Download the Crypto Bone Software
The GUI Program "cryptobone"
There are a number of changes with the new version 1.6 of the Crypto Bone software.
The GUI that uses EMAIL transport (aka "cryptobone") has been renamed "cryptobone-email". From version 1.6 the CryptoBone has a second GUI "cryptobone-safewebdrop" that implements a novel secure transport mechanism, that is based on the use of a https-enabled server. Instead of using a dedicated email-address for the exchange of encrypted messages, the new SafeWebdrop message exchange requires the registration of your user ID on a server, that provides the SafeWebdrop service.
At the moment the new SafeWebdrop version of the CryptoBone uses the ALLINONE mode and does not work with a second, external device. The use of an external device is still possible with the "traditional" cryptobone-email GUI.
The local, software-based Crypto Bone (ALL-IN-ONE), that is included in the main package, comes with improved protection of the message key database. Additional protection is possible, because the access information to the message key database is safely stored in a daemon process in memory (RAM), while your computer is running.
The Main cryptobone Package
For a long time, the CryptoBone software came bundled into one single main package.
From version 1.6 the CryptoBone core software comes as a separate package that depends on the comprehesive Cryptlib package and its python3-bindings.
Here are the available options:
Version 1.6
File Description Size Fingerprint cryptobone-1.6-2.fc39.x86_64.rpm RPM package for Fedora 39 671515 sha256 cryptlib-3.4.6-16.fc39.x86_64.rpm Cryptlib for Fedora 39 740670 sha256 cryptlib-python3-3.4.6-16.fc39.x86_64.rpm Cryptlib-python3 for Fedora 39 38510 sha256
File Description Size Fingerprint cryptobone-1.6-2.fc38.x86_64.rpm RPM package for Fedora 38 671381 sha256 cryptlib-3.4.6-15.fc38.x86_64.rpm Cryptlib for Fedora 38 740452 sha256 cryptlib-python3-3.4.6-15.fc38.x86_64.rpm Cryptlib-python3 for Fedora 38 38573 sha256
File Description Size Fingerprint cryptobone-1.6-2.fc37.x86_64.rpm RPM package for Fedora 37 671417 sha256 cryptlib-3.4.6-13.fc37.x86_64.rpm Cryptlib for Fedora 37 741152 sha256 cryptlib-python3-3.4.6-13.fc37.x86_64.rpm Cryptlib-python3 for Fedora 37 38379 sha256
File Description Size Fingerprint cryptobone_1.6-1_amd64-22.04.deb DEB package for Ubuntu-22.04 657928 sha256 cryptlib_3.4.6-1_amd64-22.04.deb Cryptlib for Ubuntu-22.04 4167316 sha256
File Description Size Fingerprint cryptobone_1.6-1_amd64-20.04.deb DEB package for Ubuntu-20.04 656480 sha256 cryptlib_3.4.6-1_amd64-20.04.deb Cryptlib for Ubuntu-20.04 4072388 sha256
Version 1.5
File Description Size Fingerprint cryptobone-1.5.x86_64.rpm RPM package for x86-64 925098 sha256 cryptobone-1.5.ppc64le.rpm RPM package for powerpc 997006 sha256 cryptobone-1.5.aarch64.rpm RPM package for arm 909038 sha256
Once you've installed one of these packages on your Linux computer you can start the GUI "cryptobone-email" or the new SafeWebdrop GUI "cryptobone-safewebdrop" from a shell (or by clicking the icon) and use a Crypto Bone that is software-based as a daemon process on your main computer.
The main reason for the local, ALL-IN-ONE Crypto Bone is that most people don't have a Beagle Bone or Raspberry Pi and should still be able to send encrypted messages to those who have.
So the ALL-IN-ONE is the default that all users start with, but you can easily switch to using an external Crypto Bone as a separate hardware device with the push of a button in the "cryptobone" setup menu. Once you've changed this setting all your commands are then automatically sent to the external Crypto Bone via a secure (ssh) link.
And you can switch back as easily, too.
So the first step in any case is to install the main software package on your local Linux computer.
If you're using a modern Fedora Linux on your main machine, the cryptobone package is already in your repository and you can install it by typing (as root):
[root@laptop]# dnf install cryptoboneThe RPM package will download the python tkinter and openssh-askpass packages that are needed to run the cryptobone GUI program. When you run the GUI for the first time after installation, you are asked for the login name of the user that should be allowed to use the Crypto Bone on your machine, because this user must be able to contact the cryptobone daemon as root. While using the GUI you'll be asked for your login password from time to time, because your GUI will access the cryptobone daemon as root via the sudo mechanism.
The External Crypto Bone
If you want to use a second, external device to further harden your Crypto Bone application on your local computer you have a number of choices.
Not only can you turn a Beagle Bone or a Raspberry Pi into a second, external device, but you can also use any second Linux machine, an old laptob maybe that is gathering dust, to act as an external Crypto Bone. If you want to install the software on a separate Linux machine, just use one of the packages above.
But there is another option, the Crypto Stick (version 1.1), a fully functional Crypto Bone installation ready to be booted from a USB memory drive. So you don't need to touch your computer's hard disk to use the Crypto Bone, either as your main machine running the GUI or as a second, separate device to store all the secret message keys.
At the moment there are four different ways to get an external Crypto Bone that can be used with the graphical user interface.
- Any other separate Linux computer (with Fedora installed). This is the most likely option.
- Booting the Crypto Stick on a separate Linux computer (not touching its hard drive).
- A Beagle Bone (arm7)
- A Rasperry Pi 3 (arm7)
The Separate Fedora Machine
The most convenient way to quickly get a separate Crypto Bone is to install the main rpm package on a modern Fedora OS on a second Linux machine. If you have some old hardware that can be re-activated to become an external device, this computer (maybe without keyboard or display) may well be suited to improve your communication security a lot.The external Crypto Bone software is not enabled after installation, because it should only be run on a dedicated, second Linux machine. To activate the external software part you can run the command "external-cryptobone-admin", a GUI that assists you to set up the second machine. But be aware that activating the external software can isolate the separate Linux computer, so that it will no longer be usable for internet browsing due to its restrictive firewall setting. But after all, this is not what you want to use it for, do you?
Don't activate the external software part on your main computer, as the ALL-IN-ONE Crypto Bone daemon is running there already.
The Crypto Stick
Wouldn't it be convenient to have the Crypto Bone on a USB stick, fully functional with a minimal graphical OS? Of course it would, as your computer's hard disk would not be touched and you could take your functional Crypto Bone wherever you go. But there is a drawback too.
Physical security is of utmost importance. If someone can steal (or tamper with) the media on which the Crypto Bone software is stored, root access to this media will eventually reveal the message encryption keys. In case of using a second device, both media (the external USB drive and your laptop) must be stolen to get access to the message keys, but using a USB drive makes it easier to attack the system in this way.
So, if you can guard your USB drive well, you can download this compressed image file which is quite large (644 MByte). Once you know the name of your USB drive in your Linux system (let's assume it is /dev/sdb, for instance) you can write the uncompressed image to this USB device with a single command (as root):
[root@laptop]# xzcat stick-1.1.img.xz > /dev/sdbDouble-check that /dev/sdb is the name of your USB drive as you can easily ruin other media mounted in your Linux system if you pick the wrong device name.
When using the stick you'd log in as user "alice" (with the name as password for the first time) and change Alice's login password by opening a terminal.
Images for the External Crypto Bone and Crypto Pi
Then there are these two other alternatives, the Beagle Bone and the Raspberry Pi 3. To build your own external Crypto Bone based on either of these microcomputers, you'll need
- a Beagle Bone or Raspberry Pi 3 (with arm7 processor)
- a (micro) SD card (less than 3 Gbyte will be used)
- a main Linux computer to operate the external device via the "cryptobone" GUI program
(This could be a Crypto Stick)- a router (DHCP) that provides the ethernet connection to the internet for the external device
These are the basic ingredients for secure communication with an external Crypto Bone.
Now you have to prepare your external device's SD card with the appropriate software.
The Complete SD Card Image
I have prepared an image file, that can be written to a SD card, to get a working Crypto Bone or Crypto Pi.
In its current version (1.1) the Crypto Bone is suitable for every-day use. It has reached a level of maturity, that justified my decison to make this image file available for general use.
Both the Beagle Bone and the Ralspberry Pi 3 provide the hardware platform for the external Crypto Bone, based on the arm7 microprocessor. The operating system for both SD card images is a minimal Fedora 24 installation with a few additional improvements in order to isolate the device as much as possible.
You can download a xz-compressed archive, that contains the image file for the SD card. But please make sure, that you read the installation instructions carefully before you start downloading either of these large image files.
The compressed SD card image for the
BEAGLE BONEThe compressed SD card image for the
RASPBERRY PI 3And, by the way, I would like to hear from you, if you've checked the Crypto Bone's functionality and in particular, if you've scrutinized the source code of the core components.
The Crypto Bone needs your support!