# Getting started {% hint style="warning" %} It is highly recommended to fully read this page, before reading any other page. This page will provide you with the overview and structure of all software and hardware and let you take essential steps you need to consider before touching the other pages. {% endhint %} ## Architecture ![General overview](https://1957962940-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MWEjxvYparZinAu2pan%2Fuploads%2FeGeGaQaOjWyv0JcADZBd%2Fddddddsss-Page-2.drawio.png?alt=media\&token=814e1c67-d82c-41d1-b216-9490f9cf45c7) The architecture is divided as much as possible into separate key components. It uses Docker to run all the software. Besides the obvious reasons to use Docker, like the practicality of it, it is also useful for jurisdictional requirements. By dockerizing the infrastructure, it is possible to e.g. host the Mosquitto (MQTT) server to which the Crypsis implants communicate in the target country - whilst all other infrastructure is safely kept within your own borders. The sensitive data that is collected is safe, whilst the communication is stealthy in the country of choice. ## PKI Infrastructure ![PKI infrastructure](https://1957962940-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MWEjxvYparZinAu2pan%2F-MWF9toFgmoRikE6WIh9%2F-MWFGd4pRUwWAfoAGuHW%2Fpki-Page-1%20\(1\).png?alt=media\&token=724ee5e1-b3e1-4ce9-8046-b12444ffc5d1) | Software suite | Download link | | -------------- | ------------------------------------- | | easyrsa | | You can install easyrsa and install the required PKI infrastructure as follows: ```bash apt-get install easy-rsa make-cadir cacert cd cacert ./easyrsa init-pki ./easyrsa gen-req mosquitto nopass ./easyrsa sign-req server mosquitto ./easyrsa gen-req apache2 nopass ./easyrsa sign-req server apache2 ./easyrsa gen-req flask nopass ./easyrsa sign-req server flask ./easyrsa gen-req keyvilboard-apt-poc-1 nopass ./easyrsa sign-req client keyvilboard-apt-poc-1 ./easyrsa revoke keyvilboard-apt-poc-1 ./easyrsa gen-crl cp ./pki/crl.pem /var/lib/docker/volumes/serverside_mosquitto-conf/_data/crl.pem ``` Feel free to use other PKI software if wanted, this is intended as an go-to example. {% hint style="danger" %} If you create a new client cert/key pair - you need to copy/update the CRL file and restart the Mosquitto MQTT container. If you don't you **will** have SSL handshake/certificate issues. {% endhint %}