Git-Mirrors/anarsec.guide
1
0
Fork 0
mirror of https://0xacab.org/anarsec/anarsec.guide.git synced 2025-07-24 15:15:29 -04:00
Code Issues Projects Releases Packages Wiki Activity

sirikali

Browse source
This commit is contained in:
anarsec 2024-04-21 23:35:46 +00:00
parent 6597d786ae
commit 8ae907510f
No known key found for this signature in database
4 changed files with 13 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

14
content/posts/tails-best/index.md
View file

@ -43,11 +43,11 @@ You can mitigate this second issue by what's called **"compartmentalization"**:
* To prevent an adversary from linking your activities while using Tails, restart Tails between different activities. For example, restart Tails between checking different project emails.
* Tails is amnesiac by default, so to save any data from a Tails session, you must save it to a USB. If the files you save could be used to link your activities together, use a different encrypted ([LUKS](/glossary/#luks)) USB stick for each activity. For example, use one Tails USB stick for moderating a website and another for researching actions. Tails has a feature called Persistent Storage, but we do not recommend using it for data storage, which we explain [below](/posts/tails-best/#using-a-write-protect-switch).
# Limitations of the [Tor network](/glossary/#tor-network)
# Limitations of the Tor network
![](/posts/tails-best/tor.png)
> Tails uses the Tor network because it is the strongest and most popular network to protect from surveillance and censorship. But Tor has limitations if you are concerned about:
> Tails uses the [Tor network](/glossary/#tor-network) because it is the strongest and most popular network to protect from surveillance and censorship. But Tor has limitations if you are concerned about:
>
> 1. Hiding that you are using Tor and Tails
> 2. Protecting your online communications from determined, skilled attackers
@ -298,15 +298,15 @@ If you are using Persistent Storage, this is another passphrase that you will ha
[LUKS](/glossary/#luks) is great, but defense-in-depth can't hurt. If the police seize your USB in a house raid, they will try a [variety of tactics to bypass the authentication](https://notrace.how/threat-library/techniques/targeted-digital-surveillance/authentication-bypass.html), so a second layer of defense with a different encryption implementation can be useful for highly sensitive data.
Sirikali is an encrypted volume program that uses [Gocryptfs](https://nuetzlich.net/gocryptfs/) behind the scenes. It is [available in the Debian repository](https://packages.debian.org/bookworm/sirikali) and can be easily installed as [additional software](/posts/tails#installing-additional-software). Make sure to also install "suggested packages". If you don't want to reinstall Sirikali every session, you will need to [configure Additional Software in Persistent Storage](/posts/tails-best/#using-a-write-protect-switch). If you are comfortable on the [command line](/glossary/#command-line-interface-cli), you can use gocryptfs instead.
SiriKali is an encrypted volume program that uses [gocryptfs](https://nuetzlich.net/gocryptfs/) behind the scenes. It is [available in the Debian repository](https://packages.debian.org/bookworm/sirikali) and can be easily installed as [additional software](/posts/tails#installing-additional-software). Make sure to also install the "suggested package" gocryptfs. If you don't want to reinstall SiriKali every session, you will need to [configure Additional Software in Persistent Storage](/posts/tails-best/#using-a-write-protect-switch). If you are comfortable on the [command line](/glossary/#command-line-interface-cli), you can use gocryptfs instead.
The first time you use Sirikali, create a Gocryptfs volume; press "Create Volume", and select the option "Gocryptfs."
The first time you use SiriKali, create a gocryptfs volume. First, plyg in the "personal data" USB where you will store this encrypted volume and enter its LUKS passphrase. Then in SiriKali, press "Create Volume" and select the option "gocryptfs."
You will be prompted for a password. Create a new entry in your KeepassXC file and generate a password using the Generate Password feature (the dice icon). "Create volume" will create two new directories: the "cipher" directory (`/home/amnesia/example`) where the encrypted files are stored and the "plain" directory where you access your decrypted files once mounted there (`/home/amnesia/.SiriKali/example`)
You will be prompted for a password. Create a new entry in your KeepassXC file and generate a password using the Generate Password feature (the dice icon). For the "Volume Path" option, select the "personal data" USB that you just plugged in. Creating a volume will make two new directories: a "cipher" directory (on your "personal data" USB) where the encrypted files are actually stored and a "plain" directory where you access your decrypted files once the volume is mounted there (`/home/amnesia/.SiriKali/VolumeName`).
You will need to "mount" the volume every time you use it, which happens automatically when you first create it. You can now add files to your mounted encrypted volume: navigating to the "plain" directory requires selecting "Show Hidden Files" in the File Manager.
To decrypt the volume, click "Mount Volume", which happens automatically upon volume creation. You can now add files to your mounted volume: right-click the entry and select "Open folder". You can verify SiriKali is working by creating a test file here. This file will show up encrypted in the cipher directory.
When you unmount the volume, the plain directory will just be an empty folder again. Before storing important files in the volume, you should run a test to make sure it works as expected, especially if its your first time using it.
Before storing important files in the volume, you should run a test to make sure it works as expected, especially if its your first time using it.
## Encrypted Communication