Christopher R. Bastian f8f1318c70 | ||
---|---|---|
tests | ||
.gitignore | ||
LICENSE | ||
README.md | ||
configure_tbselenium.sh | ||
ecryptfs_storage.sh | ||
hidden_service.sh | ||
tails_tbselenium.py |
README.md
tatoo
Tails tools: hidden services, bridge checking, etc.
Hidden Service
Tails Hidden Service configuration.
- It is not exposing itself listening to localhost. I like UNIX Sockets. That's why lighttpd.
- lighttpd is chrooted. I'm not sure I did it properly, though.
- It stores secret key encrypted. Also, it can use previously saved and encrypted secret key (e.g., generated via mkp224o).
- GnuPG encryption for secret key and pages.
- Strict permissions to prevent exposure.
Usage
Create and store service secret key:
sudo bash hidden_service.sh ${ServiceName} ${ServiceTag} ${EncryptedServicePagesTAR} ${EncryptedServiceSecretKey} store
Use previously created secret key:
sudo bash hidden_service.sh ${ServiceName} ${ServiceTag} ${EncryptedServicePagesTAR} ${EncryptedServiceSecretKey} get
eCryptFS
Tails eCryptFS configuration.
Why eCryptFS?
It is good for encrypted git repos. Other instruments (e.g., git-crypt) change encrypted files after every commit even if they were not actually changed.
Usage
All encryption parameters are stored GPG encrypted. Signature should be created before storage configuration:
ecryptfs-add-passphrase
>> Passphrase: qwerty
>> Inserted auth tok with sig [a0bff6831f049d9c] into the user session keyring
Create and encrypt via GPG key file:
Passphrase="qwerty"
Signature="a0bff6831f049d9c"
KeyBytes=32
Cipher="aes"
Mount storage:
sudo bash ecryptfs_storage.sh mount ${Directory} ${KeyFile}
Unmount after you finished your business:
sudo bash ecryptfs_storage.sh umount ${Directory}
tbselenium
tbselenium marionette configuration.
tbselenium is a Python package to handle Tor Browser via script.
- It downloads geckodriver and checks its signature.
- It uses internal Tor Browser of Tails and its default profile.
- I fixed tbselenium for now: geckodriver port is not random, so you don't have to open a new port after every start.
Usage
bash configure_tbselenium.sh
source /home/amnesia/miniconda3/bin/activate
python3
>> from tails_tbselenium import *
>> engine = StartEngine()
>> do_stuff()