Whonix

Jump to: navigation, search

Next

Random News:

Please Contribute by answering questions.

Warning[edit]

Documentation for the NEXT Whonix version! ONLY for developers! No guarantee it really makes into the next Whonix version.

ricochet[edit]

Unfinished! See also:
https://github.com/ricochet-im/ricochet/issues/30

Security implications not researched yet.

On Whonix-Gateway, Control Port Filter Proxy[1] needs some adjustments.

Create a file /etc/controlportfilt.d/50_controlportfilt_ricochet. 

kdesudo kwrite /etc/controlportfilt.d/50_controlportfilt_torsion

Add the following content. 

## Keep existing contents of variable CONTROL_PORT_FILTER_WHITELIST
## and extend it with control port commands required by torsion as per:
## "Documentation request for Whonix setup"
## https://github.com/special/torsion/issues/30
CONTROL_PORT_FILTER_WHITELIST=(
    "${CONTROL_PORT_FILTER_WHITELIST[@]}"
    "GETINFO status/circuit-established"
    "SETCONF HiddenServiceDir"
    "SETCONF HiddenServicePort"
    "SETEVENTS STATUS_CLIENT"
)

Restart Control Port Filter Proxy. 

sudo service controlportfiltd restart

onionshare[edit]

Unfinished! Work in progress! See also:

Security implications not researched yet.

On Whonix-Gateway, Control Port Filter Proxy[2] needs some adjustments.

Create a file /etc/controlportfilt.d/50_controlportfilt_onionshare. 

kdesudo kwrite /etc/controlportfilt.d/50_controlportfilt_onionshare

Add the following content. 

## Keep existing contents of variable CONTROL_PORT_FILTER_WHITELIST
## and extend it with control port commands required by onionshare as per:
## https://github.com/micahflee/onionshare/blob/master/onionshare/onionshare.py
CONTROL_PORT_FILTER_WHITELIST=(
    "${CONTROL_PORT_FILTER_WHITELIST[@]}"
    "PROTOCOLINFO 1"
    "SETCONF HiddenServiceDir"
    "SETCONF HiddenServicePort"
)

Restart Control Port Filter Proxy. 

sudo service controlportfiltd restart

whonixcheck SSL Certificate Pinning[edit]

How[edit]

UNFINISHED! See: https://github.com/Whonix/Whonix/issues/24

Advanced users only!

In Whonix-Gateway and Whonix-Workstation.

You need torbrowser-launcher installed. [3] Currently only available from wheezy-backports.

To enable this on a by case base, use the --pin-tpo-cert command line option. Example. 

whonixcheck --pin-tpo-cert

Or to permanently enable this.

Create a file /etc/whonix.d/50_user. 

sudo nano /etc/whonix.d/50_user

Add. 

PIN_TPO_CERT="true"

Footnotes[edit]

  1. Dev/CPFP
  2. Dev/CPFP
  3. Because torbrowser-launcher ships The Tor Projects SSL certificate

Log in | OpenID | Contact | Impressum | Datenschutz | Haftungsausschluss | Investors | Donate

https | Mirror | Mirror | Share: Twitter | Facebook | Google+

This is a wiki. Want to improve this page? See Conditions for Contributions to Whonix, then Edit! IP addresses are scrubbed, but editing over Tor is recommended. Edits are held for moderation.

Whonix (g+) is a licensee of the Open Invention Network. Unless otherwise noted above, content of this page is copyrighted and licensed under the same Free (as in speech) license as Whonix itself.

Retrieved from ‘https://www.whonix.org/w/index.php?title=Next&oldid=14577