Saturday, October 13, 2012

Email Security

Email encryption and digital signature are ways to protect your emails from spying eyes and to make sure the recipient knows that you are the original sender of the email. Enigmail is an Add-on for the Mozilla Thunderbird mail client that allows you to send securely emails.
The term e-mail is a little misleading. When you send a mail trough the post you write something on a paper and put it into a sealed envelope, so the people handling your mail can't actually see what is inside. Now most people think that the e-mail is similar to this, however in reality its more like a postcard...When going trough the servers, basically anyone who knows how to, can read them. This is where Enigmail and OpenGPG appear and add a layer of security.

Digital signature 

Digital signature is the equivalent of a signature in the computer world. It helps to uniquely identify -in this case- the sender of the email. So if A and B are talking (assuming both of them have the software of course) and A sends an e-mail to B and signs it with his own signature, then B knows for sure that the e-mail came from A and it wasn't altered, the information can be trusted.
Digital signature doesn't prevent others from reading your message on its way, but it cannot be altered and the recipient can be sure that the e-mail comes from the right source. You can also sign e-mails and send to a person who doesn't have the software and they will still be able to read it.

Encryption 

Encryption is encryption. You encrypt the whole message making others unable to read it except for the person you have sent it to. This is considered as secure messaging and the contents of the email remain hidden from spying eyes.
The basics for the encryption used here is the use of encryption keys. So if A and B are e-mailing both of them have a key pair on their system, a private key and a public key.
  • Private key - Must be kept secret and protected from everyone. It is used to decrypt messages sent TO you.
  • Public key - You can share this key with friends and basically anyone. It is used BY OTHERS to send encrypted messages TO YOU.
So for starters A and B have to exchange their public keys, this will identify them and allow to send and receive encrypted e-mails. Here is how it goes briefly:
A takes the public key of B and uses it to encrypt the message and sends it to B. B then receives this message and decrypts it with his own private key. If this private key is secret, only B is able to read the message. Similarly when B replies he encrypts the message with A's public key and A can decrypt it with his own private key.

Step 1. Installing Enigmail for Thunderbird

There are two components to install: Enigmail, the Add-on for Thunderbird and GnuPG encryption software.
Enigmail can be simply downloaded from the Add-on tab of Thunderbird, it is very straightforward, but it uses GnuPG to work so without that it's useless.

  1. Open Mozilla Thunderbird
  2. Go to Tools/Options/Manage Add-Ons
  3. Search for "Enigmail" and download it

(If you can't seem to find it there, download from Mozdev and install, or you can upgrade to the latest Thunderbird version which should be able to find it)

That is Enigmail done.


Step 2. Installing GnuPG

First of all GnuPG depends on the following packages: libgpg-error, libgcrypt, libksba and libassuan.

Now these not installed by default with Ubuntu so if you have not installed them before you will have to do it now. The easiest way to do this is with the synaptic package manager (sudo apt-get install synaptic if you do not have it already). Simply search for each of the above packages and mark them for installation and install them all.

Go to gnupg.org and download GnuPG 2.0 which will come in a .tar.bz2 file. Extract this file and open up a terminal window, cd to the extracted folder and build GnuPG from source as you would do normally:
sudo ./configure
sudo make
sudo make install
If you are still missing a package and error message will warn you at the end of ./congfigure similar to this:
Instructions are straightforward, simply install missing packages and everything will go smoothly. After running make and make install (takes some time) you will get a confirmation of GnuPG installed:

Step 3. Check configuration

First of all Thunderbird and Enigmail need to be set up to use GnuPG, usually it is done by default, but do a manual check. Open Thunderbird and check the new OpenPGP menu point and select Properties and you will be presented the following window
All you have to make sure that the router to gpg is correct (usually it is), however if it is not, specify the correct router in the box below.

DONE.

You can either import you key files from another machine or if this is the first time using Enigmail and OpenGPG then you will need to create a new key pair. This is beyond the installation tutorial, but a step-by-step (quickstart) guide is available on enigmail.net

PirateBox Chat Glitch Fixed

Thanks to conversall2  for spotting a glitch with the chat feature in my new website design.

Due to slightly different design than before, the chat window was embedded into the main page and did not refresh by itself.
This has been fixed by using a simple iframe and chat works normally now.
Please download the fixed design from GitHub

Thanks for spotting & feedback and sorry for this issue.

Sunday, October 7, 2012

Starting lighttpd: (network.c.358) can't bind to port: 80 Address already in use

Recently I had the error message appearing when trying to launch my PB on my Ubuntu machine:
Starting lighttpd: (network.c.358) can't bind to port:  80 Address already in use 

Turns out there are quite a few old forum threads on this topic where the issue comes down to one of 2 things:

  1. Another webserver application is running (like apache)To solve this issue check what is running on port 80 by:
    sudo fuser -v 80/tcp
    And then kill or remove this application.
  2. IPv6 is causing some issues in the lighttpd.conf file
    Open lighttpd.conf file in any text editor and comment the line
    include_shell "/usr/share/lighttpd/use-ipv6.pl"
    with a #, so:
    #include_shell "/usr/share/lighttpd/use-ipv6.pl"
    Although in case of the PirateBox script package, this comes ready and set.

My personal issue was that somehow I had apache2 webserver installed on my system. I do not remember installing it, but now it has been removed and lighttpd is starting/running just fine. So if anyone is having a similar issue, you may want to check out these 2 possible issues.

Thursday, October 4, 2012

How to create, format and mount .img files

Now since I am doing some designs for the PirateBox in the future it will be easier if I would make custom image files that could replace the original one. This would make life easier as there would be no need to mount, backup and change the original image file. 

I am experimenting with some html5 videos in my custom PB design just to see how the server and router handles the "pressure". Also after reading some threads on reddit I am keen to try some browser games on my PB, but these will need a larger container than the default img (20MB). So here is a short note on how to handle these img files.
(Also sorry for the colours, it is just to illustrate parts of the code.)

Creating & formatting img files in Ubuntu


1.   Open terminal and type
dd if=/dev/zero of=file.img bs=1M count=50
This will create a file called "file.img" in your home directory with a size of 50 MB.

What is what?
if=/dev/zero => input file, but since we want an empty container (no input file), we use the "universal" term for "nothing" /dev/zero
of=file.img => output file, file name & location
count=50 => Size of the file in MB

2.   After this image needs to be formatted in some file format (ext4, fat32, ntfs and so on; ext3 for the PirateBox). Now you can either use gparted if you want  some nice GUI or you can use mkfs command:
mkfs ext3 -F file.img
(For a quick and easy way to do this, you can use my script imgKreator from GitHub.)

Mounting the img file


I have tried mounting the PirateBox img file with different software, but that didn't work. So after some help through chat and forums here is the command to mount the img file:

sudo mkdir -p /tmp/mount_tmp/ && sudo mount -o loop,rw,sync piratebox/pbIMG_ws.img /tmp/mount_tmp
What is what?
/tmp/mount_tmp/ => Create the folder where the img will be mounted
piratebox/pbIMG_ws.img => Route to PB image file
/tmp/mount_tmp => Mount location

I personally had issues trying to edit anything in the folder so I am running a mounting script with the second line being:
sudo chmod -R ug+rw /tmp/mount_tmp
Which just gives read+write permission to the folder.(Although this worked for me before, when creating a new file container use sudo chmod 777 otherwise the PB will not recognize the files and although connection to the network can be made, no website will load). After this editing is simple.

To unmount:
sudo unmount piratebox/pbIMG_ws.img

PirateBox: If interested here is a script that will allow you to quickly mount and unmount pbIM_ws.img file that contains the www folder and the UI/html files.