Getting started

It is highly recommended to fully read this page, before reading any other page. This page will provide you with the overview and structure of all software and hardware and let you take essential steps you need to consider before touching the other pages.

Architecture

General overview

The architecture is divided as much as possible into separate key components. It uses Docker to run all the software. Besides the obvious reasons to use Docker, like the practicality of it, it is also useful for jurisdictional requirements.

By dockerizing the infrastructure, it is possible to e.g. host the Mosquitto (MQTT) server to which the Crypsis implants communicate in the target country - whilst all other infrastructure is safely kept within your own borders. The sensitive data that is collected is safe, whilst the communication is stealthy in the country of choice.

PKI Infrastructure

PKI infrastructure

Software suite	Download link
easyrsa	https://github.com/OpenVPN/easy-rsa

You can install easyrsa and install the required PKI infrastructure as follows:

apt-get install easy-rsa

make-cadir cacert
cd cacert

./easyrsa init-pki

./easyrsa gen-req mosquitto nopass
./easyrsa sign-req server mosquitto

./easyrsa gen-req apache2 nopass
./easyrsa sign-req server apache2

./easyrsa gen-req flask nopass
./easyrsa sign-req server flask

./easyrsa gen-req keyvilboard-apt-poc-1 nopass
./easyrsa sign-req client keyvilboard-apt-poc-1


./easyrsa revoke keyvilboard-apt-poc-1
./easyrsa gen-crl
cp ./pki/crl.pem /var/lib/docker/volumes/serverside_mosquitto-conf/_data/crl.pem

Feel free to use other PKI software if wanted, this is intended as an go-to example.

If you create a new client cert/key pair - you need to copy/update the CRL file and restart the Mosquitto MQTT container. If you don't you will have SSL handshake/certificate issues.