The Crypto Bone

privacy and secure communication
under your control


Download the Crypto Bone Software

The GUI Program "cryptobone"

There are a number of changes with the new version 1.6 of the Crypto Bone software.

The GUI that uses EMAIL transport (aka "cryptobone") has been renamed "cryptobone-email". From version 1.6 the CryptoBone has a second GUI "cryptobone-safewebdrop" that implements a novel secure transport mechanism, that is based on the use of a https-enabled server. Instead of using a dedicated email-address for the exchange of encrypted messages, the new SafeWebdrop message exchange requires the registration of your user ID on a server, that provides the SafeWebdrop service.

At the moment the new SafeWebdrop version of the CryptoBone uses the ALLINONE mode and does not work with a second, external device. The use of an external device is still possible with the "traditional" cryptobone-email GUI.

The local, software-based Crypto Bone (ALL-IN-ONE), that is included in the main package, comes with improved protection of the message key database. Additional protection is possible, because the access information to the message key database is safely stored in a daemon process in memory (RAM), while your computer is running.

The Main cryptobone Package

For a long time, the CryptoBone software came bundled into one single main package.

From version 1.6 the CryptoBone core software comes as a separate package that depends on the comprehesive Cryptlib package and its python3-bindings.

Here are the available options:

Version 1.6

File Description Size Fingerprint
cryptobone-1.6-2.fc39.x86_64.rpm RPM package for Fedora 39 671515 sha256
cryptlib-3.4.6-16.fc39.x86_64.rpm Cryptlib for Fedora 39 740670 sha256
cryptlib-python3-3.4.6-16.fc39.x86_64.rpm Cryptlib-python3 for Fedora 39 38510 sha256

File Description Size Fingerprint
cryptobone-1.6-2.fc38.x86_64.rpm RPM package for Fedora 38 671381 sha256
cryptlib-3.4.6-15.fc38.x86_64.rpm Cryptlib for Fedora 38 740452 sha256
cryptlib-python3-3.4.6-15.fc38.x86_64.rpm Cryptlib-python3 for Fedora 38 38573 sha256

File Description Size Fingerprint
cryptobone-1.6-2.fc37.x86_64.rpm RPM package for Fedora 37 671417 sha256
cryptlib-3.4.6-13.fc37.x86_64.rpm Cryptlib for Fedora 37 741152 sha256
cryptlib-python3-3.4.6-13.fc37.x86_64.rpm Cryptlib-python3 for Fedora 37 38379 sha256

File Description Size Fingerprint
cryptobone_1.6-1_amd64-22.04.deb DEB package for Ubuntu-22.04 657928 sha256
cryptlib_3.4.6-1_amd64-22.04.deb Cryptlib for Ubuntu-22.04 4167316 sha256

File Description Size Fingerprint
cryptobone_1.6-1_amd64-20.04.deb DEB package for Ubuntu-20.04 656480 sha256
cryptlib_3.4.6-1_amd64-20.04.deb Cryptlib for Ubuntu-20.04 4072388 sha256

Version 1.5

File Description Size Fingerprint
cryptobone-1.5.x86_64.rpm RPM package for x86-64 925098 sha256
cryptobone-1.5.ppc64le.rpm RPM package for powerpc 997006 sha256
cryptobone-1.5.aarch64.rpm RPM package for arm 909038 sha256

Once you've installed one of these packages on your Linux computer you can start the GUI "cryptobone-email" or the new SafeWebdrop GUI "cryptobone-safewebdrop" from a shell (or by clicking the icon) and use a Crypto Bone that is software-based as a daemon process on your main computer.

The main reason for the local, ALL-IN-ONE Crypto Bone is that most people don't have a Beagle Bone or Raspberry Pi and should still be able to send encrypted messages to those who have.

So the ALL-IN-ONE is the default that all users start with, but you can easily switch to using an external Crypto Bone as a separate hardware device with the push of a button in the "cryptobone" setup menu. Once you've changed this setting all your commands are then automatically sent to the external Crypto Bone via a secure (ssh) link.

And you can switch back as easily, too.

So the first step in any case is to install the main software package on your local Linux computer.

If you're using a modern Fedora Linux on your main machine, the cryptobone package is already in your repository and you can install it by typing (as root):

[root@laptop]# dnf install cryptobone

The RPM package will download the python tkinter and openssh-askpass packages that are needed to run the cryptobone GUI program. When you run the GUI for the first time after installation, you are asked for the login name of the user that should be allowed to use the Crypto Bone on your machine, because this user must be able to contact the cryptobone daemon as root. While using the GUI you'll be asked for your login password from time to time, because your GUI will access the cryptobone daemon as root via the sudo mechanism.

The External Crypto Bone

If you want to use a second, external device to further harden your Crypto Bone application on your local computer you have a number of choices.

Not only can you turn a Beagle Bone or a Raspberry Pi into a second, external device, but you can also use any second Linux machine, an old laptob maybe that is gathering dust, to act as an external Crypto Bone. If you want to install the software on a separate Linux machine, just use one of the packages above.

But there is another option, the Crypto Stick (version 1.1), a fully functional Crypto Bone installation ready to be booted from a USB memory drive. So you don't need to touch your computer's hard disk to use the Crypto Bone, either as your main machine running the GUI or as a second, separate device to store all the secret message keys.

At the moment there are four different ways to get an external Crypto Bone that can be used with the graphical user interface.

The Separate Fedora Machine

The most convenient way to quickly get a separate Crypto Bone is to install the main rpm package on a modern Fedora OS on a second Linux machine. If you have some old hardware that can be re-activated to become an external device, this computer (maybe without keyboard or display) may well be suited to improve your communication security a lot.

The external Crypto Bone software is not enabled after installation, because it should only be run on a dedicated, second Linux machine. To activate the external software part you can run the command "external-cryptobone-admin", a GUI that assists you to set up the second machine. But be aware that activating the external software can isolate the separate Linux computer, so that it will no longer be usable for internet browsing due to its restrictive firewall setting. But after all, this is not what you want to use it for, do you?

Don't activate the external software part on your main computer, as the ALL-IN-ONE Crypto Bone daemon is running there already.

The Crypto Stick

Wouldn't it be convenient to have the Crypto Bone on a USB stick, fully functional with a minimal graphical OS? Of course it would, as your computer's hard disk would not be touched and you could take your functional Crypto Bone wherever you go. But there is a drawback too.

Physical security is of utmost importance. If someone can steal (or tamper with) the media on which the Crypto Bone software is stored, root access to this media will eventually reveal the message encryption keys. In case of using a second device, both media (the external USB drive and your laptop) must be stolen to get access to the message keys, but using a USB drive makes it easier to attack the system in this way.

So, if you can guard your USB drive well, you can download this compressed image file which is quite large (644 MByte). Once you know the name of your USB drive in your Linux system (let's assume it is /dev/sdb, for instance) you can write the uncompressed image to this USB device with a single command (as root):

[root@laptop]# xzcat stick-1.1.img.xz > /dev/sdb

Double-check that /dev/sdb is the name of your USB drive as you can easily ruin other media mounted in your Linux system if you pick the wrong device name.

When using the stick you'd log in as user "alice" (with the name as password for the first time) and change Alice's login password by opening a terminal.

Images for the External Crypto Bone and Crypto Pi

Then there are these two other alternatives, the Beagle Bone and the Raspberry Pi 3. To build your own external Crypto Bone based on either of these microcomputers, you'll need

These are the basic ingredients for secure communication with an external Crypto Bone.

Now you have to prepare your external device's SD card with the appropriate software.

The Complete SD Card Image

I have prepared an image file, that can be written to a SD card, to get a working Crypto Bone or Crypto Pi.

In its current version (1.1) the Crypto Bone is suitable for every-day use. It has reached a level of maturity, that justified my decison to make this image file available for general use.

Both the Beagle Bone and the Ralspberry Pi 3 provide the hardware platform for the external Crypto Bone, based on the arm7 microprocessor. The operating system for both SD card images is a minimal Fedora 24 installation with a few additional improvements in order to isolate the device as much as possible.

You can download a xz-compressed archive, that contains the image file for the SD card. But please make sure, that you read the installation instructions carefully before you start downloading either of these large image files.

The compressed SD card image for the

The compressed SD card image for the

And, by the way, I would like to hear from you, if you've checked the Crypto Bone's functionality and in particular, if you've scrutinized the source code of the core components.

The Crypto Bone needs your support!