Getting started

Read the following and you'll be able to set up your own CryptoBox within half an hour.

It's pretty straightforward as we're always trying to make things as easy as possible for you.

Step by Step

1. You need:
   • an old computer (remove the dust first)
   • this PC needs a network card and a CD drive
   • a medium to store your files on (e.g. a harddisk)
   • we will call this PC from now on CryptoBox-PC
2. You don't need:
   • a monitor, keyboard and mouse (with one exception, see below).
   • deeper knowledge of cryptography or server administration
3. Download the latest version of the CryptoBox live-CD from CodeCoop. It's an ~100MB iso-image.
   • http://codecoop.org/projects/cryptobox/
4. Burn the iso-image onto a CD.
5. Connect the CryptoBox-PC to your local area network.
6. Configure the CryptoBox-PC, so that it can boot the live-CD. Therefore you may have to enter the BIOS and configure the CD-ROM as boot device.
7. Put the burned CryptoBox live-CD into the CD drive and start the CryptoBox-PC.
8. Now go to your current desktop computer which must be connected to the same network as the CryptoBox-PC is and point your browser to http://192.168.0.23.

Now, if you see a website similar to the screenshots you're ready. :) Congratulations! Otherwise check the last steps again and take a look in the caveats section below.

Follow this link for further user documentation. There you'll find a detailed desription, how to work with the CryptoBox.

Some sites of your brand new CryptoBox require an administrative password. The default is admin as username _and_ as password. For your own sake change this as soon as possible (under "Preferences" -> "Users").

Hints

• The CryptoBox has an integrated help system. Enable it by clicking on the top-right help icon. It displays some useful tips. You can disable it again, as soon as you know how things work.
• The CryptoBox-PC should at least have a 200MHz CPU and 64MB RAM (rule of thumb: bought after 1997)
• Every modern PC system should work as a CryptoBox-PC. Try to get one with low energy consumption, there is not much CPU performance necessary.
• The data storage media can be an internal harddisk or any external drive.
• You can change external drives while the CryptoBox-PC is running or even leave it running without a connected drive at all.
• The "drive" may also be a USB-stick, firewire-disk, flash-drive, MMC/SD-card, MP3-player or a digital camera.
• If you are going to buy a new harddisk and are using a very, very old PC as CryptoBox, please keep in mind that it probably cannot handle current disk sizes!

Caveats

• Some old PCs are not able to boot from CD drives. In this case you cannot use it as CryptoBox.
• If you want to change the default boot device but don't know what a BIOS is, ask somebody for help! It doesn't hurt. ;)
• To configure the BIOS, you need a keyboard and a monitor. But this has to be done only once.
• Don't forget to connect your PC to your local area network! Also don't forget to connect your desktop computer to the same network, if it isn't yet.
• Make sure your desktop computer has a 192.168.0.x IP address (at least for the first configuration). If this says nothing to you, again ask somebody for help!
• If you're unsure about the network, you can also try to connect the CryptoBox-PC and your desktop computer directly with a crossover network cable.

---

Move on to further user documentation.

Or go back to user documentation overview.

---

Comments

Make sure your desktop computer has a 192.168.0.x IP address…

[anonymous poster]

Make sure your desktop computer has a 192.168.0.x IP address (at least for the first configuration). If this says nothing to you, again ask somebody for help!

This DOES say something to me! It says that I'm supposed to shut down my network and re-configure to conform with your arbitrary choice of IP numbers.

Just how hard would it be to add an entry to accommodate those of us who do not choose YOUR IP number range?

Like those of us in:

• 10.0.0.0 - 10.255.255.255
• 172.16.0.0 - 172.31.255.255
• 192.168.0.0 - 192.168.255.255

Reply from Lars

Thanks for your comment!

Anyway I am not sure, if I understand you right: Of course, we can change the network setting of the cryptobox to a netmask of 0.0.0.0 (that means: receive and transmit packages to/from every possible network address within the directly connected network). But the problem in this setup arises on the client side: your desktop computer surely has a netmask of 255.255.255.0. Thus your computer would not know, where to send the packages, if the IP address of the cryptobox is not inside of its network address range.

Only one solution for this problem, that could be solved solely within the network setup of the cryptobox comes to my mind: add alias IP addresses for all local network IP ranges to the network interface of the cryptobox. But this would sum up to more than 100k IP addresses (2^{8 for 192.168.x.y / 2}16 for 172.[16-32].x.y / 2^{16 for 10.x.y.z). I don't think, that this would be feasible.}

Or maybe I misunderstood your suggestion? I would appreciate your ideas!

No need to reconfigure your networks

If you have a network set up differently from 192.168.0.0/24 then you have to configure *one* admin PC *temporarily* to a 192.168.0.x ( with x! 23) address - for the first setup only. When configuring the CryptoBox, change the CryptoBox' address to one more convenient, save config, reboot, and you can configure your temporary admin PC back to its standard IP.

anonymous comment - 2008-02-17

The first commenter is right. Say you're behind a 192.168.2.xx router. It won't matter what netmasks you use, it ain't gonna work until either the CBox or the whole network is changed.

FreeNAS has this same problem. It SAYS that you have an option to change the IP number, but it reverts back to the default on reboot. At least it allows you to manually edit the /cf/conf/config.xml file. This is not possible in a live disk environment, so I guess that ends my look at CryptoNAS.

Some of us are not on your choice of IP#'s.

reply from Lars - 2008-02-17

thanks for your feedback!

I guess, I do not understand your problem: just configure an IP of your choice for the CryptoNAS server via the web interface. This setting will be stored on a small configuration partition on the harddisk (it is created automatically during initialization).

Doesn't that solve your problem? Otherwise please give us more details!

thanks!

========== How difficult would it be to set the default configuration as DHCP instead of static? I'll bet it's safe to say DHCP is pretty prevalent for router configurations nowadays... I think that would also be easier for other network setups to "temporarily reconfigure" for. Just turn DHCP quickly if it's not already on, then renew IP's and boom! everybody's talking... Just my .0000001c worth.

Don Hancock

reply from Frisco - 2008-11-20

Thanks for your feedback! This shouldn't be especially difficult from a "source code delta" point of view. In fact, most of my development builds (in the tree that will become CryptoNAS 0.4; it's admittedly a hack) use DHCP. I think one reason for not making this the default might be related to security, or it could be that some consumer broadband routers don't make the IP assignments "stable".

A DHCP option may make it into CryptoNAS eventually, or you're certainly welcome to submit a patch. I'm working on some other bug fixes, too, including correct English translations on a few remaining screens (in SVN already).

reply from Danyael X - 2009-05-04

Why not add RADUIS and LDAP? And why not have an n/curses interface over SSH instead of crappy unsecure HTTP? From what I can see only the login in is in HTTPS the rest is in HTTP. That is not very secure.

reply from Frisco - 2009-05-20

For a lot of features like this, the answer is, "we aren't there yet." A DAV file sharing interface could be integrated with the rest of the Live CD in the foreseeable future, which would make it possible to encrypt the file-sharing traffic itself. You could also install the server package on a Debian system and set up a more secure solution (VPN server, firewall, entering passphrases using a TEMPEST keyboard, etc.) yourself. Also, CryptoNAS is maintained by volunteers, and useful, well-coded patches and bug fixes are always welcome ;)