Crypto Bone ALL-IN-ONE
From version 0.99b the "cryptobone" control program (the GUI) is distributed together with a software-based Crypto Bone, so that users who install the RPM packages or the DEB packages on their Linux system have a Crypto Bone up and running in seconds.
Why does the local, ALL-IN-ONE version even exist, if performing all message encryption and decryption inside an isolated, secure environment is one of the benefits of the external Crypto Bone as a separate hardware?
The Hen-And-Egg Problem
Well, not everyone has a Beagle Bone.
And, if you're using the external Crypto Bone, the message you will sent out will reach people who don't have a Beagle Bone or Raspberry Pi 3.
Thus very few people will be able to use this kind of secure communication, yet.
On the other hand, checking the software - and even the core software - for security only pays off, if many users rely on this software day-by-day. Only if the Crypto Bone's user base has become large enough, security experts will take the time to poke inside the software for bugs and security problems.
I've asked a number of people to contribute to the code review, but they all seem to think that unless the user base raises considerably, no-one will look at the source code, even if it is available from day one of the development.
I can understand that code review is a painful and hard job, that requires a lot of detailed, fiddly work, and no little amount of concentration. At the moment, there is clearly not enough incentive to do that.
In order to increase the Crypto Bone's user base, I've developed a software-only version of the Crypto Bone that'll run on a single Linux machine. In developing this version, I tried to simplify the tasks of key handling, and thus I've developed a single GUI program that lets you change from the local Crypto Bone to the external one (and back) with the push of a button.
As it is now much easier to use the Crypto Bone, I hope people who use it now, will eventually be interested in making sure that the software base is secure.
From version 1.6 the CryptoBone provides a new secure message exchange method called Safe Webdrop. This new exchange mechanism makes use of a https-enabled web server that is under the control of an administrator that the users can contact directly.
This method also provides the use of large attachments which are AES encrypted like the messages. SafeWebdrop can easily been adapted to the needs of an organisation or company so that the user base may well enlarge with this new transport mechanism.
And so, code review will finally happen, I hope!
External DevicesThere are very good reasons to use an external device in addition to the ALL-IN-ONE version, because an external device will make it even more difficult for an attacker to compromise your messages. You can use a second Linux computer, a Beagle Bone or a Raspberry Pi to delegate the encryption engine to a separate, more isolated device. For mor information have a look at the download section, the installation tutorial and the security analysis.