Jump to: navigation, search

Next

Warning[edit]

Documentation for the NEXT Whonix version! ONLY for developers! No guarantee it really makes into the next Whonix version.

ricochet[edit]

Unfinished! See also:
https://github.com/ricochet-im/ricochet/issues/30

Security implications not researched yet.

On Whonix-Gateway, Control Port Filter Proxy[1] needs some adjustments.

Create a file /etc/controlportfilt.d/50_controlportfilt_ricochet.

kdesudo kwrite /etc/controlportfilt.d/50_controlportfilt_torsion

Add the following content.

## Keep existing contents of variable CONTROL_PORT_FILTER_WHITELIST
## and extend it with control port commands required by torsion as per:
## "Documentation request for Whonix setup"
## https://github.com/special/torsion/issues/30
CONTROL_PORT_FILTER_WHITELIST=(
    "${CONTROL_PORT_FILTER_WHITELIST[@]}"
    "GETINFO status/circuit-established"
    "SETCONF HiddenServiceDir"
    "SETCONF HiddenServicePort"
    "SETEVENTS STATUS_CLIENT"
)

Restart Control Port Filter Proxy.

sudo service controlportfiltd restart

onionshare[edit]

Unfinished! Work in progress! See also:

Security implications not researched yet.

On Whonix-Gateway, Control Port Filter Proxy[2] needs some adjustments.

Create a file /etc/controlportfilt.d/50_controlportfilt_onionshare.

kdesudo kwrite /etc/controlportfilt.d/50_controlportfilt_onionshare

Add the following content.

## Keep existing contents of variable CONTROL_PORT_FILTER_WHITELIST
## and extend it with control port commands required by onionshare as per:
## https://github.com/micahflee/onionshare/blob/master/onionshare/onionshare.py
CONTROL_PORT_FILTER_WHITELIST=(
    "${CONTROL_PORT_FILTER_WHITELIST[@]}"
    "PROTOCOLINFO 1"
    "SETCONF HiddenServiceDir"
    "SETCONF HiddenServicePort"
)

Restart Control Port Filter Proxy.

sudo service controlportfiltd restart

whonixcheck SSL Certificate Pinning[edit]

How[edit]

UNFINISHED! See: https://github.com/Whonix/Whonix/issues/24

Advanced users only!

In Whonix-Gateway and Whonix-Workstation.

You need torbrowser-launcher installed. [3] Currently only available from wheezy-backports.

To enable this on a by case base, use the --pin-tpo-cert command line option. Example.

whonixcheck --pin-tpo-cert

Or to permanently enable this.

Create a file /etc/whonix.d/50_user.

sudo nano /etc/whonix.d/50_user

Add.

PIN_TPO_CERT="true"

Footnotes[edit]

  1. Dev/CPFP
  2. Dev/CPFP
  3. Because torbrowser-launcher ships The Tor Projects SSL certificate


Log in | OpenID | Contact | Impressum | Datenschutz | Haftungsausschluss | Investors | Donate

https | Mirror | Mirror | Share: Twitter | Facebook | Google+

This is a wiki. Want to improve this page? See Conditions for Contributions to Whonix, then Edit! IP addresses are scrubbed, but editing over Tor is recommended. Edits are held for moderation.

Whonix (g+) is a licensee of the Open Invention Network. Unless otherwise noted above, content of this page is copyrighted and licensed under the same Free (as in speech) license as Whonix itself.