[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] Tor as a sort of "library/dependancy" for third party software
On 09/28/2011 06:35 AM, Fabio Pietrosanti (naif) wrote:
> Hi all,
> at GlobaLeaks (http://globaleaks.org) we are discussing whenever to plan
> for a GlobaLeaks Desktop application that would allow secure and
> anonymous whistleblowing submission without using a 'web interface'.
> In such context we would like to provide something *really easy* and
> that means bundling everything into a single, portable, digitally signed
> .exe .
Makes sense. Thanks for driving the field forward!
> To do that we would need to bundle Tor binaries/configuration along with
> GlobaLeaks application.
> Are there other third party application bundling Tor together that we
> can look at?
torsocks has some basic c functions that safely wrap sockets - it uses a
Tor proxy but your C program can simply use the torsocks C API rather
than doing anything with socks. If you look in torsocks.c you'll see the
API for users linking against libtorsocks. Expands to function
See also torsocks.h
You should be able to safely link against torsocks and then use
torsocks_connect() rather than connect() or similar calls. If you
additionally bake in some .onions, I think you'll be in good shape.
> Which would the best/right way to do it?
There are a few designs - I think that using the torsocks socket API is
a reasonable way. Alternatively, it might make sense to use the above
API and then change the backend in torsocks to use something like a unix
socket rather than a TCP connection for SOCKS.
> p.s. The alternative to provide the same degree of security/usability is
> to use a Java Applet with file upload+file encryption+silvertunnel as a
> Tor Client layer.
I don't think silvertunnel is a good idea - the code is based on
OnionCoffee which has major problems. I would suggest JTor but only
after a careful audit and some serious work ensuring that it's safe.
All the best,
tor-talk mailing list