That would be a good addition for securing services that aren’t developed by TPO. I am searching for a more recently updated fork because this depends on staying on top of the most recent news on crypto.
Could you please look through the above links and see what’s still useful?
For example https://github.com/ioerror/duraconf/blob/master/configs/sshd/sshd-pfs_config could be quoted and referenced from https://www.whonix.org/wiki/SSH even if it’s just a comment “stub, research this” something like that.
I would speculate no one took over that very duraconf project and continued it. Maybe someone reinvented such a project independently elsewhere.
https://github.com/ioerror/duraconf had lots of issues and pull requests posted.
I would like to collaborate with the community on such a bigger effort since they keep oversighting and suggesting configs better than a single person can do alone. We have two similar packages:
anon-apps-config is a bad fit for general security settings. And quite likely Whonix specificness cannot be reduced to zero. We should limit it to anonymity related settings and Whonix specific settings.
Maybe the scope of security-misc is too broad currently? Maybe renaming that project / package name could make it the successor of duraconf?
Currently supported programs are:
The most relevant to us are: gpg, nginx and sshd. However I don’t see the problem with including all of them in case other people would be interested in stepping up and adopting them over time.
Good idea. I think getting the EFF to adopt is as an official project would be the best option. Getting the word out to drum up interest by others in the community is the next best thing.
+1 anon suggests relevance only to anonymity programs only.
I think security-misc is better being a meta-package with duraconf preserving its independent status and becomes a submodule of security-misc.
Could you ask them please?
Done. CC’d whonix-devel
Mozilla Certbot is the maintained successor to Duraconf according to the EFF’s Seth David Schoen.
One could either fork and package the upstream generator code or just ship the generated output and manually check/update it occasionally in the future. Let me know which one sounds better and I’ll add it to phabricator.
After a long discussion, we decided to defer to the Mozilla configuration
which is based on
which is, to my knowledge, still maintained by Mozilla staff (and subject
to updates based on new research or other guidance).
In that case we can just reference the config generator in our documentation.
Unless we start shipping nginx or something by default there is no need to package nginx config it since we would always lag behind and not provide any value. In Whonix nginx would also probably for most users not need a great ssl configuration but onion services configuration.
Also the ssl config generator by Mozilla is appreciated but it isn’t really a replacement for duraconf which also covers OpenSSL and gnupg.
Could you diff / meld / kdiff3 the following files please and see if we’re missing something?
Well, I didn’t mean the literal diff. Rather an analysis what config
instances we’re missing and should add for discussion or pull request.
I see. OK I’ll go thru it soon.
Present in Duraconf but not Whonix:
# List all keys (or the specified ones) along with their fingerprints with-fingerprint # When searching for a key with --search-keys, include keys that are marked on # the keyserver as revoked keyserver-options include-revoked # list of personal digest preferences. When multiple digests are supported by # all recipients, choose the strongest one personal-cipher-preferences AES256 AES192 AES CAST5
In the case of –with-fingerprint I remember it changing in recent version but I can’t recall where I’ve listed the new commands. Perhaps phab.
Enabled in Duraconf but not Whonix:
Harmless differences where we do better:
Duraconf is configured to use a clearnet keyserver and so is configured to protect against DNS leaks.
https://neopg.io/blog/gpg-signature-spoof/ referenced a few more gpg
configs. Could you have a look please?
In Cooper but not Whonix
# Don't leak information by automatically trying to get keys. no-auto-key-locate # Never show photos, but show all notations and signature subpackets list-options show-policy-urls no-show-photos show-notations show-keyserver-urls show-uid-validity show-sig-subpackets verify-options show-policy-urls no-show-photos show-notations show-keyserver-urls show-uid-validity no-pka-lookups no-pka-trust-increase # Disable truncating DSA2 message hashes (yes, that's what this does) disable-dsa2 # Some options to avoid stupid behaviors. require-cross-certification force-v4-certs import-options no-repair-pks-subkey-bug import-clean export-options export-clean force-mdc # Use a real encryption algorithm to protect the secret keyring, rather than CAST5. s2k-cipher-algo AES256 s2k-digest-algo SHA512 s2k-mode 3 # This is the maximum iteration count. It's way too small. You should entomb or just # scrypt your private keyring when not in use. s2k-count 65011712 disable-cipher-algo CAST5 IDEA # Regrettably, not supported by GnuPG # disable-digest-algo MD5
PS. While we comment out photo showing, he explicitly disables it.
PS. The last four blocks express cipher/compression settings in unfamiliar notation which may be redundant with our choices. Feel free to disregard(?)
In Cooper and Whonix but not enabled in Whonix:
# Set the charset to UTF-8; you should make sure that your terminal correctly implements UTF-8 support. # TODO(dlg): vttest? charset utf-8 verbose
In Marwell but not Whonix:
# some cipher/encrypt related settings no-force-v3-sigs # signature-related ##WEB OF TRUST## #Key-signing/certification general settings for oneself's keys and others' keys. #The level of trust to assign other people's keys ask-cert-level default-cert-level 2 completes-needed 2 marginals-needed 4 max-cert-depth 6 no-allow-non-selfsigned-uid require-cross-certification
[Those go under “# Some options to avoid stupid behaviors”]
expert no-rfc2440-text auto-check-trustdb
PS. He enables dsa2 which conflicts with Cooper’s settings above.
In Anonymous but not Whonix:
##COMPRESSION PREFERENCES## #Compression settings that override recipients' preferences and all other preferences in this file. #Must change as needed and regularly to increase security. compress-algo BZIP2 compress-level 9 bzip2-compress-level 9 ##WEB OF TRUST## #Key-signing/certification general settings for oneself's keys and others' keys. #The level of trust to assign other people's keys trust-model pgp default-cert-level 0 #ask-cert-level min-cert-level 1 completes-needed 1 marginals-needed 2 max-cert-depth 5 #Signatures, by default, are set not to expire. This can now be changed for each individual signature. Use 0 as a policy. ask-cert-expire ask-sig-expire #default-sig-expire 0 #default-cert-expire 0 #for-your-eyes-only overrides --set-filename and forces recipients to pick an output filename and extension. #Use --set-filename fakeFilename.ext if needed. for-your-eyes-only no-use-embedded-filename #ignore-time-conflict overrides prompts regarding timing that occur due to manual time modifications. ignore-time-conflict #Manually give --faked-system-time 20070924T154812 to GnuPG if it allows. Remove the comment hashtag below to set a faked-system-time but keep changing it to evade identification. #faked-system-time 20070924T154812 ##RUNTIME## enable-progress-filter interactive
[Those go with no-photos settings above]
show-std-notations show-user-notations show-unusable-uids show-unusable-subkeys no-show-primary-uid-only show-sig-expire show-keyring
PS. A more conservative WoT policy compared to Marwell. I copied the comment to Marwell’s snippet above because its more descriptive.
PS. Different choices made in preferred ciphers but I don’t think its important
In Anonymous and Whonix but not enabled in Whonix:
#throw-keyids is similar to the --hidden-recipient option but works on all keyids at once. It blocks GnuPG from emitting the keyid on an encrypted packet. #This makes it difficult but not impossible for someone to deduct the properties of the public-key being used to encrypt a file. Keep changing the public-key to guarantee high secrecy. #The throw-keyids option does not work on signatures and GnuPG does not hide the keyid in a standalone signature. #One can Encrypt and Sign together to hide the signature packet under the encryption packet. #Use available options to specify the secret-key to decrypt with when receiving encrypted files without a keyid. Otherwise, wait for GnuPG to try all secret-keys. throw-keyids
Anonymous also supplies a conf for disabling accidental leaks through auto checking keys because some eccentric protocol support. This is the final file named “gpgsm.conf” pasted here in its entirety:
#This controls dirmngr and gpgsm, both of which are certificate managers connected to GnuPG-2. #One may accidentally or purposefully connect to keyservers and leak data, so it is necessary to clean the connection as much as possible. #Check for reasons behind errors via --debug-all --debug-level guru. #Security precautions to neutralize protocols that can leak information. disable-ldap ignore-ldap-dp disable-crl-checks disable-policy-checks disable-trusted-cert-crl-check #disable-http #ignore-http-dp #Proxy settings. Try to stay behind a system with blanket internet traffic Onion Routing. honor-http-proxy #http-proxy host[:port] #ldap-proxy host[:port] # #To manually use a keyserver with an Onion Routing SOCKS5 Proxy on Port 9050. Change the port number if needed. Blanket Onion Routing of the whole OS is better. #The use of this option overrides the environment variable http_proxy regardless whether --honor-http-proxy has been set. #http-proxy=socks5h://127.0.0.1:9050 #Runtime preferences. verbose verbose verbose verbose verbose verbose verbose verbose verbose verbose #Note about OSCP (Online Certificate Status Protocol) from inside the GnuPG manual. #--allow-ocsp #This option enables OCSP support if requested by the client. #OCSP requests are rejected by default because they may violate the privacy of the user; for example it is possible to track the time when a user is reading a mail. disable-ocsp #Manually give --faked-system-time 20070924T154812 to GnuPG if it allows. Remove the comment-hastag below to set a constant faked-system-time but keep changing it to evade identification. #This option is generally not necessary for use with GPGSM. #faked-system-time 20070924T154812
https://riseup.net/en/gpg-best-practices is nice although they recommend 3072 RSA which I see no reason for if we can easily use maximum key length 4096 RSA.
Right.The absolute maximum GPG supports is 8KB keys for practical reasons as per Werner’s comments. Practical meaning it would be too big for keycards/HSMs and much slower with very little benefit and users might as well switch to the faster and smaller ECC.
Anything changes that should be applied to https://github.com/Whonix/anon-gpg-tweaks/blob/master/etc/skel/.gnupg/gpg.conf ?
The config without comments:
cat etc/skel/.gnupg/gpg.conf | grep --invert-match # | grep --invert-match ‘^$’
no-emit-version no-comments display-charset utf-8 personal-digest-preferences SHA512 cert-digest-algo SHA512 default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed keyserver-options no-honor-keyserver-url fixed-list-mode keyid-format 0xlong use-agent verify-options show-uid-validity list-options show-uid-validity sig-notation email@example.com=%g
cat etc/skel/.gnupg/dirmngr.conf | grep --invert-match # | grep --invert-match ‘^$’
Would it be appropriate to merge https://github.com/Whonix/anon-gpg-tweaks into https://github.com/Whonix/anon-apps-config ? I want to reduce the number of Whonix packages, merge together where that makes sense.
The only thing not clear to me is how to make
/etc/skel/.gnupg/gpg.conf available in Kicksecure?
anon-gpg-tweaks are really
anon-specific. Perhaps better move
/etc/skel/.gnupg/gpg.conf to package security-misc?
Makes sense since it belongs on kicksecure too.
Interesting feature in GPG 2.3 we could enable whenever it hits the stable release:
GnuPG 2.3 introduces a new experimental key database where the keys are stored in an SQLite database and allow for much faster key look-ups. This experimental key database can be enabled with the “use-keyboxd” option.
I’m also going to keep an eye on it for tpm2d which can work with TPMs to bind keys which could theoretically work with the emulated TPM in KVM and protect user secrets in case of compromise.
What is gpg SQLite support good for? I haven’t seen use cases yet where someone was using such a massive amount of keys that key lookup times are non-instant even on slow hardware.
I thought it sped up keyserver lookups, but seems I misunderstood.