On 09/28/2011 06:35 AM, Fabio Pietrosanti (naif) wrote:
> Hi all,
>
> at GlobaLeaks (http://globaleaks.org) we are discussing whenever to plan
> for a GlobaLeaks Desktop application that would allow secure and
> anonymous whistleblowing submission without using a 'web interface'.
>
> In such context we would like to provide something *really easy* and
> that means bundling everything into a single, portable, digitally signed
> .exe .
>
Makes sense. Thanks for driving the field forward!
> To do that we would need to bundle Tor binaries/configuration along with
> GlobaLeaks application.
>
> Are there other third party application bundling Tor together that we
> can look at?
>
torsocks has some basic c functions that safely wrap sockets - it uses a
Tor proxy but your C program can simply use the torsocks C API rather
than doing anything with socks. If you look in torsocks.c you'll see the
following:
/*
API for users linking against libtorsocks. Expands to function
definitions for:
torsocks_connect()
torsocks_close()
torsocks_poll()
torsocks_sendmsg
torsocks_sendto
torsocks_res_query()
torsocks_res_search()
torsocks_res_send()
torsocks_res_querydomain()
torsocks_gethostbyname()
torsocks_gethostbyaddr()
torsocks_getaddrinfo()
torsocks_getipnodebyname()
See also torsocks.h
*/
You should be able to safely link against torsocks and then use
torsocks_connect() rather than connect() or similar calls. If you
additionally bake in some .onions, I think you'll be in good shape.
> Which would the best/right way to do it?
There are a few designs - I think that using the torsocks socket API is
a reasonable way. Alternatively, it might make sense to use the above
API and then change the backend in torsocks to use something like a unix
socket rather than a TCP connection for SOCKS.
> -naif
>
> p.s. The alternative to provide the same degree of security/usability is
> to use a Java Applet with file upload+file encryption+silvertunnel as a
> Tor Client layer.
I don't think silvertunnel is a good idea - the code is based on
OnionCoffee which has major problems. I would suggest JTor but only
after a careful audit and some serious work ensuring that it's safe.
All the best,
Jake
_______________________________________________
tor-talk mailing list
tor-talk@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
