Comments (5)
I think this issue's OP is slightly confused, and certainly lacks sufficient detail. IIRC from the conversations around the time this issue was created, the goal was to clearly document how to use Sunder to encrypt the passphrase for a Veracrypt volume, with the following requirements:
- The Veracrypt volume should be stored on an airgapped machine
- We should document how to set up Veracrypt and Sunder on an airgapped computer.
- Installing Sunder on an airgapped Linux computer is nontrivial at the moment, due to #18
- We should document how to set up the Veracrypt volume, including:
- Generating a strong passphrase for the volume. This passphrase is the secret that will be shared.
Furthermore, I think this was all supposed to be done on Tails, which introduces some significant challenges.
from sunder.
I'm doing some research and testing now to see how viable the above proposal is.
from sunder.
Tails' support for Veracrypt is mediocre at best. Here are some of the pain points I encountered while testing with Tails 3.5:
- Veracrypt is not preinstalled in Tails
- There is no veracrypt apt package. Installing veracrypt is fairly involved and requires using the Terminal:
- Download Linux
.tar.bz2
from https://www.veracrypt.fr/en/Downloads.html- Optionally download PGP key and signature and verify package. Without additional instructions for using the GPG web of trust to verify the Veracrypt PGP key, this provides no additional security for all of the hassle involved.
- Unpack
.tar.bz2
by double-clicking or withtar
on command line - In unpacked directory, find and run correct setup script. There is no way to run the setup script from the GUI—I had to use the command line.
- Click through and agree to various prompts in setup script. The setup script requires an administrator password to be set.
- Run
veracrypt
from the command line. It did not setup a graphical alias in the Tails menus (like Sunder's .deb does) and I found no way to make it do so.
- Download Linux
- Veracrypt volumes interact confusingly with the Tails file manager (e.g. unmounting a volume from Nautilus does something different from unmounting a volume inside Veracrypt).
There is a detailed design document for Tails/Veracrypt integration, but AFAICT none of it has been implemented yet.
from sunder.
The Sunder/Veracrypt integration works on Tails, which is nice.
from sunder.
I could not find any reasonable way to persist an installation of Sunder or Veracrypt on Tails. I tried enabling the APT Packages and APT Lists persistence options, and added the packages I wanted to persist to live-additional-software.conf
per the documentation for the experimental "additional software packages" feature. I was able to persist a package that is not included in the default Tails install but is available through the package manager (I used htop
for testing). Unfortunately, I was not able to persist either sunder (installed via dpkg) or veracrypt (installed via install script).
As a result, I believe this issue is impossible to resolve with documentation alone. I see a few options:
- Write helper scripts for Tails to persist Sunder and Veracrypt across restarts
- Possible starting point: https://www.reddit.com/r/tailswiki/wiki/index/tails-install-verycrypt
- Drop requirement to use Tails, and document using a different base OS for the airgapped computer (e.g. Debian or Ubuntu)
- Drop requirement to use Linux, and document using a different base OS for the airgapped computer (e.g. macOS)
from sunder.
Related Issues (20)
- Linux build fails on macOS HOT 3
- Debian packaging still failing under grsec hosts
- Document how to protect shards over time HOT 4
- Rusty-secrets version in package.json should point to a specific Git release/tag HOT 1
- Drag and drop navigates to dropped file
- Identify some "easy" bugs/feature requests for newcomers HOT 1
- Make README a bit friendlier
- Migrate to Circle 2.0 HOT 1
- Fix support for rustlang in CI
- Lint docs as part of CI
- curl | sh is a bad pattern and should not be advertised HOT 5
- During recovery, allow select multiple files at once HOT 5
- During recovery, show the filename of the imported shard HOT 1
- UI does not indicate if recovery fails
- Invalid shares passed to the recovery function HOT 2
- Unit tests are broken and not being run HOT 2
- Warning: Shallow renderer has been moved to react-test-renderer/shallow
- CircleCI integration for forked pull requests HOT 2
- Destroy all Makefiles? HOT 2
- Feature Request: Pure Web Implementation
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from sunder.