[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Tor as a sort of "library/dependancy" for third party software



On 09/28/2011 06:35 AM, Fabio Pietrosanti (naif) wrote:
> Hi all,
> 
> at GlobaLeaks (http://globaleaks.org) we are discussing whenever to plan
> for a GlobaLeaks Desktop application that would allow secure and
> anonymous whistleblowing submission without using a 'web interface'.
> 
> In such context we would like to provide something *really easy* and
> that means bundling everything into a single, portable, digitally signed
> .exe .
> 

Makes sense. Thanks for driving the field forward!

> To do that we would need to bundle Tor binaries/configuration along with
> GlobaLeaks application.
> 
> Are there other third party application bundling Tor together that we
> can look at?
> 

torsocks has some basic c functions that safely wrap sockets - it uses a
Tor proxy but your C program can simply use the torsocks C API rather
than doing anything with socks. If you look in torsocks.c you'll see the
following:

/*
  API for users linking against libtorsocks. Expands to function
definitions for:

    torsocks_connect()
    torsocks_close()
    torsocks_poll()
    torsocks_sendmsg
    torsocks_sendto
    torsocks_res_query()
    torsocks_res_search()
    torsocks_res_send()
    torsocks_res_querydomain()
    torsocks_gethostbyname()
    torsocks_gethostbyaddr()
    torsocks_getaddrinfo()
    torsocks_getipnodebyname()

  See also torsocks.h
*/

You should be able to safely link against torsocks and then use
torsocks_connect() rather than connect() or similar calls. If you
additionally bake in some .onions, I think you'll be in good shape.

> Which would the best/right way to do it?

There are a few designs - I think that using the torsocks socket API is
a reasonable way. Alternatively, it might make sense to use the above
API and then change the backend in torsocks to use something like a unix
socket rather than a TCP connection for SOCKS.

> -naif
> 
> p.s. The alternative to provide the same degree of security/usability is
> to use a Java Applet with file upload+file encryption+silvertunnel as a
> Tor Client layer.

I don't think silvertunnel is a good idea - the code is based on
OnionCoffee which has major problems. I would suggest JTor but only
after a careful audit and some serious work ensuring that it's safe.

All the best,
Jake
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk