The Crypto Bone

privacy and secure communication
under your control


Download the Crypto Bone Software

The GUI Program "cryptobone"

There are a number of changes with the new version 1.1 of the Crypto Bone Software.

The local, software-based Crypto Bone (ALL-IN-ONE), that is included in the main package, comes with improved protection of the message key database. Additional protection is possible, because the access information to the message key database is safely stored in a daemon process in memory (RAM), while your computer is running.

But if you want to use a second, external device to further harden your Crypto Bone application on your local computer you have a number of choices.

Not only can you turn a Beagle Bone or a Raspberry Pi into a second, external device, but you can also use any second Linux machine to act as an external Crypto Bone. If you want to install the software on a separate Linux machine, you can use the main rpm package (cryptobone-1.1.x86_64.rpm). This package contains both the local and the external Crypto Bone Software.

But there is another option, the Crypto Stick, a fully functional Crypto Bone installation ready to be booted from a USB memory drive. So you don't need to touch your computer's hard disk to use the Crypto Bone, either as your main machine running the GUI or as a second, separate device to store all the secret message keys.

The Main cryptobone Package

All you need to explore the Crypto Bone is included in the main package.

Here are the available options:

Please note, that the cryptobone daemon process must be started within 120 seconds after booting the computer, so you may have a problem on very old hardware, if you use a 32bit machine.

File Description Size Fingerprint
cryptobone-1.1.x86_64.rpm RPM package for x86-64 693030 sha256
cryptobone-1.1.i686.rpm RPM package for i686 703878 sha256
cryptobone-1.1.armv7hl.rpm RPM package for arm7 637934 sha256
[this package does not include the external Crypto Bone software]
Debian package for amd64 644854 sha256

Once you've installed this package on your Linux computer you can start the GUI "cryptobone" from a shell (or by clicking the icon) and use a Crypto Bone that is software-based as a daemon process on your main computer.

The main reason for the local, ALL-IN-ONE Crypto Bone is that most people don't have a Beagle Bone or Raspberry Pi and should still be able to send encrypted messages to those who have.

So the ALL-IN-ONE is the default that all users start with, but you can easily switch to using an external Crypto Bone as a separate hardware device with the push of a button in the "cryptobone" setup menu. Once you've changed this setting all your commands are then automatically sent to the external Crypto Bone via a secure (ssh) link.

And you can switch back as easily, too,

So the first step in any case is to install the main software package on your local Linux computer.

If you're using a modern Fedora Linux on your main machine, the cryptobone package is already in your repository and you can install it by typing (as root):

[root@laptop]# dnf install cryptobone

Or you can download the 64bit RPM package and install it by typing (as root):

[root@laptop]# dnf install cryptobone-1.1.x86_64.rpm

The RPM package will download the python tkinter and openssh-askpass packages that are needed to run the cryptobone GUI program. When you run the GUI for the first time after installation, you are asked for the login name of the user that should be allowed to use the Crypto Bone, because this user must be able to contact the cryptobone daemon as root. While using the GUI you'll be asked for your login password from time to time, because your GUI will access the cryptobone daemon as root via the sudo mechanism.

The External Crypto Bone

At the moment there are four different ways to get an external Crypto Bone that can be used with the graphical user interface.

The Separate Fedora Machine

The most convenient way to quickly get a separate Crypto Bone is to install the main rpm package on a modern Fedora OS on a second Linux machine. From version 1.1 the main package contains the software for the external device, too. If you have some old hardware that can be re-activated to become an external device, this computer (maybe without keyboard or display) may well be suited to improve your communication security a lot.

The external Crypto Bone software is not enabled after installation, because it should only be run on a dedicated, second Linux machine. To activate the external software part you can run the command "external-cryptobone-admin", a GUI that assists you to set up the second machine. But be aware that activating the external software can isolate the separate Linux computer, so that it will no longer be usable for internet browsing due to its restrictive firewall setting. But after all, this is not what you want to use it for, do you?

Don't activate the external software part on your main computer, as the ALL-IN-ONE Crypto Bone daemon is active there already.

The Crypto Stick

Wouldn't it be convenient to have the Crypto Bone on a USB stick, fully functional with a minimal graphical OS? Of course it would, as your computer's hard disk would not be touched and you could take your functional Crypto Bone wherever you go. But there is a drawback too.

Physical security is of utmost importance. If someone can steal (or tamper with) the media on which the Crypto Bone software is stored, root access to this media will eventually reveal the message encryption keys. In case of using a second device, both media (the external USB drive and your laptop) must be stolen to get access to the message keys, but using a USB drive makes it easier to attack the system this way.

So, if you can guard your USB drive well, you can download this compressed image file which is quite large (644 MByte). Once you know the name of your USB drive in your Linux system (let's assume it is /dev/sdb, for instance) you can write the uncompressed image to this USB device with a single command (as root):

[root@laptop]# xzcat stick-1.1.img.xz > /dev/sdb

Double-check that /dev/sdb is the name of your USB drive as you can easily ruin other media mounted in your Linux system if you pick the wrong device name.

Images for the External Crypto Bone and Crypto Pi

Then there are these two other alternatives, the Beagle Bone and the Raspberry Pi 3. To build your own external Crypto Bone based on either of these microcomputers, you'll need

These are the basic ingredients for secure communication with an external Crypto Bone.

Now you have to prepare your external device's SD card with the appropriate software.

The Complete SD Card Image

I have prepared an image file, that can be written to a SD card, to get a working Crypto Bone or Crypto Pi.

In its current version (1.1) the Crypto Bone is suitable for every-day use. It has reached a level of maturity, that justified my decison to make this image file available for general use.

Both the Beagle Bone and the Ralspberry Pi 3 provide the hardware platform for the external Crypto Bone, based on the arm7 microprocessor. The operating system for both SD card images is a minimal Fedora 24 installation with a few additional improvements in order to isolate the device as much as possible.

You can download a xz-compressed archive, that contains the image file for the SD card. But please make sure, that you read the installation instructions carefully before you start downloading either of these large image files.

The compressed SD card image for the

The compressed SD card image for the

And, by the way, I would like to hear from you, if you've checked the Crypto Bone's functionality and in particular, if you've scrutinized the source code of the core components.

The Crypto Bone needs your support!