Opensource encrypted bulletin board
Ruby TypeScript HTML JavaScript CSS
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
angular
app
bin
config
db/migrate
docs
lib
spec
.gitignore
.rspec
.travis.yml
Gemfile
Gemfile.lock
MIT-LICENSE
README.md
Rakefile
unsakini.gemspec

README.md

Build Status

UNSAKINI

Created by and for online activists, information security enthusiasts and government surveillance evaders.

Unsakini is an open source encrypted bulletin board created with the aim of evading global information surveillance and spying, preventing data leaks and promoting information confidentiality and integrity.

Features:

  • encrypted discussions boards
  • encrypted chat
  • encrypted file uploads

How it Works

Upon using the system, you'll be asked to provide your private key. This key is used to encrypt your data before they are sent to the server. The key is stored in your computer and is never sent to the server.

Hackers, surveillance and spy softwares and even the server host cannot read your data, unless they are able to obtain your private key. Your private key is deleted from your computer everytime you logout to ensure no one can obtain it while you're away.

To increase the security, your data is re-encrypted in the backend before being saved to the database, which adds a second layer of protection.

So to access your data, the hacker needs to know two things - (1) your private key and (2) the server encryption key. That is, if they are able to bypass the server security and gets access to the database. Even so, they won't be able to read the data without these two elements.

The data is ecnrypted using Advanced Encryption System (AES), the most widely used and trusted encryption algorithm.


System Requirements

  • Ruby >= 2.2.2
  • Rails >= 5.0
  • Bunlder gem

Installation

Unsakini is composed of 2 parts, the API and the client. The easiest way to get up and running Unsakini is to download the preconfigured client that uses an existing API.

The preconfigured client is in the ./angular/bundled directory of this repo. Just download this repository and extract those files. These are plain html, css and js files which can be uploaded to any kind of server.

You can even run it locally if you know how to setup a local http server. If you're on windows, take a look at XAMPP.

See the documentation for more installation options.


Encryption Specifications

  • server
    • Algorithm = AES
    • Mode = CBC
    • Key Size = 256
    • *Others = autogenerated, random
  • client
    • Algorithm = AES
    • Mode = CBC
    • Padding = Pkcs7
    • Key Derivation Function = PBKDF2
    • Key Size = 256
    • Initialization Vector Size = 128
    • PBKDF2 iterations = 500

Security

If you find any security flaws, please don't write a github issue. Email me instead at pitogo.adones@gmail.com so we can fix it before the public knows.

Author

Adones Pitogo

License

Released under the terms of MIT License.