APAF icon indicating copy to clipboard operation
APAF copied to clipboard
verified publisher icon globaleaks

Protect Tor Hidden Service Key

Open fpietrosanti opened this issue 13 years ago • 4 comments

Currently Tor have a security weakness so that the Tor Hidden Service Key and the file containing the hostname are stored in clear-text onto the computer's filesystem with no ability to protect it.

The only way to currently protect that kind of file resources is trough the implementation of filesystem encryption, but unfortunately it does require administrative privileges and kernel modules to work.

This ticket is about the implementation of a system to protect the Tor Hidden Service Key and Hostname file.

The implementation maybe done trough:

  • Implementation of Tor's Ticket https://trac.torproject.org/projects/tor/ticket/5976
  • Implementation of APAF's Ticket #25
  • Implementation of TxTorConn Ticket https://github.com/meejah/txtorcon/issues/13

That way it would be possible to store securely Tor HS Key in APAF's Secure Database and load it dynamically via TorCP

fpietrosanti avatar Aug 21 '12 11:08 fpietrosanti

Why not using a fuse filesystem? Surely there will be some implementation of encrypted file system in user space

joxer avatar Sep 04 '12 15:09 joxer

Fuse require a kernel module to be loaded, that introduce even more cross-platform dependency issues.

Additionally Fuse kernel module loading require administrative privileges.

fpietrosanti avatar Sep 04 '12 16:09 fpietrosanti

On txtorcon issue there is a good discussion in using another approach with FIFO / Named Pipes

fpietrosanti avatar Sep 13 '12 08:09 fpietrosanti

On Tor there's someone that recently pushed a patch to be reviewed doing that feature for handling TorHs via TorCP: https://trac.torproject.org/projects/tor/ticket/6411#comment:6

fpietrosanti avatar Oct 06 '12 11:10 fpietrosanti