Git-Mirrors/anarsec.guide
1
0
Fork 0
mirror of https://0xacab.org/anarsec/anarsec.guide.git synced 2025-07-23 23:01:04 -04:00
Code Issues Projects Releases Packages Wiki Activity

sirikali update

Browse source
This commit is contained in:
anarsec 2024-04-22 22:55:00 +00:00
parent cc186a5985
commit e1f4f5975d
No known key found for this signature in database
1 changed files with 19 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

23
content/posts/tails-best/index.md
View file

@ -298,13 +298,28 @@ If you are using Persistent Storage, this is another passphrase that you will ha
[LUKS](/glossary/#luks) is great, but defense-in-depth can't hurt. If the police seize your USB in a house raid, they will try a [variety of tactics to bypass the authentication](https://notrace.how/threat-library/techniques/targeted-digital-surveillance/authentication-bypass.html), so a second layer of defense with a different encryption implementation can be useful for highly sensitive data.
SiriKali is an encrypted volume program that uses [gocryptfs](https://nuetzlich.net/gocryptfs/) behind the scenes. It is [available in the Debian repository](https://packages.debian.org/bookworm/sirikali) and can be easily installed as [additional software](/posts/tails#installing-additional-software). Make sure to also install the "suggested package" gocryptfs. If you don't want to reinstall SiriKali every session, you will need to [configure Additional Software in Persistent Storage](/posts/tails-best/#using-a-write-protect-switch). If you are comfortable on the [command line](/glossary/#command-line-interface-cli), you can use gocryptfs instead.
### Installing SiriKali
The first time you use SiriKali, create a gocryptfs volume. First, plyg in the "personal data" USB where you will store this encrypted volume and enter its LUKS passphrase. Then in SiriKali, press "Create Volume" and select the option "gocryptfs."
SiriKali is an encrypted volume program that uses [gocryptfs](https://nuetzlich.net/gocryptfs/) behind the scenes. It is [available in the Debian repository](https://packages.debian.org/bookworm/sirikali) and can be easily installed as [additional software](/posts/tails#installing-additional-software). In Synaptic, right-click SiriKali and select "Mark Suggested for Installation → gocryptfs" (if you are comfortable on the [command line](/glossary/#command-line-interface-cli), you can use gocryptfs directly instead). If you don't want to reinstall SiriKali every session, you will need to [configure Additional Software in Persistent Storage](/posts/tails-best#unlocking-the-switch).
You will be prompted for a password. Create a new entry in your KeepassXC file and generate a password using the Generate Password feature (the dice icon). For the "Volume Path" option, select the "personal data" USB that you just plugged in. Creating a volume will make two new directories: a "cipher" directory (on your "personal data" USB) where the encrypted files are actually stored and a "plain" directory where you access your decrypted files once the volume is mounted there (`/home/amnesia/.SiriKali/VolumeName`).
Using SiriKali to create a volume will make two new directories: a "cipher" directory (`VolumeName/` on your "personal data" USB) where the encrypted files are actually stored and a "plain" directory where you access your decrypted volume once it is mounted there (`/home/amnesia/.SiriKali/VolumeName`).
To decrypt the volume, click "Mount Volume", which happens automatically upon volume creation. You can now add files to your mounted volume: right-click the entry and select "Open folder". You can verify SiriKali is working by creating a test file here. This file will show up encrypted in the cipher directory.
### Creating an encrypted volume
* Start Tails with an Administration Password.
* Plug in the "personal data" USB where you will store this encrypted volume and enter its LUKS passphrase.
* Then in SiriKali, press "Create Volume" and select the option "gocryptfs."
* You will be prompted for a password. Create a new entry in your KeepassXC file and generate a password using the Generate Password feature (the dice icon).
* For the "Volume Path" option, select the "personal data" USB that you just unlocked.
### Accessing your encrypted volume
Whenever you want to decrypt the volume, click "Mount Volume":
* This happens automatically upon volume creation.
* You can now add files to your mounted volume: right-click the volume and select "Open folder".
* You can verify SiriKali is working by creating a test file here. This file will show up encrypted in the cipher directory.
* When you are done, right-click the volume and select "Unmount."
Before storing important files in the volume, you should run a test to make sure it works as expected, especially if its your first time using it.