Use Session Session Private Messenger Chat with Kicksecure

From Kicksecure
Jump to navigation Jump to search
Documentation Previous page: Signal Index page: Documentation Next page: Printing and Scanning Use Session Session Private Messenger Chat with Kicksecure
Session Private Messenger Logo

How-To: Use Session Private Messenger with Kicksecure.

Introduction[edit]

Documentation for this is incomplete. Contributions are happily considered! See this for potential alternatives.

Session Private Messenger Security[edit]

A detailed blog post on why Session removed PFS (Perfect Forward Secrecy), and what that means for users can be found herearchive.org iconarchive.today icon.A Response to Recent Claims About Session's Security Architecturearchive.org iconarchive.today icon

Install the Session Desktop Client[edit]

warning Security warning: Adding a third-party repository and/or installing third-party software allows the vendor to replace any software on your system, including but not limited to the installation of malware, file deletion, and data harvesting. Proceed at your own risk! See also Foreign Sources for further information. For greater safety, users adding third-party repositories should always use Multiple Kicksecure to compartmentalize VMs with additional software.

Kicksecure default admin password is: changeme Documentation in the Kicksecure wiki provides guidance on adding third-party software from various upstream repositories. This is especially useful since upstream often includes generic instructions for different Linux distributions, which may be complex for users to follow. Additionally, documentation in Kicksecure usually places a higher emphasis on security and verifying digital software signatures.

The instructions provided here serve as a "translation layer" from upstream documentation to Kicksecure, offering assistance in most scenarios. Nevertheless, it's important to recognize that upstream repositories and software may change over time. Consequently, the documentation on this wiki might require occasional updates, such as revised signing key fingerprints, to remain current and accurate.

Please note, this is a general wiki template and may not apply to all upstream documentation scenarios.

Users encountering issues, such as signing key problems, are advised to follow the Self Support First Policy and engage in Generic Bug Reproduction. This involves attempting to replicate the issue on Debian bookworm, and contacting upstream directly if the issue can be reproduced, as such problems are likely unspecific to Kicksecure. In most cases, Kicksecure is not responsible for, nor capable of resolving, issues stemming from third-party software.

For further information, refer to Introduction, User Expectations - What Documentation Is and What It Is Not.

Should the user encounter bugs related to third-party software, it is advisable to report these issues to the respective upstream projects. Additionally, users are encouraged to share links to upstream bug reports in the Kicksecure forums and/or make edits to this wiki page. For example, if there are outdated links or key fingerprints that need updating, please feel free to make the necessary changes. Contributions aimed at maintaining the accuracy and currency of information are highly valued. These updates not only improve the quality of the wiki but also serve as a useful resource for other users.

The Kicksecure wiki is an open platform where everyone is welcome to contribute improvements and edits, with or without an account. Edits to this wiki are subject to moderation, so contributors should not worry about making mistakes. Your edits will be reviewed before being made public, ensuring the integrity and accuracy of the information provided.

1. Add the Session GPG key to the APT keyrings. [1]

To add the signing key, follow steps A to C.

A. Securely download the key.

Kicksecure

If you are using Kicksecure (kicksecure), run.

scurl https://deb.loki.network/pub.gpg --output loki.gpg

Qubes

If you are using a Qubes Template (kicksecure-17), run. [2] [3]

http_proxy=http://127.0.0.1:8082 https_proxy=http://127.0.0.1:8082 scurl https://deb.loki.network/pub.gpg --output loki.gpg

B. Display the key's fingerprint.

Optional for better security. If you are interested, click on Expand on the right.

[4]

gpg --keyid-format long --import --import-options show-only --with-fingerprint loki.gpg

Verify the output.

  • Digital signatures are a tool enhancing download security. They are commonly used across the internet and nothing special to worry about.
  • Optional, not required: Digital signatures are optional and not mandatory for using Kicksecure, but an extra security measure for advanced users. If you've never used them before, it might be overwhelming to look into them at this stage. Just ignore them for now.
  • Learn more: Curious? If you are interested in becoming more familiar with advanced computer security concepts, you can learn more about digital signatures here digital software signatures.

The most important check is confirming the key fingerprint exactly matches the output below. [5]

Key fingerprint = 6636 1D8E 3C96 E41C 6DCB 7051 C499 2CE7 A88D 4262 [6]

Warning:

Do not continue if the fingerprint does not match -- this risks using infected or erroneous files! The whole point of verification is to confirm file integrity.

C. Copy the signing key to the APT keyring folder. [7]

sudo cp loki.gpg /usr/share/keyrings/loki.gpg

2. Add the Session third-party APT repository. [8]

echo 'deb [signed-by=/usr/share/keyrings/loki.gpg] tor+https://deb.loki.network bookworm main' | sudo tee /etc/apt/sources.list.d/loki.list

3. Install Session.

Install package(s) session-desktop following these instructions

1 Platform specific notice.

2 Update the package lists and upgrade the system.

sudo apt update && sudo apt full-upgrade

3 Install the session-desktop package(s).

Using apt command line --no-install-recommends option is in most cases optional.

sudo apt install --no-install-recommends session-desktop

4 Platform specific notice.

  • Kicksecure: No special notice.
  • Kicksecure-Qubes: Shut down Template and restart App Qubes based on it as per Qubes Template Modification.

5 Done.

The procedure of installing package(s) session-desktop is complete.

4. Done.

The process of installing Session is complete.

5. Note.

  • Kicksecure: No extra steps required.
  • Kicksecure-Qubes: Shutdown kicksecure-17 Template. Restart Kicksecure (kicksecure App Qube).

Usage[edit]

session-desktop

Footnotes[edit]

  1. https://github.com/oxen-io/session-desktop/issues/1397#issuecomment-754945698archive.org iconarchive.today icon
  2. Using Qubes UpdatesProxy (http://127.0.0.1:8082/archive.org iconarchive.today icon) because Qubes Templates are non-networked by Qubes default and therefore require UpdatesProxy for connectivity. (APT in Qubes Templates is configured to use UpdatesProxy by Qubes default.)
  3. Even more secure would be to download the key Disposable and then qvm-copyarchive.org iconarchive.today icon it to the Qubes Template because this would avoid curl's attack surface but this would also result in even more complicated instructions.
  4. Even more secure would be to display the key in another Disposable because this would protect the Template from curl's and gpg's attack surface but this would also result in even more complicated instructions.
  5. Minor changes in the output such as new uids (email addresses) or newer expiration dates are inconsequential.
  6. publish OpenPGP / gpg fingerprint of APT signing key #2309archive.org iconarchive.today icon gpg fingerprint of APT signing key has finally been published by KeeJefarchive.org iconarchive.today icon
    6636 1D8E 3C96 E41C 6DCB  7051 C499 2CE7 A88D 4262
    
  7. https://forums.whonix.org/t/apt-repository-signing-keys-per-apt-sources-list-signed-by/12302archive.org iconarchive.today icon
  8. See this for a comment why tor+ is useful even inside Kicksecure.

Documentation Previous page: Signal Index page: Documentation Next page: Printing and Scanning

Notification image

We believe security software like Kicksecure needs to remain Open Source and independent. Would you help sustain and grow the project? Learn more about our 13 year success story and maybe DONATE!