UNSAKINI
Created by and for online activists, information security enthusiasts and government surveillance evaders.
Unsakini is an open source encrypted bulletin board created with the aim of evading global information surveillance and spying, preventing data leaks and promoting information confidentiality and integrity.
Features:
- encrypted discussions boards
- encrypted chat
- encrypted file uploads
How it Works
Upon using the system, you'll be asked to provide your private key. This key is used to encrypt your data before they are sent to the server. The key is stored in your computer and is never sent to the server.
Hackers, surveillance and spy softwares and even the server host cannot read your data, unless they are able to obtain your private key. Your private key is deleted from your computer everytime you logout to ensure no one can obtain it while you're away.
To increase the security, your data is re-encrypted in the backend before being saved to the database, which adds a second layer of protection.
So to access your data, the hacker needs to know two things - (1) your private key and (2) the server encryption key. That is, if they are able to bypass the server security and gets access to the database. Even so, they won't be able to read the data without these two elements.
The data is ecnrypted using Advanced Encryption System (AES), the most widely used and trusted encryption algorithm.
System Requirements
- Ruby >= 2.2.2
- Rails >= 5.0
- Bunlder gem
Installation
Unsakini is composed of 2 parts, the API and the client. The easiest way to get up and running Unsakini is to download the preconfigured client that uses an existing API.
The preconfigured client is in the ./angular/bundled
directory of this repo. Just download this repository and extract those files. These are plain html, css and js files which can be uploaded to any kind of server.
You can even run it locally if you know how to setup a local http server. If you're on windows, take a look at XAMPP.
See the documentation for more installation options.
Encryption Specifications
- server
- Algorithm =
AES
- Mode =
CBC
- Key Size =
256
- *Others = autogenerated, random
- Algorithm =
- client
- Algorithm =
AES
- Mode =
CBC
- Padding =
Pkcs7
- Key Derivation Function =
PBKDF2
- Key Size =
256
- Initialization Vector Size =
128
- PBKDF2 iterations =
500
- Algorithm =
Security
If you find any security flaws, please don't write a github issue. Email me instead at pitogo.adones@gmail.com so we can fix it before the public knows.
Author
License
Released under the terms of MIT License.