Password protect configuration files

[jackinaboat]

Torsion needs a couple of new functions.

First, it would be nice to have password protection similar to Bitcoin password protection.

Second, an option to send files would be nice.

Third, an OTR plug-in wouldn't hurt for additional security.

Lastly, additional encryption would never hurt.

[special]

First, it would be nice to have password protection similar to Bitcoin password protection.

This is an interesting one. Ideally, the entire config folder should be encrypted: it contains the contact list and secrets (in a .ini), the private key, and tor's state (which includes e.g. chosen guard relays). The problem is that with current tor, the private key and state files must be directly readable.

It seems unlikely that upstream tor would be interested in directly implementing file encryption. Redirecting all of those files through the control connection is possible, but would be complicated and likely involve extensions to that protocol. Some platforms have options that would allow fake or loopback filesystems, but none I'm aware of that are cross-platform and unprivileged. Patching tor away from upstream is not an option. I don't have a good idea a solution yet.

It is worth noting that the default mode on all platforms is to store data portably, next to the binary, so you can place it on an encrypted disk manually.

Second, an option to send files would be nice.

Keep an eye on #15. I have some UI and early designs sketched out, currently.

Third, an OTR plug-in wouldn't hurt for additional security.
Lastly, additional encryption would never hurt.

See the discussion of both on #28.

I'll repurpose this to cover the password protection issue, which doesn't have an existing bug. Thanks for the comments.

[special]

There is discussion on #30 about storing hidden service keys. Tor has a bunch of related tickets under https://trac.torproject.org/projects/tor/ticket/8993. I promised to sketch out a control API that would be suitable at some point.

That would still not allow for encrypting everything, though. All of the other data tor reads directly is still a problem, including the state file and torrc.

[special]

Tor 0.2.7.x has an ADD_ONION control API, which is sufficient for us to encrypt Ricochet's configuration and the hidden service data. Tor's configuration and state files will remain unencrypted - which is a shame, but is at least much less sensitive.

[special]

Requires #227