Silk Road forums
Discussion => Security => Topic started by: jam on January 07, 2012, 12:06 am
-
So here's my OSX Step-by-step Tutorial for Using GPG in combination with TOR-based email...
What more could u ask for? besides your very own tor hidden
mailserver? its only recently this combination was even (realistically) a
possiblilty for the average joe i believe, no? there's at least been very
few free tor based email services that ive been aware of...
but i gotz it figured out for us mac
users at least. if this info has already been posted, well pardon me, but i haven't
seen it posted/published anywhere online, except for BL, and i know my way around...
i mean, wouldnt you ultimately prefer if you
had a torbased email with ZERO possibility of your IP/location
EVER being logged/traced from the time you sign up to....'ever'?
only requires (simple) intergrated end-to-end GPG? all sent over the tor-
network? by looking out for others safety, you can further garnauntee your own, see?
cuz if you could 100% eliminate the possibility of 'anyone'
knowing the IP/location of even ONE of your closest friends
using TOR/GPG, your ultimately protecting both them AND
yourself...cuz ya never know...ya know? ;)
a 'personally' GPG encrypted mail sent over
tor, instead of thru a 3rd party like hush who has my/your key, IP,
ect?. i dunno. i think its a sweet idea. and no one has
published a "how to" guide for OSX on this, so I felt it my duty.
if u dig it, spread it around to your
OSX friends. it will ultimately only increase
your own security. it really is the next step IMHO..
i could add some pics if if it would help..?
peace
jam
------------
9 Easy Steps- An OSX Tutorial for Setting up Tormail with
Thunderbird/Enigmail
Hey there phluffy..
So there’s many ways to use GPG on OSX to encrypt your emails and
documents, ect, but “by golly” if I haven’t had the hardest time
figuring it all out. Especially in combination with a TOR-based
hidden email service like Tormail.net. And I’m ‘considerably’
computer-savvy, so I just thought perhaps there might be others out
there that could use some advice from what I have learned.
It’s only recently this particular security combination was even
(reasonably) “possible”, specifically, the ability to integrate GPG
based encryption with a TOR-based hidden email service. This gives
both you, and (potentially) those you communicate with, the comfort
of knowing that the IP/location associated with your (or their) email when you
signed up was untraceable from the “very” start and “always” will
be every time you (or they) access it.
Add 2 cups of GPG, and you really can’t get much more anonymous
online. Period. Using public wi-fi from a dedicated comp/usb stick,
using IMAP/POP3 to download/decrypt/respond and re-encrypt emails
offline, running all apps/storing files on a dual-
partitioned/encrypted usb stick (using Tails, Truecrypt, ect) and
perhaps some MAC-spoofing never hurts though.
Cuz unless you wanna run your own TOR-based hidden mail server, or
send smoke signals or something, this seems one of the best current
options for the average individual wishing to TRULY communicate or
send encrypted files anonymously with others online. Defintlely
much safer than services like hushmail, safe-mail, ect, where a
third party still has control of YOUR “private” key…ya know?
So in the hopes of saving some fellow mac-heads a lot of time, and
in the interest of harm-reduction and personal security from those
in the world who may be under scrutiny from oppressive governments
and malicious regimes out to investigate and potentially
incarcerate otherwise innocent individuals who have chosen to do
nothing more than express their god(ish) given RIGHT to do
“whatever the fuck they want” with their, own mind, body, and
soul….for them. For YOU. I write this…
So onto the good stuff. You will need:
1. It used to be you needed a copy of GnuPG for OSX available
here:
http://macgpg.sourceforge.net/
But as it says on their homepage, the project has been handed over
to:
2. GPGTools: www.gpgtools.org.
Just download their current bundle and you’ll get GnuPG
automatically installed, which is essential to get GPG workin on
your Mac. Unless you choose a custom install, it gets installed
along with:
• Integrated GPGMail (OS X 10.5 to 10.7, Universal).
• Integrated GPG Keychain Access (OS X 10.5 to 10.7, Universal).
• Integrated GPGServices (OS X 10.6 to 10.7).
• Integrated GPGToolsPreferences (OS X 10.6 to 10.7).
• Integrated MacGPG 2 (OS X 10.5 to 10.7, Intel).
• Integrated MacGPG 1 (OS X 10.5 to 10.7, Universal).
• Integrated Enigmail (Thunderbird 3 to .
3. Next go to the Tor Project website at:
https://www.torproject.org/download/download.html.en
Download either the “Tor Browser Bundle” (Intel-only) or the
“Firefox/Vidalia/Torbutton” bundle (PowerPC-friendly).
The only difference is the Firefox bundle requires some extra
effort on your behalf by disabling certain plug-ins, scripts, java,
flash, ect that could ‘potentially’ reveal your true IP. The
Tor/Aurora Browser bundle comes pre-configured for your security,
and is therefore recommended for the uncertain. But Firefox also
allows you the ability to use FireGPG if you so choose.
4. Once running TOR via Firefox w/Torbutton or Torbrowser/Aurora,
verify you are connected to the TOR network by clicking here:
https://check.torproject.org/
5. Next, get a Tormail.net email address. The Tormail.net .onion
address is:
http://jhiwjjlqpyawmpjx.onion
This is what provides you ‘location’ anonymity compared to ANY
other email service. Couple that with GPG and you really can’t be
much more secure at this point in time. (please correct me if I’m
wrong). Read the Tormail homepage to understand their dual web-
facing, anonymous-web relays, security info, ect.
But Tormail alone will ONLY cloak your IP adresss, and does not
provide you the GPG encryption essential to true anonymous
communication online. So the next thing you’ll need is an
OpenSource, IMAP/POP3 capable email client.
6. Download Mozilla projects “Thunderbird”, an email client brought
to you by the ‘most def’ Firefox crew . Highly recommended,
although Mail.app can also apparently be used too.
Thunderbird download: http://www.mozilla.org/en-US/thunderbird/all.html
7. In order to integrate free, opensource GPG encryption with
Thunderbird/Tormail to provide true “end-to-end” email encryption
thru the TOR network, you’ll need Enigmail. It should have been
part of your GPGTools download, otherwise you can download it here:
http://enigmail.mozdev.org/download/index.php.html
8. Now for the ‘tricky’ part that “truly” inspired me to write this
article in the first place. The instructions are on Tormail.net’s
“Help” page, but can ‘very’ easily be overlooked. I did. Multiple
times. But they are ESSENTIAL!
http://jhiwjjlqpyawmpjx.onion/help.html
Following these instructions are truly essential to get
Thunderbird/GPG to work with Tormail on OSX. Reaching a TOR-based
hidden mailserver thru a “.onion” address is very different from
regular SMTP access to a mailserver. You MUST follow these
instructions in order to get Thunderbird to work with Enigmail/GPG.
PERIOD. Trust me. Just do it. Or it WILL NOT work. Period.
Again, just read their page if you have any doubts:
http://jhiwjjlqpyawmpjx.onion/help.html
It’s really easy and you’ll pat yourself on the back in less than
10 minutes. Promise. Cuz it’s the ONLY way I know of to get Tormail
to work with Thunderbird/Enigmail. (But again, correct me if I’m
wrong.)
Just follow the instructions to the “T”, and you should have some
of the VERY best, truly anonymous, encrypted, online security you
could EVER hope for at this point in time on OSX. I just wish
someone had written this page for me, that’s all.
In case you cant reach the original page, here are the instructions
for configuring Enigmail to work with Thunderbird: I’ve edited them
VERY “slightly” to make them simpler for most people to understand,
and to correct a few errors on their page. Namely, the menu-paths
they (mis)typed. Compare yourself if you like. I’m here to help.
That is all.
http://jhiwjjlqpyawmpjx.onion/help.html
Configure Thunderbird to work through Tor
You can use Tor Mail with Mozilla Thunderbird by following these
instructions.
You must do this or it will not work with Tor Mail.
1. Download and Install Thunderbird.
2. Open Thunderbird.
3. Goto Thunderbird menu -> Preferences
4. Click Config Editor button.
5. In the config editor filter type in
network.proxy.socks_remote_dns
6. Double click (→MAKE SURE← to double click) on it to change the
value from ‘False’ to ‘True’.
7. Close the Config Editor and click "Network & Disk Space" tab.
8. Click Settings Button.
9. Select Manual Proxy Configuration and fill in the following:
HTTP Proxy: 127.0.0.1 Port 8118
SSL Proxy: 127.0.0.1 Port 8118
Socks Host: 127.0.0.1 Port 9050
10. Select Socks v4.
11. Press OK.
12. Press OK again on the options window to close it.
Adding your Tor Mail account to Thunderbird
1. Open Thunderbird.
2. Goto Tools -> Account Settings -> Account Actions -> Add Mail
Account.
3. Enter your name (whatever you want to be displayed, its not your
username), email address and password.
4. Press Continue, Thunderbird should download the autoconfig file
from us.
5. Click Create Account.
9. Once you’ve created and added your new Tormail addy to
Thunderbird, you’ll want to generate a new key pair for your
addresss to enable GPG encryption. One public (to share freely).
One private (to guard with your life).
In Thunderbird, find your newly added Tormail addy on the left
menu. Scroll down and click on “OpenPGP Security” for your account.
Click, then click on the box next to ”Enable OpenPGP (Enigmail) for
this identity.”
Also click the boxes next to: “Sign encrypted messages by default”.
“Encrypt messages by default”, and “Use PGP/MIME by default”.
Go back to the OpenPGP Menu -> Key Managemnt -> Generate-> New Key
pair. Find your new Tormail you want to create a keypair for in the
drop-down menu, and click Generate Key. Move your mouse around to
generate some randomness while your key is being created.
That’s it! ☺
You now have your own Tor-based, anonymous GPG capable email
enabling end-to-end GPG encryption over an anonymous TOR-based
mailserver/network. You’re officially a ninja!
Thats all you need to do.
You can ignore any messages about the connection being insecure,
Tor/Enigmail does end-to-end encryption to hidden services,
thunderbird is not aware that you are using Tor.
If for some reason autoconfig fails, you can use the following.
SMTP server: jhiwjjlqpyawmpjx.onion Port: 25 SSL: None
Authentication: Normal Password
IMAP server: jhiwjjlqpyawmpjx.onion Port: 143 SSL: None
Authentication: Normal Password
POP3 server: jhiwjjlqpyawmpjx.onion Port: 110 SSL: None
Authentication: Normal Password
IMAP stores your mail on the server similar to webmail.
POP3 downloads the messages to your PC (and usually deletes them
from the server after download).
If you want to access your mail from multiple PC's then IMAP is the
best choice.
POP3 may be problematic with Tor because of long delay connecting
and Thunderbird only tries every hour, meaning it may actually
never make a successful connection.
Copyright © 2011 Tor Mail. All Rights Reserved.
Anyways, peace. The rest ‘should’ be self-explanatory. I just hope
this might help someone and please pass it on to stop this
ridiculous WOD and honor our millions of innocent brothers and
sisters current incarcerated for ridiculous, non-violent drug
“crimes”.
The pen (or perhaps keyboard?) truly is mightier than tha sword!
Please respond to this thread if you have any questions or
corrections to my instructions if need be.
Peace
JAM 2012
-
Help! I got T Bird installed but I can't get it to add my Tormail account. I have followed the instructions to the letter, and even tried the manual proxy settings on the tor "help" page and they won't work either. Any ideas would be greatly appreciated. I just get a msg from T bird saying "are you sure usrnm and pswrd are correct?" WTF???
-
I am having the exact same problem as you. Only I'm running on Linux instead of Mac. But shouldn't the instructions still work?
If anyone has figured it out, can you please enlighten us?
-
@Shroomin' I just had a buddy over here for 4 hours trying to config T bird to Tormail, and we still haven't had success. He is going to continue doing research. We even emailed the Tor guys with screen shots so hopefully I can get this thing going soon. If you figure anything out plz let me know asap.
-
@A. Dubois
I finally got it to work, but not with my current operating system. I was trying to use linux to do it, but no matter what I did, it would not work. Finally I wiped that out and installed XP. Followed the instructions, and everything worked like a charm.
-
Dude that's funny you say that. I'm about to buy a separate machine just to run SR. Sucks but I'm at a total loss. It won't work on my mac but I bet I'll have no trouble on a PC. I'll let you know how it works out.
-
Just install Virtual Box. It's free. You can run any operating system with it.
-
Mine is working fine but I had to change something.
When you Add Mail Account, go to Manual Config:
SMTP server: jhiwjjlqpyawmpjx.onion Port: 25 SSL: None Authentication: Normal Password
IMAP server: jhiwjjlqpyawmpjx.onion Port: 143 SSL: None Authentication: Normal Password
or
POP3 server: jhiwjjlqpyawmpjx.onion Port: 110 SSL: None Authentication: Normal Password
IMPORTANT DETAIL: Vidalia for Mac changes the port each time you open it.
OP instructions step 9:
Select Manual Proxy Configuration and fill in the following:
HTTP Proxy: 127.0.0.1 Port 8118
SSL Proxy: 127.0.0.1 Port 8118
Socks Host: 127.0.0.1 Port 9050 ==> This port changes each time you restart Vidalia. To know which port you're using, go to Firefox/Preferences/Advanced/Network/Connection/Settings and you'll see under SOCKS Host.
-
Dude that's funny you say that. I'm about to buy a separate machine just to run SR. Sucks but I'm at a total loss. It won't work on my mac but I bet I'll have no trouble on a PC. I'll let you know how it works out.
which architecure are you trying to run it on? powerpc or intel? i tried to get gpg/tbird/tor ect running on a powerbook G4 and it was way too much "work around" besides the fact that you'll bee forced to used outdated, unsecure versions of "everything" pretty much. i can set it up on a intel macbook in no time...
the only edit in the instructions would bee to note when setting up the tbird prefs, you actually want to bee in the Tbird->Prefs->General-> then->"Advanced" tab to access the "Config Editor" and "Network & Disk Space", ect...
-
Thanks for the new stuff to try. I'll let you know how it works out.
-
if running Firefox w/Torbutton (and possibly Aurora/Browerbundle too maybe?) i'd also download the Firefox add-ons: "No Script" and "Https Everywhere" for extra security...
but really curious what tha geekz in the house think...? ? ?
if one were to install something like iPortableSnow or any macOS onto a duel-hidden layer usb flash drive using Truecrypt, then install this set-up, how it might compare (security wise) to installing a Linux based system onto a usb drive like Tails or Liberte? OSX is essenttially Unix based too, no?
how much of a difference is there?? is there really so much of a difference? security wise?
otherwise what advice might you have to beef up security for us OSX users looking run/encrypt "everything" from a usb stick without leaving any traces on the host computer??
-
I've tried every single method here down to the 't'. I'm at a complete loss as to why it's not working on my computer. I've even changed the port Thunderbird tries to connect to Tormail with, like Midas suggested and still nothing. I've tried multiple times with different ports and I'm about ready to throw this computer off a building. It says it can't find the settings for my email account or something similar.
Please help! :'(
-
Hello StarTweaKer,
Relax my friend. :)
There is a reason we at The Flipside recommend this particular thread for those new to GPG wishing to integrate Thunderbird/Enigmail/GPG with Tormail. This method should apply to both to OSX or Window's users, as the instructions essentially apply to both platforms and (to an extent) can also be found on Tormail's website. The OP kind of "put everything together" for the average user.
In our opinion, it is the the next best option to running Liberte or Tails for the average user. Preferably off a Truecrypted flash drive. Either way, this method is easier to install on any OSX in particular, since installing Liberte/Tails to run of an Apple "host" computer requires access to a Windows machine to be "easily" installed. But that's as complicated as it gets.
Let us know specifically which OS/Version/Hardware you are running first before throwing your laptop out the window! PLEASE! ;)
This method has worked very well for the majority of our customers, as well as many personal friends. Since we recommend this thread to new GPG users, we will certainly do our best to help you get things working using this method. Just provide some more specific details about your OS, hardware, specific "error" messages, current Tor/Vidalia/Thunderbird/Preferences/Plug-in's/Add-on's settings, ect.
The community, as well as ourselves, will surely do our best to help you. :)
Peace
The Flipside Crew
-
I've tried every single method here down to the 't'. I'm at a complete loss as to why it's not working on my computer. I've even changed the port Thunderbird tries to connect to Tormail with, like Midas suggested and still nothing. I've tried multiple times with different ports and I'm about ready to throw this computer off a building. It says it can't find the settings for my email account or something similar.
Please help! :'(
Import the vendors key, then make a textfile with your address in it. Open a shell:
gpg --armor --recipient yourvendoremail@tormail.net --encrypt myaddress.txt
It produces the file myaddress.txt.asc .. open it, cut+paste the encryption into the order box.
The browser bundle changes the port like that guy said above everytime, but regular tor daemon install doesn't. Download the other version besides the browser bundle whatever they offer for OSX
-
First of all thank you mdmamail and flipside for helping me out with this very frustrating issue. You guys rock<3 :-*
I currently have 13 inch aluminum Macbook (Not Pro) 2.4 GHz running OSX 10.6.8 Snow Leopard.
As for Tor, I installed using the Tor Browser Bundle that came with Vidalia. It launches Firefox in a separate browser. I downloaded the GPG tools mentioned in this guide and due to my aforementioned issues with Thunderbird, I have been stuck at this step for a while now. :-\
mdmamail, I will download the Tor button for Firefox and update if/when this resolves my issue w/Thunderbird.
Also, if either of you would like to PM me a personal guide, I would really really appreciate it<3
-
I'm having the exact same problem on my Thinkpad running Linux Mint 12 >:( If anybody comes up with any solutions I'd be very appreciative.
-
As for Tor, I installed using the Tor Browser Bundle that came with Vidalia. It launches Firefox in a separate browser. I downloaded the GPG tools mentioned in this guide and due to my aforementioned issues with Thunderbird, I have been stuck at this step for a while now. :-\
mdmamail, I will download the Tor button for Firefox and update if/when this resolves my issue w/Thunderbird.
StartweaKeR, (unless I am confused. I "just" woke up. sorry.)
If you downloaded TBB the browser "Aurora" should open, not Firefox. Although they are essentially the same (Aurora being a "pre-security configured" version of FF), that is why there are 2 options, TBB or Vidalia bundle/w Torbutton, ect.
Perhaps try reinstalling fresh? There "may" be conflicts if you have both Firefox and TBB installed.
To uninstall Firefox (BACK-UP FIRST IF YOU WANT TO KEEP YOUR BOOKMARKS, PREFS, ECT):
1. Trash the Application itself from your Application folder.
2. Go to User->Library->Application Support. Find the Firefox folder and trash it.
3. Go to User->Library->Preferences. Find a file called "org.mozzila.firefox.plist". Trash it.
Try to trash all "Vidalia" files themselves as well. Along with any TBB files. I don't recall their exact location off hand, but google it, or I'm sure someone else here does. I believe Windows users get a TBB "auto-uninstaller", no?
Then try reinstalling TBB or Firefox with Vidalia/Tor button. One or the other. NOT both. This "may" be causing conflicts..
If this doesn't work let us know. We will do our best to help.
--------
bmb,
No Linux advice, sorry. I'm sure someone here can help though. Command line is not my forte'. Sorry. :(
----------
But as of now, until Tormail is back up and running 100%, the Tormail IMAP/POP/STMP settings in this tutorial will not apply.
You can however still use this guide if you have an existing Tormail address. (Or a friend with a spare one laying around) ;)
* Another temporary "work-around" would be to encrypt your message first in Thunderbird using GPG, then copy/paste the GPGiberish and send it using (preferably) "Squirrell Mail" (Tormail's "non-java" web service).
This can be done with 'any' mailserver really. It's just more work.
Peace
The Flipside Crew
-
Hello ,
Thank you so much for the easy to follow tutorial , but... i have done every step as required and when it goes to the last step and i keep getting "configuration could not be verified - is the user name or password wrong?" I have checked and even opened up a new tor mail account just to make sure i got it right. If you have any advice for me , would a great help as i am want to get gpg email client to work well, so i can offer a secure way of communicating with my customers
.
Kind regards
RP
mac os lion , TOR FF bundle
-
Hi there ,
First of all thank you so much for the tutorial it was a great help in getting my head round pgp. I rsn into trouble like stated above user anme not correct. Now every time vidalia loads it uses a different SOCKS port , so every time i load Thunderbird i have to go to preferences network , and make sure the SOCKS port is the same as vidalia . Once i do that it works fine , very well. It s a bit of a pain changing it every time manually i was wondering is there any way so i do not have to do that ? I have read many different guides on the net about pgp and yours has to be the best and easiest for noobs. Thank you .
RP
-
So for 3 days now I have uninstalled - reinstalled then tried it again standing on 1 leg doing circles and then again wearing a raincoat inside......nothing works. every time I get the - user name and password is wrong. I have followed every step from every source that I could find to no avail. Running a macbook pro10.6.8 have the bundles, gpg, thunderbird and enigmail.....WTF? I'm not computer handicapped for peanuts sake.
-
Thanks for the advice.. I just reinstalled everything again and with the 2 vidalia. I tried that earlier but a lack of sleep due to a month long insomnia spat is starting to get the best of me. An' here I go again on my own, Goin down the only road I've ever known.........
I need sleep
-
The second Vidalia fixed everything but now the problem is " The wizard will next ask you for permission to change some settings to make sure there are no problems with signing and/or encryption.
Click the Yes radio button.
Next the wizard will detect any keys that you may have on your PGP keyring. It will show you a list of these keys. There will also be a radio button which will allow you to generate a new PGP key.
Click one of the keys shown to choose as a default key to use for signing and encryption. Click continue."
It will not generate a key and I keep getting a error code.....any suggestions?
-
"Next the wizard will detect any keys that you may have on your PGP keyring. It will show you a list of these keys. There will also be a radio button which will allow you to generate a new PGP key.
Click one of the keys shown to choose as a default key to use for signing and encryption. Click continue".
None of this happens. This is what I get,
Warning unresponsive script, a script on this page may be busy or it may have stopped responding.
You can stop the script now or continue to see if script will complete
radio button to stop script or continue.
I hit continue and then
GPG keychain access window opens
and then
Open PGP alert
Wizard could not find the GnuPG executable, please locate it manually in the following dialog.
If you did not install GnuPG yet we recommend you visit http://www.gnupg.org
yesterday it was different, I followed the exact same steps today
-
I tried but it didn't work either. I will start the whole process all over again and hope for the best. It seemed like it was going to work but it wouldnt generate a new key...I let it run for 1hr even though it said it'll take several minutes I finally had to shut down to run some errands. Anyway thanks for the help
-
Had a funeral to attend out of town but as soon as I was able to I checked for the updates and presto everything worked fine. I do want to thank Guru again for the help, without it I may have thrown my macbook into the river.