------------------------------------------------------- /src/chapter_08_passwords/keepass_1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_08_passwords/keepass_1.png -------------------------------------------------------------------------------- /src/chapter_08_passwords/keepass_10.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_08_passwords/keepass_10.png -------------------------------------------------------------------------------- /src/chapter_08_passwords/keepass_11.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_08_passwords/keepass_11.png -------------------------------------------------------------------------------- /src/chapter_08_passwords/keepass_12.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_08_passwords/keepass_12.png -------------------------------------------------------------------------------- /src/chapter_08_passwords/keepass_13.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_08_passwords/keepass_13.png -------------------------------------------------------------------------------- /src/chapter_08_passwords/keepass_14.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_08_passwords/keepass_14.png -------------------------------------------------------------------------------- /src/chapter_08_passwords/keepass_15.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_08_passwords/keepass_15.png -------------------------------------------------------------------------------- /src/chapter_08_passwords/keepass_16.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_08_passwords/keepass_16.png -------------------------------------------------------------------------------- /src/chapter_08_passwords/keepass_2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_08_passwords/keepass_2.png -------------------------------------------------------------------------------- /src/chapter_08_passwords/keepass_3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_08_passwords/keepass_3.png -------------------------------------------------------------------------------- /src/chapter_08_passwords/keepass_4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_08_passwords/keepass_4.png -------------------------------------------------------------------------------- /src/chapter_08_passwords/keepass_5.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_08_passwords/keepass_5.png -------------------------------------------------------------------------------- /src/chapter_08_passwords/keepass_6.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_08_passwords/keepass_6.png -------------------------------------------------------------------------------- /src/chapter_08_passwords/keepass_7.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_08_passwords/keepass_7.png -------------------------------------------------------------------------------- /src/chapter_08_passwords/keepass_8.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_08_passwords/keepass_8.png -------------------------------------------------------------------------------- /src/chapter_08_passwords/keepass_9.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_08_passwords/keepass_9.png -------------------------------------------------------------------------------- /src/chapter_08_passwords/mng_1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_08_passwords/mng_1.png -------------------------------------------------------------------------------- /src/chapter_08_passwords/mng_10.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_08_passwords/mng_10.png -------------------------------------------------------------------------------- /src/chapter_08_passwords/mng_11.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_08_passwords/mng_11.png -------------------------------------------------------------------------------- /src/chapter_08_passwords/mng_12.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_08_passwords/mng_12.png -------------------------------------------------------------------------------- /src/chapter_08_passwords/mng_13.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_08_passwords/mng_13.png -------------------------------------------------------------------------------- /src/chapter_08_passwords/mng_14.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_08_passwords/mng_14.png -------------------------------------------------------------------------------- /src/chapter_08_passwords/mng_15.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_08_passwords/mng_15.png -------------------------------------------------------------------------------- /src/chapter_08_passwords/mng_16.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_08_passwords/mng_16.png -------------------------------------------------------------------------------- /src/chapter_08_passwords/mng_17.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_08_passwords/mng_17.png -------------------------------------------------------------------------------- /src/chapter_08_passwords/mng_2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_08_passwords/mng_2.png -------------------------------------------------------------------------------- /src/chapter_08_passwords/mng_3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_08_passwords/mng_3.png -------------------------------------------------------------------------------- /src/chapter_08_passwords/mng_4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_08_passwords/mng_4.png -------------------------------------------------------------------------------- /src/chapter_08_passwords/mng_5.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_08_passwords/mng_5.png -------------------------------------------------------------------------------- /src/chapter_08_passwords/mng_6.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_08_passwords/mng_6.png -------------------------------------------------------------------------------- /src/chapter_08_passwords/mng_7.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_08_passwords/mng_7.png -------------------------------------------------------------------------------- /src/chapter_08_passwords/mng_8.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_08_passwords/mng_8.png -------------------------------------------------------------------------------- /src/chapter_08_passwords/mng_9.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_08_passwords/mng_9.png -------------------------------------------------------------------------------- /src/chapter_09_using_vpn/02_vpn_on_osx.md: -------------------------------------------------------------------------------- 1 | 2 | VPN on MacOSX 3 | ============= 4 | 5 | Setting up a VPN on MacOSX is very easy once you have your account details ready, Let's assume have your credentials from your VPN provider for L2TP/IPSec connection ready. This information should contain the following: 6 | 7 | * Username, ex. `bill2` 8 | * Password, ex. `verysecretpassword` 9 | * VPN server, ex. `tunnel.greenhost.nl` 10 | * A Pre-Shared-Key or Machine-certificate 11 | 12 | Setup 13 | ----- 14 | 15 | 1. Before getting started, please be sure you've read the paragraph "testing before and after account set up", this way you will be able to validate if your connection is actually working after set up. 16 | 17 | 2. A VPN is configured in the network settings, that are accessible via "System Preferences.." in the Apple menu. 18 | 19 | ![VPN on Mac OS X](vpn_osx_02.jpg) 20 | 21 | 3. Next, open the Network preferences. 22 | 23 | ![VPN on Mac OS X](vpn_osx_03.jpg) 24 | 25 | 4. OSX uses this nifty system to lock windows. To add a VPN it is necessary to unlock the screen: you can do this by clicking on the lock on the left bottom of the screen. 26 | 27 | ![VPN on Mac OS X](vpn_osx_04.jpg) 28 | 29 | 5. Enter our user credentials 30 | 31 | ![VPN on Mac OS X](vpn_osx_05.jpg) 32 | 33 | 6. Now we can add a new network. Do this by clicking on the "+" sign 34 | 35 | ![VPN on Mac OS X](vpn_osx_06.jpg) 36 | 37 | 7. In the pop-up you need to specify the type of connection. In this case choose an VPN interface with L2TP over IPSec. This is the most common system. Also don't forget to give the connection a nice name. 38 | 39 | ![VPN on Mac OS X](vpn_osx_07.jpg) 40 | 41 | 8. Next comes the connection data. Please fill in the provided server name and user name (called 'Account Name'). If this is done, click on the "Authentication Settings..." button 42 | 43 | ![VPN on Mac OS X](vpn_osx_08.jpg) 44 | 45 | 9. In the new pop-up you can specify connection specific information. This is the way the user is authenticated and how the machine is authenticated. The user is very commonly authenticated by using a password, although other methods are possible. Machine authentication is often done by a Shared Secret (Pre-Shared-Key/PSK), but also quite often by using a certificate. In this case we use the Shared Secret method. When this is done click OK. 46 | 47 | ![VPN on Mac OS X](vpn_osx_09.jpg) 48 | 49 | 10. Now you return back to the network screen. The next step is very important, so click on "Advanced..." 50 | 51 | ![VPN on Mac OS X](vpn_osx_09b.jpg) 52 | 53 | 11. In the new pop up you will see an option to route all traffic through the VPN connection. We want to enable this, so all our traffic is encrypted. 54 | 55 | ![VPN on Mac OS X](vpn_osx_10.jpg) 56 | 57 | 12. Well, all is done. Now hit the Connect button! 58 | 59 | ![VPN on Mac OS X](vpn_osx_11.jpg) 60 | 61 | 13. A pop-up appears. You need to confirm your changes, just hit "Apply" 62 | 63 | ![VPN on Mac OS X](vpn_osx_12.jpg) 64 | 65 | 14. After a few seconds, on the left side the connection should turn green. If so, you are connected! 66 | 67 | ![VPN on Mac OS X](vpn_osx_13.jpg) 68 | 69 | 15. Ok, now test your connection! 70 | 71 | -------------------------------------------------------------------------------- /src/chapter_09_using_vpn/03_vpn_on_windows.md: -------------------------------------------------------------------------------- 1 | VPN on Windows 2 | ============== 3 | 4 | Setting up a VPN on Windows is very easy once you have your account details ready. Let's assume have your credentials from your VPN provider for L2TP/IPSec connection ready. This information should contain the following: 5 | 6 | * Username, ex. `bill2` 7 | * Password, ex. `verysecretpassword` 8 | * VPN server, ex. `tunnel.greenhost.nl` 9 | * A Pre-Shared-Key or Machine-certificate 10 | 11 | Setup 12 | ----- 13 | 14 | 1. Before getting started, please be sure you've read the paragraph "testing before and after account set up", this way you will be able to validate if your connection is actually working after set up. 15 | 16 | 2. We need to go to the "Network and Sharing Center" of Windows to create a new VPN connection. We can access this center easily by clicking on the network icon next to the systemclock en click on "open Network and Sharing Center" 17 | 18 | ![VPN on Windows](vpn_windows_01.jpg) 19 | 20 | 3. The "Network and Sharing Center" will popup. You will see some information about your current network. Click on "Connect to a network" to add a VPN connection. 21 | 22 | ![VPN on Windows](vpn_windows_02.jpg) 23 | 24 | 4. The wizard to setup a connection will popup. Choose the option to "connect to a workplace", which is Microsoft's way of naming a VPN connection. 25 | 26 | ![VPN on Windows](vpn_windows_03.jpg) 27 | 28 | 5. The next screen asks us if we want to use our Internet connection or an old-school phone line to connect to the VPN. Just choose the first option then. 29 | 30 | ![VPN on Windows](vpn_windows_04.jpg) 31 | 32 | 6. The next screen asks for the connection details. Enter here the server of your VPN-provider (called "Internet address" in this dialog). On the bottom please check the box "Don't connect now; just set it up". Using this option the connection will be automatically saved and it's easier to control extra settings. If this is all done, hit the "next" button 33 | 34 | ![VPN on Windows](vpn_windows_05.jpg) 35 | 36 | 7. Next up are your username and password. Just give them like you received them from your VPN-provider. If the connection fails, Windows forgets them. So keep them with you, you maybe need them later. If this is done. Click "create". 37 | 38 | ![VPN on Windows](vpn_windows_06.jpg) 39 | 40 | 8. Your connection is now available, if you click the the network icon again, you will see a new option in the network menu, the name of your VPN connection, just click it to connect. 41 | 42 | ![VPN on Windows](vpn_windows_07.jpg) 43 | 44 | 9. And click "connect" 45 | 46 | ![VPN on Windows](vpn_windows_08.jpg) 47 | 48 | 10. A VPN connection dialog appears. This give us the opportunity to review our settings and to connect. You can try to connect, Windows will try to discover all other settings automatically. Unfortunately, this does not always work, so if this is not working for you, hit the "properties" button. 49 | 50 | ![VPN on Windows](vpn_windows_09.jpg) 51 | 52 | 11. The properties windows appear. The most important page is the "Security" page, click on the Security tab to open it. 53 | 54 | ![VPN on Windows](vpn_windows_10.jpg) 55 | 56 | 12. In the security tab you can specify VPN type, normally L2TP/IPSec. Do not use PPTP as it has several security vulnerabilities. For L2TP/IPSec also have a look at the Advanced settings. 57 | 58 | ![VPN on Windows](vpn_windows_11.jpg) 59 | 60 | 13. In the Advanced Settings window, you can specify if you are using a pre-shared key or a certificate. This depends on your VPN-provider. If you have received a pre-shared-key, Select this option and fill in this key. Hit ok afterwards. You will return to the previous window, click ok there also 61 | 62 | ![VPN on Windows](vpn_windows_12.jpg) 63 | 64 | 14. Back in to connection window try to connect now. Please be sure your username and password are filled out. 65 | 66 | ![VPN on Windows](vpn_windows_13.jpg) 67 | 68 | 15. A connection popup will appear 69 | 70 | ![VPN on Windows](vpn_windows_14.jpg) 71 | 72 | 16. Online! Don't forget to check if your VPN is working properly. 73 | -------------------------------------------------------------------------------- /src/chapter_09_using_vpn/04_make_sure_it_works.md: -------------------------------------------------------------------------------- 1 | Making Sure Your VPN Works 2 | ========================== 3 | 4 | Once you're done setting up your VPN, one of the first things you should do is test whether your data is actually being transferred through your VPN network. The simplest way to test this is to check your public IP address, which is the IP address you're exposing to the internet. 5 | 6 | There are numerous websites that will tell you what your IP address is, and where that IP address is located (also known as its geolocation). Many search engines will report your IP address if you search for "My IP," but you can also use dedicated services like [http://www.myip.se](http://www.myip.se) and [http://www.ipchicken.com](http://www.ipchicken.com). 7 | 8 | Check your IP address before connecting to your VPN. Once you connect to your VPN, your computer's public IP address should change to match that of your VPN server, and your geolocation should change to wherever your VPN server is located. 9 | 10 | Once your external IP is the same as the IP of your VPN server, you can rest assured your communication is encrypted. 11 | -------------------------------------------------------------------------------- /src/chapter_09_using_vpn/vpn_osx_02.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_09_using_vpn/vpn_osx_02.jpg -------------------------------------------------------------------------------- /src/chapter_09_using_vpn/vpn_osx_03.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_09_using_vpn/vpn_osx_03.jpg -------------------------------------------------------------------------------- /src/chapter_09_using_vpn/vpn_osx_04.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_09_using_vpn/vpn_osx_04.jpg -------------------------------------------------------------------------------- /src/chapter_09_using_vpn/vpn_osx_05.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_09_using_vpn/vpn_osx_05.jpg -------------------------------------------------------------------------------- /src/chapter_09_using_vpn/vpn_osx_06.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_09_using_vpn/vpn_osx_06.jpg -------------------------------------------------------------------------------- /src/chapter_09_using_vpn/vpn_osx_07.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_09_using_vpn/vpn_osx_07.jpg -------------------------------------------------------------------------------- /src/chapter_09_using_vpn/vpn_osx_08.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_09_using_vpn/vpn_osx_08.jpg -------------------------------------------------------------------------------- /src/chapter_09_using_vpn/vpn_osx_09.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_09_using_vpn/vpn_osx_09.jpg -------------------------------------------------------------------------------- /src/chapter_09_using_vpn/vpn_osx_09b.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_09_using_vpn/vpn_osx_09b.jpg -------------------------------------------------------------------------------- /src/chapter_09_using_vpn/vpn_osx_10.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_09_using_vpn/vpn_osx_10.jpg -------------------------------------------------------------------------------- /src/chapter_09_using_vpn/vpn_osx_11.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_09_using_vpn/vpn_osx_11.jpg -------------------------------------------------------------------------------- /src/chapter_09_using_vpn/vpn_osx_12.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_09_using_vpn/vpn_osx_12.jpg -------------------------------------------------------------------------------- /src/chapter_09_using_vpn/vpn_osx_13.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_09_using_vpn/vpn_osx_13.jpg -------------------------------------------------------------------------------- /src/chapter_09_using_vpn/vpn_ubuntu_001.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_09_using_vpn/vpn_ubuntu_001.png -------------------------------------------------------------------------------- /src/chapter_09_using_vpn/vpn_ubuntu_002.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_09_using_vpn/vpn_ubuntu_002.png -------------------------------------------------------------------------------- /src/chapter_09_using_vpn/vpn_ubuntu_003.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_09_using_vpn/vpn_ubuntu_003.png -------------------------------------------------------------------------------- /src/chapter_09_using_vpn/vpn_ubuntu_004.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_09_using_vpn/vpn_ubuntu_004.png -------------------------------------------------------------------------------- /src/chapter_09_using_vpn/vpn_ubuntu_005.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_09_using_vpn/vpn_ubuntu_005.png -------------------------------------------------------------------------------- /src/chapter_09_using_vpn/vpn_ubuntu_006.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_09_using_vpn/vpn_ubuntu_006.png -------------------------------------------------------------------------------- /src/chapter_09_using_vpn/vpn_ubuntu_007.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_09_using_vpn/vpn_ubuntu_007.png -------------------------------------------------------------------------------- /src/chapter_09_using_vpn/vpn_ubuntu_008.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_09_using_vpn/vpn_ubuntu_008.png -------------------------------------------------------------------------------- /src/chapter_09_using_vpn/vpn_ubuntu_009.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_09_using_vpn/vpn_ubuntu_009.png -------------------------------------------------------------------------------- /src/chapter_09_using_vpn/vpn_ubuntu_010.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_09_using_vpn/vpn_ubuntu_010.png -------------------------------------------------------------------------------- /src/chapter_09_using_vpn/vpn_ubuntu_011.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_09_using_vpn/vpn_ubuntu_011.png -------------------------------------------------------------------------------- /src/chapter_09_using_vpn/vpn_ubuntu_012.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_09_using_vpn/vpn_ubuntu_012.png -------------------------------------------------------------------------------- /src/chapter_09_using_vpn/vpn_ubuntu_013.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_09_using_vpn/vpn_ubuntu_013.png -------------------------------------------------------------------------------- /src/chapter_09_using_vpn/vpn_ubuntu_014.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_09_using_vpn/vpn_ubuntu_014.png -------------------------------------------------------------------------------- /src/chapter_09_using_vpn/vpn_ubuntu_015.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_09_using_vpn/vpn_ubuntu_015.png -------------------------------------------------------------------------------- /src/chapter_09_using_vpn/vpn_ubuntu_016.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_09_using_vpn/vpn_ubuntu_016.png -------------------------------------------------------------------------------- /src/chapter_09_using_vpn/vpn_windows_01.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_09_using_vpn/vpn_windows_01.jpg -------------------------------------------------------------------------------- /src/chapter_09_using_vpn/vpn_windows_02.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_09_using_vpn/vpn_windows_02.jpg -------------------------------------------------------------------------------- /src/chapter_09_using_vpn/vpn_windows_03.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_09_using_vpn/vpn_windows_03.jpg -------------------------------------------------------------------------------- /src/chapter_09_using_vpn/vpn_windows_04.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_09_using_vpn/vpn_windows_04.jpg -------------------------------------------------------------------------------- /src/chapter_09_using_vpn/vpn_windows_05.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_09_using_vpn/vpn_windows_05.jpg -------------------------------------------------------------------------------- /src/chapter_09_using_vpn/vpn_windows_06.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_09_using_vpn/vpn_windows_06.jpg -------------------------------------------------------------------------------- /src/chapter_09_using_vpn/vpn_windows_07.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_09_using_vpn/vpn_windows_07.jpg -------------------------------------------------------------------------------- /src/chapter_09_using_vpn/vpn_windows_08.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_09_using_vpn/vpn_windows_08.jpg -------------------------------------------------------------------------------- /src/chapter_09_using_vpn/vpn_windows_09.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_09_using_vpn/vpn_windows_09.jpg -------------------------------------------------------------------------------- /src/chapter_09_using_vpn/vpn_windows_10.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_09_using_vpn/vpn_windows_10.jpg -------------------------------------------------------------------------------- /src/chapter_09_using_vpn/vpn_windows_11.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_09_using_vpn/vpn_windows_11.jpg -------------------------------------------------------------------------------- /src/chapter_09_using_vpn/vpn_windows_12.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_09_using_vpn/vpn_windows_12.jpg -------------------------------------------------------------------------------- /src/chapter_09_using_vpn/vpn_windows_13.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_09_using_vpn/vpn_windows_13.jpg -------------------------------------------------------------------------------- /src/chapter_09_using_vpn/vpn_windows_14.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_09_using_vpn/vpn_windows_14.jpg -------------------------------------------------------------------------------- /src/chapter_10_disk_encryption/04_LUKS.md: -------------------------------------------------------------------------------- 1 | About LUKS 2 | ========== 3 | 4 | **LUKS**, short for *Linux Unified Key Setup*, is the default method for disk encryption on Linux. It can be used to enable *Full Disk Encryption* during installation with a single click, or to encrypt individual partitions on external hard disks or usb sticks later on. Please note that *Full Disk Encryption* is hard to enable **after** the installation as it requires moving all existing files temporarily as encrypting a device requires formatting it. 5 | 6 | * Advantages: LUKS is available through dm-crypt which is part of the Linux kernel, so it doesn't need any further software to be installed. 7 | 8 | * Disadvantages: Unlike with Truecrypt, it is not possible to use it with other Operating Systems (yet), so if you use LUKS to encrypt a USB drive, you can only use it on Linux machines, but not on Windows or Mac OS. 9 | 10 | 11 | If you want to encrypt a device after the Linux installation completed, you can use the *Disks* utility which can be found in most Linux distribution's *System Settings*. 12 | 13 | ## Starting *Disks* 14 | 15 | On Ubuntu, start *Disks* by pressing the Windows key and A, typing "disks" and selecting the corresponding program as shown below: 16 | 17 | ![Launching Disks](disks_000_launch.png) 18 | 19 | ## Encrypting a device 20 | 21 | ![Disks main window](disks_001_with_steps.png) 22 | 23 | On the left hand side you will find a list of all storage devices plugged into your computer. 24 | 25 | Select the one you want to encrypt (step 1) (in this case a usb stick), and then on the right hand side, click on the cog wheels and "Format…". A dialog will appear where you can select if the existing data on the device shall be completely overwritten (that can take up to several hours depending on the size and performance of the device) or just formatted. Please note that even if you choose to encrypt the device, data, that was present before will be recoverable if you don't choose to overwrite it completely. 26 | 27 | No matter what you choose for the field *Erase*, select "Encrypted, compatible with Linux systems (LUKS+Ext4)" for *Type*, give it a name and a strong passphrase (see chapter 8 on that matter), and click *Format…* 28 | 29 | !["Format..." dialog](disks_003_formatencryptedfilledout.png) 30 | 31 | On the confirmation screen make sure you selected the correct device as data recovery is a cumbersome tasks – if possible at all. 32 | 33 | ![Confirmation step](disks_004_formatconfirmation.png) 34 | 35 | Back on the main window the device now consists of two layers. One is the physical storage (here called "Partition 1") and the other a virtual device which is created by the LUKS system to give you access to the encrypted device (here called "cryptostick"). The pad lock on "Partition 1" is open as the *Disks* utility needed to open it in order to create a file system (how would you store files on a device without a file system?). You can click on the (other) pad lock as shown below to close the decryption channel and the *eject* button in the upper right corner to safely remove the device. 36 | 37 | ![Lock the LUKS device](disks_005_with_steps.png) 38 | ![Eject the LUKS device](disks_006_with_steps.png) 39 | 40 | 41 | ## Using an encrypted device 42 | 43 | This is quite straight-forward. Plug it in, enter the passphrase and click *Connect*. If the file manager does not open automatically, the device will be available when you do. 44 | 45 | ![Eject the LUKS device](disks_007_passphrase_prompt.png) 46 | -------------------------------------------------------------------------------- /src/chapter_10_disk_encryption/destroy_data_001.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_10_disk_encryption/destroy_data_001.png -------------------------------------------------------------------------------- /src/chapter_10_disk_encryption/destroy_data_002.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_10_disk_encryption/destroy_data_002.png -------------------------------------------------------------------------------- /src/chapter_10_disk_encryption/destroy_data_003.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_10_disk_encryption/destroy_data_003.png -------------------------------------------------------------------------------- /src/chapter_10_disk_encryption/destroy_data_004.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_10_disk_encryption/destroy_data_004.jpg -------------------------------------------------------------------------------- /src/chapter_10_disk_encryption/destroy_data_005.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_10_disk_encryption/destroy_data_005.jpg -------------------------------------------------------------------------------- /src/chapter_10_disk_encryption/destroy_data_006.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_10_disk_encryption/destroy_data_006.jpg -------------------------------------------------------------------------------- /src/chapter_10_disk_encryption/destroy_data_007.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_10_disk_encryption/destroy_data_007.jpg -------------------------------------------------------------------------------- /src/chapter_10_disk_encryption/destroy_data_008.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_10_disk_encryption/destroy_data_008.jpg -------------------------------------------------------------------------------- /src/chapter_10_disk_encryption/destroy_data_009.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_10_disk_encryption/destroy_data_009.png -------------------------------------------------------------------------------- /src/chapter_10_disk_encryption/destroy_data_010.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_10_disk_encryption/destroy_data_010.png -------------------------------------------------------------------------------- /src/chapter_10_disk_encryption/destroy_data_011.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_10_disk_encryption/destroy_data_011.png -------------------------------------------------------------------------------- /src/chapter_10_disk_encryption/destroy_data_012.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_10_disk_encryption/destroy_data_012.png -------------------------------------------------------------------------------- /src/chapter_10_disk_encryption/destroy_data_013.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_10_disk_encryption/destroy_data_013.png -------------------------------------------------------------------------------- /src/chapter_10_disk_encryption/destroy_data_014.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_10_disk_encryption/destroy_data_014.png -------------------------------------------------------------------------------- /src/chapter_10_disk_encryption/disks_000_launch.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_10_disk_encryption/disks_000_launch.png -------------------------------------------------------------------------------- /src/chapter_10_disk_encryption/disks_001.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_10_disk_encryption/disks_001.png -------------------------------------------------------------------------------- /src/chapter_10_disk_encryption/disks_001_with_steps.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_10_disk_encryption/disks_001_with_steps.png -------------------------------------------------------------------------------- /src/chapter_10_disk_encryption/disks_001_with_steps.svg: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 19 | 21 | 43 | 45 | 46 | 48 | image/svg+xml 49 | 51 | 52 | 53 | 54 | 55 | 60 | 67 | 69 | 79 | 1 92 | 93 | 103 | 2 116 | 122 | 123 | 124 | -------------------------------------------------------------------------------- /src/chapter_10_disk_encryption/disks_002_format.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_10_disk_encryption/disks_002_format.png -------------------------------------------------------------------------------- /src/chapter_10_disk_encryption/disks_003_formatencryptedfilledout.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_10_disk_encryption/disks_003_formatencryptedfilledout.png -------------------------------------------------------------------------------- /src/chapter_10_disk_encryption/disks_004_formatconfirmation.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_10_disk_encryption/disks_004_formatconfirmation.png -------------------------------------------------------------------------------- /src/chapter_10_disk_encryption/disks_005_lock.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_10_disk_encryption/disks_005_lock.png -------------------------------------------------------------------------------- /src/chapter_10_disk_encryption/disks_005_with_steps.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_10_disk_encryption/disks_005_with_steps.png -------------------------------------------------------------------------------- /src/chapter_10_disk_encryption/disks_005_with_steps.svg: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 19 | 21 | 43 | 45 | 46 | 48 | image/svg+xml 49 | 51 | 52 | 53 | 54 | 55 | 60 | 67 | 77 | 1 90 | 95 | 96 | 97 | -------------------------------------------------------------------------------- /src/chapter_10_disk_encryption/disks_006_locked.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_10_disk_encryption/disks_006_locked.png -------------------------------------------------------------------------------- /src/chapter_10_disk_encryption/disks_006_with_steps.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_10_disk_encryption/disks_006_with_steps.png -------------------------------------------------------------------------------- /src/chapter_10_disk_encryption/disks_006_with_steps.svg: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 19 | 21 | 43 | 45 | 46 | 48 | image/svg+xml 49 | 51 | 52 | 53 | 54 | 55 | 60 | 67 | 72 | 82 | 1 95 | 96 | 97 | -------------------------------------------------------------------------------- /src/chapter_10_disk_encryption/disks_007_passphrase_prompt.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_10_disk_encryption/disks_007_passphrase_prompt.png -------------------------------------------------------------------------------- /src/chapter_10_disk_encryption/hidden_vol_001.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_10_disk_encryption/hidden_vol_001.png -------------------------------------------------------------------------------- /src/chapter_10_disk_encryption/hidden_vol_002.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_10_disk_encryption/hidden_vol_002.png -------------------------------------------------------------------------------- /src/chapter_10_disk_encryption/hidden_vol_004.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_10_disk_encryption/hidden_vol_004.png -------------------------------------------------------------------------------- /src/chapter_10_disk_encryption/hidden_vol_005.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_10_disk_encryption/hidden_vol_005.png -------------------------------------------------------------------------------- /src/chapter_10_disk_encryption/hidden_vol_006.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_10_disk_encryption/hidden_vol_006.png -------------------------------------------------------------------------------- /src/chapter_10_disk_encryption/hidden_vol_007.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_10_disk_encryption/hidden_vol_007.png -------------------------------------------------------------------------------- /src/chapter_10_disk_encryption/hidden_vol_014.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_10_disk_encryption/hidden_vol_014.png -------------------------------------------------------------------------------- /src/chapter_10_disk_encryption/tc_001.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_10_disk_encryption/tc_001.png -------------------------------------------------------------------------------- /src/chapter_10_disk_encryption/tc_002.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_10_disk_encryption/tc_002.png -------------------------------------------------------------------------------- /src/chapter_10_disk_encryption/tc_003.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_10_disk_encryption/tc_003.png -------------------------------------------------------------------------------- /src/chapter_10_disk_encryption/tc_004.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_10_disk_encryption/tc_004.png -------------------------------------------------------------------------------- /src/chapter_10_disk_encryption/tc_005.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_10_disk_encryption/tc_005.png -------------------------------------------------------------------------------- /src/chapter_10_disk_encryption/tc_006.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_10_disk_encryption/tc_006.png -------------------------------------------------------------------------------- /src/chapter_10_disk_encryption/tc_007.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_10_disk_encryption/tc_007.png -------------------------------------------------------------------------------- /src/chapter_10_disk_encryption/tc_008.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_10_disk_encryption/tc_008.png -------------------------------------------------------------------------------- /src/chapter_10_disk_encryption/tc_009.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_10_disk_encryption/tc_009.jpg -------------------------------------------------------------------------------- /src/chapter_10_disk_encryption/tc_010.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_10_disk_encryption/tc_010.jpg -------------------------------------------------------------------------------- /src/chapter_10_disk_encryption/tc_011.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_10_disk_encryption/tc_011.jpg -------------------------------------------------------------------------------- /src/chapter_10_disk_encryption/tc_012.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_10_disk_encryption/tc_012.jpg -------------------------------------------------------------------------------- /src/chapter_10_disk_encryption/tc_013.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_10_disk_encryption/tc_013.jpg -------------------------------------------------------------------------------- /src/chapter_10_disk_encryption/using_tc_001.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_10_disk_encryption/using_tc_001.png -------------------------------------------------------------------------------- /src/chapter_10_disk_encryption/using_tc_002.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_10_disk_encryption/using_tc_002.png -------------------------------------------------------------------------------- /src/chapter_10_disk_encryption/using_tc_003.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_10_disk_encryption/using_tc_003.png -------------------------------------------------------------------------------- /src/chapter_10_disk_encryption/using_tc_004.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_10_disk_encryption/using_tc_004.png -------------------------------------------------------------------------------- /src/chapter_10_disk_encryption/using_tc_005.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_10_disk_encryption/using_tc_005.png -------------------------------------------------------------------------------- /src/chapter_10_disk_encryption/using_tc_006.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_10_disk_encryption/using_tc_006.png -------------------------------------------------------------------------------- /src/chapter_10_disk_encryption/using_tc_007.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_10_disk_encryption/using_tc_007.png -------------------------------------------------------------------------------- /src/chapter_10_disk_encryption/using_tc_008.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_10_disk_encryption/using_tc_008.png -------------------------------------------------------------------------------- /src/chapter_10_disk_encryption/using_tc_009.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_10_disk_encryption/using_tc_009.png -------------------------------------------------------------------------------- /src/chapter_10_disk_encryption/using_tc_010.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_10_disk_encryption/using_tc_010.png -------------------------------------------------------------------------------- /src/chapter_10_disk_encryption/using_tc_011.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_10_disk_encryption/using_tc_011.png -------------------------------------------------------------------------------- /src/chapter_10_disk_encryption/using_tc_012.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_10_disk_encryption/using_tc_012.png -------------------------------------------------------------------------------- /src/chapter_10_disk_encryption/using_tc_013.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_10_disk_encryption/using_tc_013.png -------------------------------------------------------------------------------- /src/chapter_10_disk_encryption/using_tc_014.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_10_disk_encryption/using_tc_014.png -------------------------------------------------------------------------------- /src/chapter_10_disk_encryption/using_tc_015.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_10_disk_encryption/using_tc_015.png -------------------------------------------------------------------------------- /src/chapter_10_disk_encryption/using_tc_016.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_10_disk_encryption/using_tc_016.png -------------------------------------------------------------------------------- /src/chapter_11_call_encryption/00_installing_csipsimple.md: -------------------------------------------------------------------------------- 1 | Installing CSipSimple 2 | ===================== 3 | 4 | CSipSimple is a program for Android devices that allows for making encrypted calls. Naturally the calling software isn't enough on its own and we need a communication network to enable us to make calls. 5 | 6 | Introducing The OSTN Network 7 | ---------------------------- 8 | 9 | If you already know about OSTN and have an account, you can skip this section. 10 | 11 | The Guardian Project's OSTN (Open {Secure, Source, Standards} Telephony Network - [https://guardianproject.info/wiki/OSTN](https://guardianproject.info/wiki/OSTN)) is an attempt to define a standard Voice over IP (VoIP) setup using the Session Initiation Protocol (SIP) that enables end-to-end encrypted calls. Similar to e-mail, SIP allows people to choose their service provider while still being able to call each other even if they are not using the same provider. Yet, not all SIP providers offer OSTN and both providers have to support OSTN for the call to be secure. Once a connection between two people is established, the audio data is exchanged directly between the two parties. Data is encrypted according to the Secure Real-time Transport Protocol (SRTP). 12 | 13 | A majority of encrypting VoIP applications currently use Session Description Protocol Security Descriptions for Media Streams (SDES) with hop-by-hop Transport Layer Security (TLS) to exchange secret master keys for SRTP. This method is not end-to-end secure as the SRTP keys are visible in plaintext to any SIP proxy or provider involved in the call. 14 | 15 | ZRTP is a cryptographic key-agreement protocol to negotiate the keys for encryption between two parties. ZRTP end points use the media stream rather than the signaling stream to establish the SRTP encryption keys. Since the media stream is a direct connection between the calling parties, there is no way for the SIP providers or proxies to intercept the SRTP keys. ZRTP provides a useful reassurance to end-users that they have a secure line. By reading and comparing a word pair, users can be certain that the key exchange has completed. 16 | 17 | Open Secure Telephony (https://ostel.me/) is a testbed for OSTN that worked well at the time of writing this book. At https://ostel.me/users/sign_up you can sign up and create an account. You can also check the OSTN page listed above for other providers. 18 | 19 | CSipSimple 20 | ---------- 21 | 22 | CSipSimple is a free and open source client for Android that works well with OSTN. You can find it at [https://market.android.com/details?id=com.csipsimple](https://market.android.com/details?id=com.csipsimple) 23 | 24 | To use CSipSimple with ostel.me, select OSTN in the generic wizards when creating an account and enter username, password and server as provided after signing up at [https://ostel.me/users/sign_up](https://ostel.me/users/sign_up) 25 | 26 | Once you call another party with CSipSimple you see a yellow bar with ZRTP and the verification word pair. You now have established a secure voice connection that cannot be intercepted. Still, you should be aware that your phone or the phone of the other party could be set up to record the conversation. 27 | 28 | Basic steps: 29 | 30 | 1. Install CSipSimple from Google Play store or other trusted source 31 | 2. Start it up and choose if you want to make SIP calls via data connection or only WiFi 32 | 3. Configure your account 33 | 34 | To use CSipSimple with ostel.me, select OSTN in the Generic Wizards section when creating an account. You can toggle off the "United States" providers by clicking on "United States". Now select *OSTN*: 35 | 36 | ![OSTN](ostn_1.png) 37 | 38 | Now you can enter your username (number), password and server (ostel.me) as provided after signing up at [https://ostel.me/users/sign_up](https://ostel.me/users/sign_up). 39 | 40 | ![OSTN](ostn_2.png) 41 | 42 | Now you can make a call. The first time you connect to someone with ZRTP you have to verify that the key exchange was successful. In the example below the confirmation word is "cieh", you can already talk to the other party and make sure you both see the same word. Once done, press ok. 43 | 44 | ![OSTN](ostn_3.png) 45 | 46 | You now have established a secure voice connection that cannot be intercepted. Beware that your or the phone of the other party could be recording your conversation. 47 | -------------------------------------------------------------------------------- /src/chapter_11_call_encryption/ostn_1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_11_call_encryption/ostn_1.png -------------------------------------------------------------------------------- /src/chapter_11_call_encryption/ostn_2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_11_call_encryption/ostn_2.png -------------------------------------------------------------------------------- /src/chapter_11_call_encryption/ostn_3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_11_call_encryption/ostn_3.png -------------------------------------------------------------------------------- /src/chapter_13_secure_file_sharing/00_installing_i2p_on_ubuntu.md: -------------------------------------------------------------------------------- 1 | Installing I2P on Ubuntu Lucid Lynx (and newer) and derivatives like Linux Mint & Trisquel 2 | =========================================================================================== 3 | 4 | 1. Open a terminal and enter: 5 | 6 | `sudo apt-add-repository ppa:i2p-maintainers/i2p` 7 | 8 | This command will add the PPA to /etc/apt/sources.list.d and fetch the gpg key that the repository has been signed with. The GPG key ensures that the packages have not been tampered with since being built. 9 | 10 | 2. Notify your package manager of the new PPA by entering 11 | 12 | `sudo apt-get update` 13 | 14 | This command will retrieve the latest list of software from each repository that is enabled on your system, including the I2P PPA that was added with the earlier command. 15 | 16 | 3. You are now ready to install I2P! 17 | 18 | `sudo apt-get install i2p` 19 | 20 | 4. Your browse should open up with your local I2P router console, to browse i2p domains you have to configure your browser to use the i2p proxy. Also check your connection status on the left side on the router console. If your status is **Network: Firewalled** your connection will be rather slow. The first time you start I2P it may take a few minutes to integrate you into the network and find additional peers to optimize your integration, so please be patient. 21 | 22 | From the Tools menu, select Options to bring up the Firefox settings panel. Click the icon labelled Advanced, then click on the Network tab. In the Connections section, click on the Settings button. You'll see a Window like the following: 23 | 24 | ![I2P](i2p_1.jpg) 25 | 26 | In the Connection Settings window, click the circle next to Manual proxy configuration, then enter 127.0.0.1, port 4444 in the HTTP Proxy field. Enter 127.0.0.1, port 4445 in the SSL Proxy field. Be sure to enter localhost and 127.0.0.1 into the "No Proxy for" box. 27 | 28 | ![I2P](i2p_1.jpg) 29 | 30 | For more information and proxy settings for other browsers check [https://www.i2p2.de/htproxyports.htm](https://www.i2p2.de/htproxyports.htm) 31 | 32 | Instructions for Debian Lenny and newer 33 | ======================================= 34 | For more information visit this page [https://www.i2p2.de/debian.html](https://www.i2p2.de/debian.html) 35 | 36 | 37 | Starting I2P 38 | ============ 39 | Using these I2P packages the I2P router can be started in the following three ways: 40 | 41 | * "on demand" using the i2prouter script. Simply run "i2prouter start" from a command prompt. (Note: Do not use sudo or run it as root!). 42 | * as a service that automatically runs when your system boots, even before logging in. The service can be enabled with "dpkg-reconfigure i2p" as root or using sudo. This is the recommended means of operation. 43 | 44 | -------------------------------------------------------------------------------- /src/chapter_13_secure_file_sharing/01_downloading_i2p_torrent.md: -------------------------------------------------------------------------------- 1 | Anonymous Bittorrent with I2PSnark 2 | ================================== 3 | 4 | We can use the I2P network to share and download files without the entire world knowing who is sharing them. or even the fact that you are running a torrent client, since i2p network is end-to-end encrypted the only thing known to outsider is you are running I2P. 5 | 6 | I2p come with a built-in torrent client that run inside the browser called I2PSnark. You can access it through 7 | this direct link: 8 | 9 | [http://localhost:7657/i2psnark/](http://localhost:7657/i2psnark/) 10 | 11 | or through the router console: [http://localhost:7657/](http://localhost:7657/) and clicking on the torrent icon. Once started you should see a screen similar to the following: 12 | 13 | ![I2P](i2p_3.jpg) 14 | 15 | You can search for a torrent using one of following bittorrent trackers: 16 | 17 | * [http://tracker.postman.i2p/](http://tracker.postman.i2p/) 18 | 19 | * [http://diftracker.i2p/](http://diftracker.i2p/) 20 | 21 | Copy the torrent or magnet link and past it in the I2PSnark window, and click **Add torrent**. 22 | the file will be downloaded inside the **/home/user/.i2p/i2psnark** folder. 23 | 24 | **NOTE:** 25 | 26 | * Since I2P is a closed network, you can't download normal torrents found on regular internet with it, and it can't be used to make downloading them anonymous! 27 | 28 | * The speed seems to be slightly lower than usual which is caused by the anonymization. I think that the download rates are still acceptable if you consider that you download and share anonymously. 29 | -------------------------------------------------------------------------------- /src/chapter_13_secure_file_sharing/02_onionshare.md: -------------------------------------------------------------------------------- 1 | # OnionShare 2 | 3 | ## Introduction 4 | 5 | What [OnionShare](https://onionshare.org/) is described the project's own words (quote from ): 6 | 7 | > [OnionShare](https://onionshare.org/) lets you securely and anonymously share files of any size. It works by starting a web server, making it accessible as a Tor hidden service, and generating an unguessable URL to access and download the files. It doesn't require setting up a server on the internet somewhere or using a third party filesharing service. You host the file on your own computer and use a Tor hidden service to make it temporarily accessible over the internet. The other user just needs to use [Tor Browser](https://www.torproject.org/download/download-easy.html.en) to download the file from you. 8 | 9 | ## Installation 10 | 11 | Installation instructions are provided on the [OnionShare](https://onionshare.org/) website. 12 | 13 | ## Using OnionShare 14 | 15 | This is what [OnionShare](https://onionshare.org) looks like when you start it. 16 | 17 | ![started OnionShare](onionshare_1.png) 18 | 19 | You can share as many files and folders as you like. To add them you can use the related buttons or drag&drop files and folders into the window. 20 | Please note the `Stop sharing automatically` checkbox. This ensures the files you share can be downloaded exactly once. 21 | 22 | ![added files and folders](onionshare_2.png) 23 | 24 | Clicking on the `Start Sharing` button a small webserver starts in the background. It makes the files available to your friend but only through the [Tor](https://torproject.org) network because the small webserver is a so called [hidden service](https://tor.eff.org/docs/hidden-services.html.en). 25 | Starting the hidden service might take a bit so please be patient. 26 | 27 | ![preparing to share files](onionshare_3.png) 28 | 29 | Once the hidden service has started copy it's url through the `Copy URL` button. 30 | You now send this address to your friend (through an encrypted channel if necessary). 31 | 32 | ![sharing files](onionshare_4.png) 33 | 34 | After receiving the address your friend opens it in their [TorBrowser](https://www.torproject.org/download/download-easy.html.en). It will not work in other browsers. 35 | Your friend sees a link to a zip file and a list of files contained within. Clicking on the big blue button the download is started. 36 | 37 | ![downloading through TorBrowser](onionshare_5.png) 38 | 39 | You can see when your friend downloads the files through the blue progress bar. Once everything has been uploaded from your computer [OnionShare](https://onionshare.org) stops sharing automatically (unless you unchecked the `Stop sharing automatically` button). 40 | 41 | ![completed download as seen in OnionShare](onionshare_6.png) 42 | 43 | To verify that [OnionShare](https://onionshare.org) really stopped sharing your files you can open the address you sent to your friend in your own [TorBrowser](https://www.torproject.org/download/download-easy.html.en). The download is no longer available. 44 | 45 | ![trying download through TorBrowser a second time](onionshare_7.png) 46 | 47 | -------------------------------------------------------------------------------- /src/chapter_13_secure_file_sharing/i2p_1.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_13_secure_file_sharing/i2p_1.jpg -------------------------------------------------------------------------------- /src/chapter_13_secure_file_sharing/i2p_2.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_13_secure_file_sharing/i2p_2.jpg -------------------------------------------------------------------------------- /src/chapter_13_secure_file_sharing/i2p_3.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_13_secure_file_sharing/i2p_3.jpg -------------------------------------------------------------------------------- /src/chapter_13_secure_file_sharing/onionshare_1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_13_secure_file_sharing/onionshare_1.png -------------------------------------------------------------------------------- /src/chapter_13_secure_file_sharing/onionshare_2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_13_secure_file_sharing/onionshare_2.png -------------------------------------------------------------------------------- /src/chapter_13_secure_file_sharing/onionshare_3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_13_secure_file_sharing/onionshare_3.png -------------------------------------------------------------------------------- /src/chapter_13_secure_file_sharing/onionshare_4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_13_secure_file_sharing/onionshare_4.png -------------------------------------------------------------------------------- /src/chapter_13_secure_file_sharing/onionshare_5.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_13_secure_file_sharing/onionshare_5.png -------------------------------------------------------------------------------- /src/chapter_13_secure_file_sharing/onionshare_6.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_13_secure_file_sharing/onionshare_6.png -------------------------------------------------------------------------------- /src/chapter_13_secure_file_sharing/onionshare_7.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_13_secure_file_sharing/onionshare_7.png -------------------------------------------------------------------------------- /src/chapter_14_appendices/assets/crypto_1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_14_appendices/assets/crypto_1.png -------------------------------------------------------------------------------- /src/chapter_14_appendices/assets/crypto_2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_14_appendices/assets/crypto_2.png -------------------------------------------------------------------------------- /src/chapter_14_appendices/assets/crypto_3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/chapter_14_appendices/assets/crypto_3.png -------------------------------------------------------------------------------- /src/chapter_14_appendices/contributions.md: -------------------------------------------------------------------------------- 1 | 0xcaca0 2 | Adam Hyde 3 | Ahmed Mansour 4 | Alice Miller 5 | A Ravi 6 | Ariel Viera 7 | Asher Wolf 8 | AT 9 | Austin Martin 10 | Ben Weissmann 11 | Bernd Fix 12 | Brendan Howell 13 | Brian Newbold 14 | Carola Hesse 15 | Chris Pinchen 16 | Dan Hassan 17 | Daniel Kinsman 18 | Danja Vasiliev 19 | Dévai Nándor 20 | djmattyg007 21 | Douwe Schmidt 22 | Edward Cherlin 23 | Elemar 24 | Emile Denichaud 25 | Emile den Tex 26 | Erik Stein 27 | Erinn Clark 28 | Freddy Martinez 29 | Freerk Ohling 30 | Greg Broiles 31 | Haneef Mubarak 32 | helen varley jamieson 33 | Janet Swisher 34 | Jan Gerber 35 | Jannette Mensch 36 | Jens Kubieziel 37 | jmorahan 38 | Josh Datko 39 | Joshua Datko 40 | Julian Oliver 41 | Kai Engert 42 | Karen Reilly 43 | l3lackEyedAngels 44 | leoj3n 45 | LiamO 46 | Lonneke van der Velden 47 | Malte 48 | Malte Dik 49 | Marta Peirano 50 | Mart van Santen 51 | mdimitrova 52 | Michael Henriksen 53 | Nart Villeneuve 54 | Nathan Andrew Fain 55 | Nathan Houle 56 | Niels Elgaard Larsen 57 | Petter Ericson 58 | Piers 59 | Plato 60 | Punkbob 61 | Roberto Rastapopoulos 62 | Ronald Deibert 63 | Ross Anderson 64 | Sacha van Geffen 65 | Sam Tennyson 66 | Samuel Carlisle 67 | Samuel L. Tennyson 68 | Seth Schoen 69 | Steven Murdoch 70 | StooJ 71 | Story89 72 | Ted W 73 | Ted Wood 74 | Teresa Dillon 75 | therealplato 76 | Tomas Krag 77 | Tom Boyle 78 | Travis Tueffel 79 | Uwe Lippmann 80 | WillMorrison 81 | Ximin Luo 82 | Yuval Adam 83 | zandi 84 | Zorrino Zorrinno 85 | -------------------------------------------------------------------------------- /src/chapter_14_appendices/the_necessity_of_open_source.md: -------------------------------------------------------------------------------- 1 | The necessity of Open Source 2 | ============================ 3 | 4 | The last 20 years have seen network technology reaching ever more deeply into our lives, informing how we communicate and act within the world. With this come inherent risks: the less we understand the network environment we depend upon, the more vulnerable we are to exploitation. 5 | 6 | This ignorance is something traditionally enjoyed by criminals. In recent years however some corporations and governments have exploited civilian ignorance in a quest for increased control. This flagrant and often covert denial of dignity breaches many basic rights, the right to privacy, in particular. 7 | 8 | Closed source software has been a great boon to such exploitation – primarily due to the fact there is no code available for open, decentralised security auditing by the community . Under the auspices of hiding trade secrets, closed-source software developers have proven to be unwilling to explain to users how their programs work. This might not always be an issue were it not for the high stakes: identity theft, the distribution of deeply personal opinion and sentiment, a persons diverse interests and even his/her home increasingly come into close contact with software in a world-wide network context. As such, many people find themselves using software for personal purposes with full trust that it are secure. The Windows operating system itself is the most obvious real-world example. Apple's OS X follows close behind, with large portions of the operating system's inner-workings barred from public inspection. 9 | 10 | In Cryptography there is a strong principle, established in the 19th century by *Auguste Kerckhoff* (and hence named after him) which demands that 11 | 12 | > "[the encryption method] must not be required to be secret, and it must be able to fall into the hands of the enemy without inconvenience". 13 | 14 | While this principle has been taken further by most scientific and (of course) open source communities – publishing their methods and inner-workings upfront, so potential weaknesses can be pointed out and fixed before further distribution – most distributors of proprietary software rely on obfuscation to hide the weaknesses of their software. As such they often prove to address newly discovered vulnerabilities in a non-transparent way – leaving many trusting users at risk of exploitation. 15 | 16 | Of course it must be said that Open Source Software is as secure as you make it (and there is a lot of OSS written by beginners). However there are many good examples of well written, well managed software which have such a large (and concerned) user base that even the tiniest of mistakes are quickly found and dealt with. This is especially the case with software depended upon in a network context. 17 | 18 | To use closed source software in a network context is not only to be a minority, it is to be overlooked by a vast community of concerned researchers and specialists that have your privacy and safety in mind. 19 | 20 | N.B. There is also a more cynical view of Open Source Software, which points out that since nobody is paid full time to constantly review and regression test the latest tinkering by unskilled or deliberately malicious programmers, it can also suffer from major security weaknesses which go undetected for long periods of time in complicated software, leaving it vulnerable to hackers, criminals and intelligence agencies etc. e.g. the (now fixed) Debian Linux predictable random number generator problem which led to the creation of lots of weak cryptographic keys. 21 | -------------------------------------------------------------------------------- /src/convert_to_epub.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # check prerequisites 4 | type pandoc >/dev/null 2>&1 || { echo >&2 "!!! Pandoc not installed, aborting."; exit 1; } 5 | 6 | cd build 7 | 8 | #symlink all images to src/ so that pandoc does not complain about not finding images 9 | for f in `find .. -name "*.jpg"`; do ln -s $f . ; done 10 | for f in `find .. -name "*.png"`; do ln -s $f . ; done 11 | 12 | #do the conversion 13 | pandoc --epub-cover-image=../cover-800.jpg --epub-metadata=../metadata.xml book.md -o book.epub 14 | 15 | # Only set if not overriden by an environment variable 16 | DATE=${DATE:-`date +%F`} 17 | 18 | cp book.epub ../../dist/cryptoparty-handbook-$DATE.epub 19 | 20 | ebook-convert ../../dist/cryptoparty-handbook-$DATE.epub ../../dist/cryptoparty-handbook-$DATE.mobi 21 | 22 | #cleanup all the symlinks 23 | find . -type l -delete 24 | cd .. 25 | 26 | -------------------------------------------------------------------------------- /src/convert_to_html.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # requires python-beautifulsoup4 / python-bs4 4 | 5 | # Only set if not overriden by an environment variable 6 | DATE=${DATE:-`date +%F`} 7 | 8 | DIR=../dist/cryptoparty-handbook-$DATE 9 | mkdir $DIR 2>/dev/null 10 | 11 | IDX=$DIR/index.html 12 | SIDX=$DIR/index-short.html 13 | 14 | INTRO="Cryptoparty Handbook: Index

Cryptoparty Handbook

Version: $DATE

    " 15 | 16 | echo $INTRO > $IDX 17 | echo $INTRO > $SIDX 18 | 19 | for d in chapter*; do 20 | if [ ! -d $DIR/$d ] ; then 21 | mkdir $DIR/$d 22 | fi 23 | title=`echo $d | sed 's/chapter_[0-9][0-9]_//; s/_/ /g; s/^./\U&/; s/ ./\U&/g'` 24 | rm -f $DIR/$d/$d.mdidx 25 | for f in $d/*.md; do 26 | cat $f >> $DIR/$d/$d.mdidx 27 | echo >> $DIR/$d/$d.mdidx 28 | echo >> $DIR/$d/$d.mdidx 29 | done 30 | echo "

    $title

    " >> $IDX 31 | echo "
  1. $title
    2. " >> $SIDX 32 | TITLE=`echo $d | sed 's/chapter_[0-9][0-9]_//; s/_/ /g; s/^./\U&/; s/ ./\U&/g'` 33 | echo "

    the CryptoParty handbook - Version: $DATE - Back to Index

    $TITLE

    " > $DIR/$d/$d.before 34 | echo "

    the CryptoParty handbook - Version: $DATE - Back to Index

    " > $DIR/$d/$d.after 35 | pandoc -s -S --toc -f markdown -t html --css=../handbook.css --title="CryptoParty handbook - $TITLE" -B $DIR/$d/$d.before -A $DIR/$d/$d.after $DIR/$d/$d.mdidx -o $DIR/$d/$d.html 36 | python extract_toc.py $DIR/$d/$d.html | sed "s/\"#/\"$d\/$d.html#/" >> $IDX 37 | rm -f $DIR/$d/$d.mdidx 38 | cp -au $d/*.png $d/*.jpg $DIR/$d 2>/dev/null 39 | done 40 | cp -au handbook.css $DIR/ 41 | 42 | echo "
" >> $IDX 43 | 44 | -------------------------------------------------------------------------------- /src/convert_to_md.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | if [ -z $1 ] ; then 4 | BOOK_DIR=. 5 | else 6 | BOOK_DIR=$1 7 | fi 8 | 9 | if [ ! -d $BOOK_DIR ] ; then 10 | mkdir $BOOK_DIR 11 | fi 12 | 13 | rm -f ${BOOK_DIR}/book.md 14 | 15 | # Only set if not overriden by an environment variable 16 | DATE=${DATE:-`date +%F`} 17 | 18 | echo "the CryptoParty handbook" >> ${BOOK_DIR}/book.md 19 | echo "========================" >> ${BOOK_DIR}/book.md 20 | echo "Version: ${DATE}" >> ${BOOK_DIR}/book.md 21 | echo "" >> ${BOOK_DIR}/book.md 22 | 23 | for d in chapter*; do 24 | TITLE=`echo ${d} | sed 's/chapter_[0-9][0-9]_//; s/_/ /g; s/^./\U&/; s/ ./\U&/g'` 25 | TITLEUNDERLINE=`echo $TITLE | sed 's/./=/g'` 26 | echo ${TITLE} >> ${BOOK_DIR}/book.md 27 | echo ${TITLEUNDERLINE} >> ${BOOK_DIR}/book.md 28 | echo "" >> ${BOOK_DIR}/book.md; 29 | for file in ${d}/*.md; do 30 | cat "${file}" >> ${BOOK_DIR}/book.md; 31 | echo "" >> ${BOOK_DIR}/book.md; 32 | echo "" >> ${BOOK_DIR}/book.md; 33 | done 34 | done 35 | -------------------------------------------------------------------------------- /src/convert_to_tex.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # check prerequisites 4 | type pandoc >/dev/null 2>&1 || { echo >&2 "!!! Pandoc not installed, aborting."; exit 1; } 5 | 6 | if [ -z $1 ] ; then 7 | DIR=. 8 | else 9 | DIR=$1 10 | fi 11 | 12 | if [ ! -d $DIR ] ; then 13 | mkdir $DIR 14 | fi 15 | 16 | # Only set if not overriden by an environment variable 17 | DATE=${DATE:-`date +%F`} 18 | 19 | cat > $DIR/main.tex <> $DIR/main.tex 63 | title=`echo $d | sed 's/chapter_[0-9][0-9]_//; s/_/ /g; s/^./\U&/; s/ ./\U&/g'` 64 | echo "\\chapter{$title}" >> $DIR/main.tex 65 | for f in $d/*.md; do 66 | pandoc -f markdown -t latex $f -o $DIR/$f.tex 67 | echo "\\input{$f.tex}" >> $DIR/main.tex 68 | done 69 | done 70 | # There are many links in the book where the link text is the same as the 71 | # target URL. This attempts to avoid too many overfull hboxen by replacing 72 | # those occurences with a single \url call. We assume that if the link text 73 | # starts with http, then it's the same as the link. 74 | sed -ie 's/\\href{http\([^}]*\)}{http[^}]*}/\\url{http\1}/' $DIR/*/*.tex 75 | sed -ie 's/\\includegraphics/&[scale=0.92]/' $DIR/*/*.tex 76 | 77 | echo '\end{document}' >> $DIR/main.tex 78 | -------------------------------------------------------------------------------- /src/cover-800.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/cover-800.jpg -------------------------------------------------------------------------------- /src/cover.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/cover.jpg -------------------------------------------------------------------------------- /src/cover.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryptoparty/handbook/02c33625fe28760048862078ba4871912900f8a5/src/cover.pdf -------------------------------------------------------------------------------- /src/extract_toc.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | 3 | import sys, os 4 | 5 | try: 6 | from bs4 import BeautifulSoup 7 | except ImportError: 8 | from BeautifulSoup import BeautifulSoup 9 | 10 | if len(sys.argv) < 2: 11 | sys.exit('no parameter given') 12 | 13 | if not os.path.exists(sys.argv[1]): 14 | sys.exit('file %s not found' % sys.argv[1]) 15 | 16 | h = open(sys.argv[1], 'r').read() 17 | 18 | soup = BeautifulSoup(h) 19 | for div in soup.html.body.findAll('div'): 20 | if (div.has_attr('id')) and (div['id'] == 'TOC'): 21 | print(div) 22 | -------------------------------------------------------------------------------- /src/handbook.css: -------------------------------------------------------------------------------- 1 | html { 2 | background-color: #FFFFFF; 3 | margin: 0; 4 | padding: 0; 5 | } 6 | 7 | body { 8 | margin: 0 auto; 9 | padding: 0 1.2em; 10 | max-width: 42em; 11 | background-color: #FFFFFF; 12 | font-size: large; 13 | } 14 | 15 | h1, h2, h3, h4, h5, h6 { 16 | font-family: "Linux Biolinum O", "Candara", "DejaVu Sans", sans-serif; 17 | } 18 | 19 | h1 > a, h2 > a, h3 > a, h4 > a, h5 > a, h6 > a { 20 | color: #000000; 21 | border: none; 22 | text-decoration: none; 23 | } 24 | 25 | p, li, a { 26 | /* font-family: "Linux Biolinum O", "Candara", "DejaVu Sans", sans-serif; */ 27 | font-family: "Linux Libertine O", "Georgia", "DejaVu Serif", serif; 28 | } 29 | 30 | p { 31 | text-align: justify; 32 | } 33 | 34 | a:hover { 35 | color: #FF0044; 36 | } 37 | 38 | #TOC li > a { 39 | color: #444444; 40 | } 41 | 42 | #TOC li > a:hover { 43 | color: #000000; 44 | } 45 | 46 | #TOC li > ul { 47 | font-size: 0.85em; 48 | } 49 | 50 | -------------------------------------------------------------------------------- /src/metadata.xml: -------------------------------------------------------------------------------- 1 | The CryptoParty Handbook 2 | The Cryptoparty Community 3 | en-US 4 | Creative Commons Attribution-ShareAlike 3.0 Unported (CC BY-SA 3.0) 5 | --------------------------------------------------------------------------------