Use Session Session Private Messenger Chat with Kicksecure ™

From Kicksecure
Jump to navigation Jump to search

Session Private Messenger Logo

Introduction[edit]

Ambox warning pn.svg.png Documentation for this is incomplete. Contributions are happily considered! See this for potential alternatives.

Session Private Messenger Security[edit]

Install the Session Desktop Client[edit]

warning Security warning: Adding a third party repository allows the vendor to replace any package on your system. Proceed at your own risk! See Foreign Sources for further information. For greater safety, users adding third party repositories should always use Multiple Kicksecure ™ to compartmentalize VMs with additional software.

1. Add the Session GPG key to the APT keyrings. [1]

Securely download the key.

If you are using Kicksecure ™ (kicksecure), run.

scurl https://deb.loki.network/pub.gpg --output loki.gpg

If you are using a Qubes Template (kicksecure-16), run. [2] [3]

scurl --proxy http://127.0.0.1:8082/ https://deb.loki.network/pub.gpg --output loki.gpg

Display the key's fingerprint. [4]

gpg --keyid-format long --import --import-options show-only --with-fingerprint loki.gpg

Verify the output.

notice Digital signatures can increase security but this requires knowledge. Learn more about digital software signature verification.

The most important check is confirming the key fingerprint exactly matches the output below. [5]

Key fingerprint = TODO [6]

Ambox warning pn.svg.png Warning:

Do not continue if the fingerprint does not match -- this risks using infected or erroneous files! The whole point of verification is to confirm file integrity.

Copy the signing key to the APT keyring folder. [7]

sudo cp loki.gpg /usr/share/keyrings/loki.gpg

2. Add the Session third-party APT repository. [8]

echo 'deb [signed-by=/usr/share/keyrings/loki.gpg] tor+https://deb.loki.network bullseye main' | sudo tee /etc/apt/sources.list.d/loki.list

3. Install Session.

Install session-desktop. To accomplish that, the following steps A. to D. need to be done.

A. Update the package lists.

sudo apt update

B. Upgrade the system.

sudo apt full-upgrade

C. Install the session-desktop package.

Using apt command line parameter --no-install-recommends is in most cases optional.

sudo apt install --no-install-recommends session-desktop

D. Done.

The procedure of installing session-desktop is complete.

4. Done.

The process of installing Session is complete.

5. Note.

  • Kicksecure ™: No extra steps required.
  • Kicksecure ™ for Qubes: Shutdown kicksecure-16 Template. Restart Kicksecure ™ (kicksecure App Qube).

Usage[edit]

session-desktop

Footnotes[edit]

  1. https://github.com/oxen-io/session-desktop/issues/1397#issuecomment-754945698
  2. Using Qubes UpdatesProxy (--proxy http://127.0.0.1:8082/) because Qubes Templates are non-networked by Qubes default and therefore require UpdatesProxy for connectivity. (APT in Qubes Templates is configured to use UpdatesProxy by Qubes default.)
  3. Even more secure would be to download the key Disposable and then qvm-copy it to the Qubes Template because this would avoid curl's attack surface but this would also result in even more complicated instructions.
  4. Even more secure would be to display the key in another Disposable because this would protect the Template from curl's and gpg's attack surface but this would also result in even more complicated instructions.
  5. Minor changes in the output such as new uids (email addresses) or newer expiration dates are inconsequential.
  6. publish OpenPGP / gpg fingerprint of APT signing key #2309
    6636 1D8E 3C96 E41C 6DCB  7051 C499 2CE7 A88D 4262
    
  7. https://forums.whonix.org/t/apt-repository-signing-keys-per-apt-sources-list-signed-by/12302
  8. See this for a comment why tor+ is useful even inside Kicksecure ™.


Unfinished: This wiki is a work in progress. Please do not report broken links until this notice is removed, use Search Engines First and contribute improving this wiki.