diff options
author | lurchi <lurchi@strangeplace.net> | 2018-06-28 01:29:14 +0200 |
---|---|---|
committer | lurchi <lurchi@strangeplace.net> | 2018-06-28 01:32:10 +0200 |
commit | 7540ebcd02d9bfe0a690689a1f57952eda5b5c81 (patch) | |
tree | 4f7444bb5e86adb40dfb2003bc6ba0242f5ec587 /doc/documentation | |
parent | fbf7f994ac4a5a509857c9bd267909d1cffc600c (diff) | |
parent | b5b8184a326352877d97be10ef3812dd760e5d2f (diff) | |
download | gnunet-7540ebcd02d9bfe0a690689a1f57952eda5b5c81.tar.gz gnunet-7540ebcd02d9bfe0a690689a1f57952eda5b5c81.zip |
Merge branch 'master' of https://gnunet.org/git/gnunet
Diffstat (limited to 'doc/documentation')
-rw-r--r-- | doc/documentation/chapters/keyconcepts.texi | 308 | ||||
-rw-r--r-- | doc/documentation/chapters/philosophy.texi | 446 | ||||
-rw-r--r-- | doc/documentation/chapters/user.texi | 828 | ||||
-rw-r--r-- | doc/documentation/gnunet.texi | 24 |
4 files changed, 785 insertions, 821 deletions
diff --git a/doc/documentation/chapters/keyconcepts.texi b/doc/documentation/chapters/keyconcepts.texi new file mode 100644 index 000000000..55f79f1c7 --- /dev/null +++ b/doc/documentation/chapters/keyconcepts.texi | |||
@@ -0,0 +1,308 @@ | |||
1 | |||
2 | @cindex Key Concepts | ||
3 | @node Key Concepts | ||
4 | @chapter Key Concepts | ||
5 | |||
6 | In this section, the fundamental concepts of GNUnet are explained. | ||
7 | @c FIXME: Use @uref{https://docs.gnunet.org/bib/, research papers} | ||
8 | @c once we have the new bibliography + subdomain setup. | ||
9 | Most of them are also described in our research papers. | ||
10 | First, some of the concepts used in the GNUnet framework are detailed. | ||
11 | The second part describes concepts specific to anonymous file-sharing. | ||
12 | |||
13 | @menu | ||
14 | * Authentication:: | ||
15 | * Accounting to Encourage Resource Sharing:: | ||
16 | * Confidentiality:: | ||
17 | * Anonymity:: | ||
18 | * Deniability:: | ||
19 | * Peer Identities:: | ||
20 | * Zones in the GNU Name System (GNS Zones):: | ||
21 | * Egos:: | ||
22 | @end menu | ||
23 | |||
24 | @cindex Authentication | ||
25 | @node Authentication | ||
26 | @section Authentication | ||
27 | |||
28 | Almost all peer-to-peer communications in GNUnet are between mutually | ||
29 | authenticated peers. The authentication works by using ECDHE, that is a | ||
30 | DH (Diffie---Hellman) key exchange using ephemeral elliptic curve | ||
31 | cryptography. The ephemeral ECC (Elliptic Curve Cryptography) keys are | ||
32 | signed using ECDSA (@uref{http://en.wikipedia.org/wiki/ECDSA, ECDSA}). | ||
33 | The shared secret from ECDHE is used to create a pair of session keys | ||
34 | @c FIXME: Long word for HKDF. More FIXMEs: Explain MITM etc. | ||
35 | (using HKDF) which are then used to encrypt the communication between the | ||
36 | two peers using both 256-bit AES (Advanced Encryption Standard) | ||
37 | and 256-bit Twofish (with independently derived secret keys). | ||
38 | As only the two participating hosts know the shared secret, this | ||
39 | authenticates each packet | ||
40 | without requiring signatures each time. GNUnet uses SHA-512 | ||
41 | (Secure Hash Algorithm) hash codes to verify the integrity of messages. | ||
42 | |||
43 | @c FIXME: A while back I got the feedback that I should try and integrate | ||
44 | @c explanation boxes in the long-run. So we could explain | ||
45 | @c "man-in-the-middle" and "man-in-the-middle attacks" and other words | ||
46 | @c which are not common knowledge. MITM is not common knowledge. To be | ||
47 | @c selfcontained, we should be able to explain words and concepts used in | ||
48 | @c a chapter or paragraph without hinting at Wikipedia and other online | ||
49 | @c sources which might not be available or accessible to everyone. | ||
50 | @c On the other hand we could write an introductionary chapter or book | ||
51 | @c that we could then reference in each chapter, which sound like it | ||
52 | @c could be more reusable. | ||
53 | In GNUnet, the identity of a host is its public key. For that reason, | ||
54 | man-in-the-middle attacks will not break the authentication or accounting | ||
55 | goals. Essentially, for GNUnet, the IP of the host has nothing to do with | ||
56 | the identity of the host. As the public key is the only thing that truly | ||
57 | matters, faking an IP, a port or any other property of the underlying | ||
58 | transport protocol is irrelevant. In fact, GNUnet peers can use | ||
59 | multiple IPs (IPv4 and IPv6) on multiple ports --- or even not use the | ||
60 | IP protocol at all (by running directly on layer 2). | ||
61 | @c FIXME: "IP protocol" feels wrong, but could be what people expect, as | ||
62 | @c IP is "the number" and "IP protocol" the protocol itself in general | ||
63 | @c knowledge? | ||
64 | |||
65 | @c NOTE: For consistency we will use @code{HELLO}s throughout this Manual. | ||
66 | GNUnet uses a special type of message to communicate a binding between | ||
67 | public (ECC) keys to their current network address. These messages are | ||
68 | commonly called @code{HELLO}s or @code{peer advertisements}. | ||
69 | They contain the public key of the peer and its current network | ||
70 | addresses for various transport services. | ||
71 | A transport service is a special kind of shared library that | ||
72 | provides (possibly unreliable, out-of-order) message delivery between | ||
73 | peers. | ||
74 | For the UDP and TCP transport services, a network address is an IP and a | ||
75 | port. | ||
76 | GNUnet can also use other transports (HTTP, HTTPS, WLAN, etc.) which use | ||
77 | various other forms of addresses. Note that any node can have many | ||
78 | different active transport services at the same time, | ||
79 | and each of these can have a different addresses. | ||
80 | Binding messages expire after at most a week (the timeout can be | ||
81 | shorter if the user configures the node appropriately). | ||
82 | This expiration ensures that the network will eventually get rid of | ||
83 | outdated advertisements. | ||
84 | @footnote{Ronaldo A. Ferreira, Christian Grothoff, and Paul Ruth. | ||
85 | A Transport Layer Abstraction for Peer-to-Peer Networks | ||
86 | Proceedings of the 3rd International Symposium on Cluster Computing | ||
87 | and the Grid (GRID 2003), 2003. | ||
88 | (@uref{https://gnunet.org/git/bibliography.git/plain/docs/transport.pdf, https://gnunet.org/git/bibliography.git/plain/docs/transport.pdf})} | ||
89 | |||
90 | @cindex Accounting to Encourage Resource Sharing | ||
91 | @node Accounting to Encourage Resource Sharing | ||
92 | @section Accounting to Encourage Resource Sharing | ||
93 | |||
94 | Most distributed P2P networks suffer from a lack of defenses or | ||
95 | precautions against attacks in the form of freeloading. | ||
96 | While the intentions of an attacker and a freeloader are different, their | ||
97 | effect on the network is the same; they both render it useless. | ||
98 | Most simple attacks on networks such as @command{Gnutella} | ||
99 | involve flooding the network with traffic, particularly | ||
100 | with queries that are, in the worst case, multiplied by the network. | ||
101 | |||
102 | In order to ensure that freeloaders or attackers have a minimal impact | ||
103 | on the network, GNUnet's file-sharing implementation (@code{FS} tries | ||
104 | to distinguish good (contributing) nodes from malicious (freeloading) | ||
105 | nodes. In GNUnet, every file-sharing node keeps track of the behavior | ||
106 | of every other node it has been in contact with. Many requests | ||
107 | (depending on the application) are transmitted with a priority (or | ||
108 | importance) level. That priority is used to establish how important | ||
109 | the sender believes this request is. If a peer responds to an | ||
110 | important request, the recipient will increase its trust in the | ||
111 | responder: the responder contributed resources. If a peer is too busy | ||
112 | to answer all requests, it needs to prioritize. For that, peers do | ||
113 | not take the priorities of the requests received at face value. | ||
114 | First, they check how much they trust the sender, and depending on | ||
115 | that amount of trust they assign the request a (possibly lower) | ||
116 | effective priority. Then, they drop the requests with the lowest | ||
117 | effective priority to satisfy their resource constraints. This way, | ||
118 | GNUnet's economic model ensures that nodes that are not currently | ||
119 | considered to have a surplus in contributions will not be served if | ||
120 | the network load is high. | ||
121 | @footnote{Christian Grothoff. An Excess-Based Economic Model for Resource | ||
122 | Allocation in Peer-to-Peer Networks. Wirtschaftsinformatik, June 2003. | ||
123 | (@uref{https://gnunet.org/git/bibliography.git/plain/docs/ebe.pdf, https://gnunet.org/git/bibliography.git/plain/docs/ebe.pdf})} | ||
124 | @c 2009? | ||
125 | |||
126 | @cindex Confidentiality | ||
127 | @node Confidentiality | ||
128 | @section Confidentiality | ||
129 | |||
130 | Adversaries (malicious, bad actors) outside of GNUnet are not supposed | ||
131 | to know what kind of actions a peer is involved in. Only the specific | ||
132 | neighbor of a peer that is the corresponding sender or recipient of a | ||
133 | message may know its contents, and even then application protocols may | ||
134 | place further restrictions on that knowledge. In order to ensure | ||
135 | confidentiality, GNUnet uses link encryption, that is each message | ||
136 | exchanged between two peers is encrypted using a pair of keys only | ||
137 | known to these two peers. Encrypting traffic like this makes any kind | ||
138 | of traffic analysis much harder. Naturally, for some applications, it | ||
139 | may still be desirable if even neighbors cannot determine the concrete | ||
140 | contents of a message. In GNUnet, this problem is addressed by the | ||
141 | specific application-level protocols. See for example the following | ||
142 | sections @pxref{Anonymity}, @pxref{How file-sharing achieves Anonymity}, | ||
143 | and @pxref{Deniability}. | ||
144 | |||
145 | @cindex Anonymity | ||
146 | @node Anonymity | ||
147 | @section Anonymity | ||
148 | |||
149 | @menu | ||
150 | * How file-sharing achieves Anonymity:: | ||
151 | @end menu | ||
152 | |||
153 | Providing anonymity for users is the central goal for the anonymous | ||
154 | file-sharing application. Many other design decisions follow in the | ||
155 | footsteps of this requirement. | ||
156 | Anonymity is never absolute. While there are various | ||
157 | scientific metrics@footnote{Claudia Díaz, Stefaan Seys, Joris Claessens, | ||
158 | and Bart Preneel. Towards measuring anonymity. | ||
159 | 2002. | ||
160 | (@uref{https://gnunet.org/git/bibliography.git/plain/docs/article-89.pdf, https://gnunet.org/git/bibliography.git/plain/docs/article-89.pdf})} | ||
161 | that can help quantify the level of anonymity that a given mechanism | ||
162 | provides, there is no such thing as "complete anonymity". | ||
163 | GNUnet's file-sharing implementation allows users to select for each | ||
164 | operation (publish, search, download) the desired level of anonymity. | ||
165 | The metric used is the amount of cover traffic available to hide the | ||
166 | request. | ||
167 | While this metric is not as good as, for example, the theoretical metric | ||
168 | given in scientific metrics@footnote{likewise}, | ||
169 | it is probably the best metric available to a peer with a purely local | ||
170 | view of the world that does not rely on unreliable external information. | ||
171 | The default anonymity level is @code{1}, which uses anonymous routing but | ||
172 | imposes no minimal requirements on cover traffic. It is possible | ||
173 | to forego anonymity when this is not required. The anonymity level of | ||
174 | @code{0} allows GNUnet to use more efficient, non-anonymous routing. | ||
175 | |||
176 | @cindex How file-sharing achieves Anonymity | ||
177 | @node How file-sharing achieves Anonymity | ||
178 | @subsection How file-sharing achieves Anonymity | ||
179 | |||
180 | Contrary to other designs, we do not believe that users achieve strong | ||
181 | anonymity just because their requests are obfuscated by a couple of | ||
182 | indirections. This is not sufficient if the adversary uses traffic | ||
183 | analysis. | ||
184 | The threat model used for anonymous file sharing in GNUnet assumes that | ||
185 | the adversary is quite powerful. | ||
186 | In particular, we assume that the adversary can see all the traffic on | ||
187 | the Internet. And while we assume that the adversary | ||
188 | can not break our encryption, we assume that the adversary has many | ||
189 | participating nodes in the network and that it can thus see many of the | ||
190 | node-to-node interactions since it controls some of the nodes. | ||
191 | |||
192 | The system tries to achieve anonymity based on the idea that users can be | ||
193 | anonymous if they can hide their actions in the traffic created by other | ||
194 | users. | ||
195 | Hiding actions in the traffic of other users requires participating in the | ||
196 | traffic, bringing back the traditional technique of using indirection and | ||
197 | source rewriting. Source rewriting is required to gain anonymity since | ||
198 | otherwise an adversary could tell if a message originated from a host by | ||
199 | looking at the source address. If all packets look like they originate | ||
200 | from one node, the adversary can not tell which ones originate from that | ||
201 | node and which ones were routed. | ||
202 | Note that in this mindset, any node can decide to break the | ||
203 | source-rewriting paradigm without violating the protocol, as this | ||
204 | only reduces the amount of traffic that a node can hide its own traffic | ||
205 | in. | ||
206 | |||
207 | If we want to hide our actions in the traffic of other nodes, we must make | ||
208 | our traffic indistinguishable from the traffic that we route for others. | ||
209 | As our queries must have us as the receiver of the reply | ||
210 | (otherwise they would be useless), we must put ourselves as the receiver | ||
211 | of replies that actually go to other hosts; in other words, we must | ||
212 | indirect replies. | ||
213 | Unlike other systems, in anonymous file-sharing as implemented on top of | ||
214 | GNUnet we do not have to indirect the replies if we don't think we need | ||
215 | more traffic to hide our own actions. | ||
216 | |||
217 | This increases the efficiency of the network as we can indirect less under | ||
218 | higher load.@footnote{Krista Bennett and Christian Grothoff. | ||
219 | GAP --- practical anonymous networking. In Proceedings of | ||
220 | Designing Privacy Enhancing Technologies, 2003. | ||
221 | (@uref{https://gnunet.org/git/bibliography.git/plain/docs/aff.pdf, https://gnunet.org/git/bibliography.git/plain/docs/aff.pdf})} | ||
222 | |||
223 | @cindex Deniability | ||
224 | @node Deniability | ||
225 | @section Deniability | ||
226 | |||
227 | Even if the user that downloads data and the server that provides data are | ||
228 | anonymous, the intermediaries may still be targets. In particular, if the | ||
229 | intermediaries can find out which queries or which content they are | ||
230 | processing, a strong adversary could try to force them to censor | ||
231 | certain materials. | ||
232 | |||
233 | With the file-encoding used by GNUnet's anonymous file-sharing, this | ||
234 | problem does not arise. | ||
235 | The reason is that queries and replies are transmitted in | ||
236 | an encrypted format such that intermediaries cannot tell what the query | ||
237 | is for or what the content is about. Mind that this is not the same | ||
238 | encryption as the link-encryption between the nodes. GNUnet has | ||
239 | encryption on the network layer (link encryption, confidentiality, | ||
240 | authentication) and again on the application layer (provided | ||
241 | by @command{gnunet-publish}, @command{gnunet-download}, | ||
242 | @command{gnunet-search} and @command{gnunet-gtk}). | ||
243 | @footnote{Christian Grothoff, Krista Grothoff, Tzvetan Horozov, | ||
244 | and Jussi T. Lindgren. | ||
245 | An Encoding for Censorship-Resistant Sharing. | ||
246 | 2009. | ||
247 | (@uref{https://gnunet.org/git/bibliography.git/plain/docs/ecrs.pdf, https://gnunet.org/git/bibliography.git/plain/docs/ecrs.pdf})} | ||
248 | |||
249 | @cindex Peer Identities | ||
250 | @node Peer Identities | ||
251 | @section Peer Identities | ||
252 | |||
253 | Peer identities are used to identify peers in the network and are unique | ||
254 | for each peer. The identity for a peer is simply its public key, which is | ||
255 | generated along with a private key the peer is started for the first time. | ||
256 | While the identity is binary data, it is often expressed as ASCII string. | ||
257 | For example, the following is a peer identity as you might see it in | ||
258 | various places: | ||
259 | |||
260 | @example | ||
261 | UAT1S6PMPITLBKSJ2DGV341JI6KF7B66AC4JVCN9811NNEGQLUN0 | ||
262 | @end example | ||
263 | |||
264 | @noindent | ||
265 | You can find your peer identity by running @command{gnunet-peerinfo -s}. | ||
266 | |||
267 | @cindex Zones in the GNU Name System (GNS Zones) | ||
268 | @node Zones in the GNU Name System (GNS Zones) | ||
269 | @section Zones in the GNU Name System (GNS Zones) | ||
270 | |||
271 | @c FIXME: Explain or link to an explanation of the concept of public keys | ||
272 | @c and private keys. | ||
273 | @c FIXME: Rewrite for the latest GNS changes. | ||
274 | GNS@footnote{Matthias Wachs, Martin Schanzenbach, and Christian Grothoff. | ||
275 | A Censorship-Resistant, Privacy-Enhancing and Fully Decentralized Name | ||
276 | System. In proceedings of 13th International Conference on Cryptology and | ||
277 | Network Security (CANS 2014). 2014. | ||
278 | @uref{https://gnunet.org/git/bibliography.git/plain/docs/gns2014wachs.pdf, https://gnunet.org/git/bibliography.git/plain/docs/gns2014wachs.pdf}} | ||
279 | zones are similar to those of DNS zones, but instead of a hierarchy of | ||
280 | authorities to governing their use, GNS zones are controlled by a private | ||
281 | key. | ||
282 | When you create a record in a DNS zone, that information is stored in your | ||
283 | nameserver. Anyone trying to resolve your domain then gets pointed | ||
284 | (hopefully) by the centralised authority to your nameserver. | ||
285 | Whereas GNS, being fully decentralized by design, stores that information | ||
286 | in DHT. The validity of the records is assured cryptographically, by | ||
287 | signing them with the private key of the respective zone. | ||
288 | |||
289 | Anyone trying to resolve records in a zone of your domain can then verify | ||
290 | the signature of the records they get from the DHT and be assured that | ||
291 | they are indeed from the respective zone. | ||
292 | To make this work, there is a 1:1 correspondence between zones and | ||
293 | their public-private key pairs. | ||
294 | So when we talk about the owner of a GNS zone, that's really the owner of | ||
295 | the private key. | ||
296 | And a user accessing a zone needs to somehow specify the corresponding | ||
297 | public key first. | ||
298 | |||
299 | @cindex Egos | ||
300 | @node Egos | ||
301 | @section Egos | ||
302 | |||
303 | @c what is the difference between peer identity and egos? It seems | ||
304 | @c like both are linked to public-private key pair. | ||
305 | Egos are your "identities" in GNUnet. Any user can assume multiple | ||
306 | identities, for example to separate their activities online. Egos can | ||
307 | correspond to "pseudonyms" or "real-world identities". Technically an | ||
308 | ego is first of all a key pair of a public- and private-key. | ||
diff --git a/doc/documentation/chapters/philosophy.texi b/doc/documentation/chapters/philosophy.texi index 72c3476a3..6d80d77ae 100644 --- a/doc/documentation/chapters/philosophy.texi +++ b/doc/documentation/chapters/philosophy.texi | |||
@@ -5,36 +5,28 @@ | |||
5 | @c NOTE: We should probably re-use some of the images lynX created | 5 | @c NOTE: We should probably re-use some of the images lynX created |
6 | @c for secushare, showing some of the relations and functionalities | 6 | @c for secushare, showing some of the relations and functionalities |
7 | @c of GNUnet. | 7 | @c of GNUnet. |
8 | The foremost goal of the GNUnet project is to become a widely used, | 8 | The primary goal of the GNUnet project is to provide a reliable, open, |
9 | reliable, open, non-discriminating, egalitarian, unconstrained and | 9 | non-discriminating and censorship-resistant system for information |
10 | censorship-resistant system of free information exchange. | 10 | exchange. We value free speech above state interests and intellectual |
11 | We value free speech above state secrets, law-enforcement or | 11 | monopoly. GNUnet's long-term goal is to serve as a development |
12 | intellectual monopoly. | 12 | platform for the next generation of Internet protocols. |
13 | GNUnet is supposed to be an anarchistic network, where the only | 13 | |
14 | limitation for participants (devices or people making use of the | 14 | GNUnet is an anarchistic network. Participants are encouraged to |
15 | network, in the following sometimes called peers) is | 15 | contribute at least as much resources (storage, bandwidth) to the network |
16 | that they must contribute enough back to the network such that | 16 | as they consume, so that their participation does not have a negative |
17 | their resource consumption does not have a significant impact | 17 | impact on other users. |
18 | on other users. | ||
19 | GNUnet should be more than just another file-sharing network. | ||
20 | The plan is to offer many other services and in particular | ||
21 | to serve as a development platform for the next generation of | ||
22 | Internet Protocols. | ||
23 | 18 | ||
24 | @menu | 19 | @menu |
25 | * Design Goals:: | 20 | * Design Principles:: |
26 | * Security and Privacy:: | 21 | * Privacy and Anonymity:: |
27 | * Versatility:: | ||
28 | * Practicality:: | 22 | * Practicality:: |
29 | * Key Concepts:: | ||
30 | @end menu | 23 | @end menu |
31 | 24 | ||
32 | @cindex Design Goals | 25 | @cindex Design Principles |
33 | @cindex Design Goals | 26 | @node Design Principles |
34 | @node Design Goals | 27 | @section Design Principles |
35 | @section Design Goals | ||
36 | 28 | ||
37 | These are the core GNUnet design goals, in order of relative importance: | 29 | These are the GNUnet design principles, in order of importance: |
38 | 30 | ||
39 | @itemize | 31 | @itemize |
40 | @item GNUnet must be implemented as | 32 | @item GNUnet must be implemented as |
@@ -44,399 +36,45 @@ These are the core GNUnet design goals, in order of relative importance: | |||
44 | the program, to study and change the program in source code form, | 36 | the program, to study and change the program in source code form, |
45 | to redistribute exact copies, and to distribute modified versions. | 37 | to redistribute exact copies, and to distribute modified versions. |
46 | Refer to @uref{https://www.gnu.org/philosophy/free-sw.html, https://www.gnu.org/philosophy/free-sw.html}} | 38 | Refer to @uref{https://www.gnu.org/philosophy/free-sw.html, https://www.gnu.org/philosophy/free-sw.html}} |
47 | @item GNUnet must only disclose the minimal amount of information | 39 | @item GNUnet must minimize the amount of personally identifiable information exposed. |
48 | necessary. | ||
49 | @c TODO: Explain 'fully' in the terminology section. | 40 | @c TODO: Explain 'fully' in the terminology section. |
50 | @item GNUnet must be fully distributed and survive | 41 | @item GNUnet must be fully distributed and resilient to external attacks and rogue participants. |
51 | @uref{https://en.wikipedia.org/wiki/Byzantine_fault_tolerance, Byzantine failures} | 42 | @item GNUnet must be self-organizing and not depend on administrators or centralized infrastructure. |
52 | @footnote{@uref{https://en.wikipedia.org/wiki/Byzantine_fault_tolerance, https://en.wikipedia.org/wiki/Byzantine_fault_tolerance}} | 43 | @item GNUnet must inform the user which other participants have to be trusted when establishing private communications. |
53 | at any position in the network. | ||
54 | @item GNUnet must make it explicit to the user which entities are | ||
55 | considered to be trustworthy when establishing secured communications. | ||
56 | @item GNUnet must use compartmentalization to protect sensitive | ||
57 | information. | ||
58 | @item GNUnet must be open and permit new peers to join. | 44 | @item GNUnet must be open and permit new peers to join. |
59 | @item GNUnet must be self-organizing and not depend on administrators. | ||
60 | @item GNUnet must support a diverse range of applications and devices. | 45 | @item GNUnet must support a diverse range of applications and devices. |
61 | @item The GNUnet architecture must be cost effective. | 46 | @item GNUnet must use compartmentalization to protect sensitive information. |
62 | @item GNUnet must provide incentives for peers to contribute more | 47 | @item The GNUnet architecture must be resource efficient. |
63 | resources than they consume. | 48 | @item GNUnet must provide incentives for peers to contribute more resources than they consume. |
64 | @end itemize | 49 | @end itemize |
65 | 50 | ||
66 | 51 | ||
67 | @cindex Security and Privacy | 52 | @cindex Privacy and Anonymity |
68 | @node Security and Privacy | 53 | @node Privacy and Anonymity |
69 | @section Security and Privacy | 54 | @section Privacy and Anonymity |
70 | |||
71 | GNUnet's primary design goals are to protect the privacy of its users and | ||
72 | to guard itself against attacks or abuse. | ||
73 | GNUnet does not have any mechanisms to control, track or censor users. | ||
74 | Instead, the GNUnet protocols aim to make it as hard as possible to | ||
75 | find out what is happening on the network or to disrupt operations. | ||
76 | 55 | ||
77 | @cindex Versatility | 56 | The GNUnet protocols minimize the leakage of personally identifiable information of participants and |
78 | @node Versatility | 57 | do not allow adversaries to control, track, monitor or censor users activities. The |
79 | @section Versatility | 58 | GNUnet protocols also make it as hard as possible to disrupt operations by participating in the network with malicious intent. |
80 | 59 | ||
81 | We call GNUnet a peer-to-peer framework because we want to support many | 60 | Analyzing participant's activities becomes more difficult as the number of peers and |
82 | different forms of peer-to-peer applications. GNUnet uses a plugin | 61 | applications that generate traffic on the network grows, even if the additional |
83 | architecture to make the system extensible and to encourage code reuse. | 62 | traffic generated is not related to anonymous communication. This is one of the reasons why GNUnet is developed as a peer-to-peer |
84 | While the first versions of the system only supported anonymous | ||
85 | file-sharing, other applications are being worked on and more will | ||
86 | hopefully follow in the future. | ||
87 | A powerful synergy regarding anonymity services is created by a large | ||
88 | community utilizing many diverse applications over the same software | ||
89 | infrastructure. The reason is that link encryption hides the specifics | ||
90 | of the traffic for non-participating observers. This way, anonymity can | ||
91 | get stronger with additional (GNUnet) traffic, even if the additional | ||
92 | traffic is not related to anonymous communication. Increasing anonymity | ||
93 | is the primary reason why GNUnet is developed to become a peer-to-peer | ||
94 | framework where many applications share the lower layers of an | 63 | framework where many applications share the lower layers of an |
95 | increasingly complex protocol stack. | 64 | increasingly complex protocol stack. The GNUnet architecture encourages many |
96 | If merging traffic to hinder traffic analysis was not important, | 65 | different forms of peer-to-peer applications. |
97 | we could have just developed a dozen stand-alone applications | ||
98 | and a few shared libraries. | ||
99 | 66 | ||
100 | @cindex Practicality | 67 | @cindex Practicality |
101 | @node Practicality | 68 | @node Practicality |
102 | @section Practicality | 69 | @section Practicality |
103 | 70 | ||
104 | GNUnet allows participants to trade various amounts of security in | 71 | Whereever possible GNUnet allows the peer to adjust its operations |
105 | exchange for increased efficiency. However, it is not possible for any | 72 | and functionalities to specific use cases. A GNUnet peer running on |
106 | user's security and efficiency requirements to compromise the security | 73 | a mobile device with limited battery for example might choose not to |
107 | and efficiency of any other user. | 74 | relay traffic for other participants. |
108 | |||
109 | For GNUnet, efficiency is not paramount. If there were a more secure and | ||
110 | still practical approach, we would choose to take the more secure | ||
111 | alternative. @command{telnet} is more efficient than @command{ssh}, yet | ||
112 | it is obsolete. | ||
113 | Hardware gets faster, and code can be optimized. Fixing security issues | ||
114 | as an afterthought is much harder. | ||
115 | |||
116 | While security is paramount, practicability is still a requirement. | ||
117 | The most secure system is always the one that nobody can use. | ||
118 | Similarly, any anonymous system that is extremely inefficient will only | ||
119 | find few users. | ||
120 | However, good anonymity requires a large and diverse user base. Since | ||
121 | individual security requirements may vary, the only good solution here is | ||
122 | to allow individuals to trade-off security and efficiency. | ||
123 | The primary challenge in allowing this is to ensure that the economic | ||
124 | incentives work properly. | ||
125 | In particular, this means that it must be impossible for a user to gain | ||
126 | security at the expense of other users. Many designs (e.g. anonymity via | ||
127 | broadcast) fail to give users an incentive to choose a less secure but | ||
128 | more efficient mode of operation. | ||
129 | GNUnet should avoid where ever possible to rely on protocols that will | ||
130 | only work if the participants are benevolent. | ||
131 | While some designs have had widespread success while relying on parties | ||
132 | to observe a protocol that may be sub-optimal for the individuals (e.g. | ||
133 | TCP Nagle), a protocol that ensures that individual goals never conflict | ||
134 | with the goals of the group is always preferable. | ||
135 | |||
136 | @cindex Key Concepts | ||
137 | @node Key Concepts | ||
138 | @section Key Concepts | ||
139 | |||
140 | In this section, the fundamental concepts of GNUnet are explained. | ||
141 | @c FIXME: Use @uref{https://docs.gnunet.org/bib/, research papers} | ||
142 | @c once we have the new bibliography + subdomain setup. | ||
143 | Most of them are also described in our research papers. | ||
144 | First, some of the concepts used in the GNUnet framework are detailed. | ||
145 | The second part describes concepts specific to anonymous file-sharing. | ||
146 | |||
147 | @menu | ||
148 | * Authentication:: | ||
149 | * Accounting to Encourage Resource Sharing:: | ||
150 | * Confidentiality:: | ||
151 | * Anonymity:: | ||
152 | * Deniability:: | ||
153 | * Peer Identities:: | ||
154 | * Zones in the GNU Name System (GNS Zones):: | ||
155 | * Egos:: | ||
156 | @end menu | ||
157 | |||
158 | @cindex Authentication | ||
159 | @node Authentication | ||
160 | @subsection Authentication | ||
161 | |||
162 | Almost all peer-to-peer communications in GNUnet are between mutually | ||
163 | authenticated peers. The authentication works by using ECDHE, that is a | ||
164 | DH (Diffie---Hellman) key exchange using ephemeral elliptic curve | ||
165 | cryptography. The ephemeral ECC (Elliptic Curve Cryptography) keys are | ||
166 | signed using ECDSA (@uref{http://en.wikipedia.org/wiki/ECDSA, ECDSA}). | ||
167 | The shared secret from ECDHE is used to create a pair of session keys | ||
168 | @c FIXME: Long word for HKDF. More FIXMEs: Explain MITM etc. | ||
169 | (using HKDF) which are then used to encrypt the communication between the | ||
170 | two peers using both 256-bit AES (Advanced Encryption Standard) | ||
171 | and 256-bit Twofish (with independently derived secret keys). | ||
172 | As only the two participating hosts know the shared secret, this | ||
173 | authenticates each packet | ||
174 | without requiring signatures each time. GNUnet uses SHA-512 | ||
175 | (Secure Hash Algorithm) hash codes to verify the integrity of messages. | ||
176 | |||
177 | @c FIXME: A while back I got the feedback that I should try and integrate | ||
178 | @c explanation boxes in the long-run. So we could explain | ||
179 | @c "man-in-the-middle" and "man-in-the-middle attacks" and other words | ||
180 | @c which are not common knowledge. MITM is not common knowledge. To be | ||
181 | @c selfcontained, we should be able to explain words and concepts used in | ||
182 | @c a chapter or paragraph without hinting at Wikipedia and other online | ||
183 | @c sources which might not be available or accessible to everyone. | ||
184 | @c On the other hand we could write an introductionary chapter or book | ||
185 | @c that we could then reference in each chapter, which sound like it | ||
186 | @c could be more reusable. | ||
187 | In GNUnet, the identity of a host is its public key. For that reason, | ||
188 | man-in-the-middle attacks will not break the authentication or accounting | ||
189 | goals. Essentially, for GNUnet, the IP of the host has nothing to do with | ||
190 | the identity of the host. As the public key is the only thing that truly | ||
191 | matters, faking an IP, a port or any other property of the underlying | ||
192 | transport protocol is irrelevant. In fact, GNUnet peers can use | ||
193 | multiple IPs (IPv4 and IPv6) on multiple ports --- or even not use the | ||
194 | IP protocol at all (by running directly on layer 2). | ||
195 | @c FIXME: "IP protocol" feels wrong, but could be what people expect, as | ||
196 | @c IP is "the number" and "IP protocol" the protocol itself in general | ||
197 | @c knowledge? | ||
198 | |||
199 | @c NOTE: For consistency we will use @code{HELLO}s throughout this Manual. | ||
200 | GNUnet uses a special type of message to communicate a binding between | ||
201 | public (ECC) keys to their current network address. These messages are | ||
202 | commonly called @code{HELLO}s or @code{peer advertisements}. | ||
203 | They contain the public key of the peer and its current network | ||
204 | addresses for various transport services. | ||
205 | A transport service is a special kind of shared library that | ||
206 | provides (possibly unreliable, out-of-order) message delivery between | ||
207 | peers. | ||
208 | For the UDP and TCP transport services, a network address is an IP and a | ||
209 | port. | ||
210 | GNUnet can also use other transports (HTTP, HTTPS, WLAN, etc.) which use | ||
211 | various other forms of addresses. Note that any node can have many | ||
212 | different active transport services at the same time, | ||
213 | and each of these can have a different addresses. | ||
214 | Binding messages expire after at most a week (the timeout can be | ||
215 | shorter if the user configures the node appropriately). | ||
216 | This expiration ensures that the network will eventually get rid of | ||
217 | outdated advertisements. | ||
218 | @footnote{Ronaldo A. Ferreira, Christian Grothoff, and Paul Ruth. | ||
219 | A Transport Layer Abstraction for Peer-to-Peer Networks | ||
220 | Proceedings of the 3rd International Symposium on Cluster Computing | ||
221 | and the Grid (GRID 2003), 2003. | ||
222 | (@uref{https://gnunet.org/git/bibliography.git/plain/docs/transport.pdf, https://gnunet.org/git/bibliography.git/plain/docs/transport.pdf})} | ||
223 | |||
224 | @cindex Accounting to Encourage Resource Sharing | ||
225 | @node Accounting to Encourage Resource Sharing | ||
226 | @subsection Accounting to Encourage Resource Sharing | ||
227 | |||
228 | Most distributed P2P networks suffer from a lack of defenses or | ||
229 | precautions against attacks in the form of freeloading. | ||
230 | While the intentions of an attacker and a freeloader are different, their | ||
231 | effect on the network is the same; they both render it useless. | ||
232 | Most simple attacks on networks such as @command{Gnutella} | ||
233 | involve flooding the network with traffic, particularly | ||
234 | with queries that are, in the worst case, multiplied by the network. | ||
235 | |||
236 | In order to ensure that freeloaders or attackers have a minimal impact | ||
237 | on the network, GNUnet's file-sharing implementation (@code{FS} tries | ||
238 | to distinguish good (contributing) nodes from malicious (freeloading) | ||
239 | nodes. In GNUnet, every file-sharing node keeps track of the behavior | ||
240 | of every other node it has been in contact with. Many requests | ||
241 | (depending on the application) are transmitted with a priority (or | ||
242 | importance) level. That priority is used to establish how important | ||
243 | the sender believes this request is. If a peer responds to an | ||
244 | important request, the recipient will increase its trust in the | ||
245 | responder: the responder contributed resources. If a peer is too busy | ||
246 | to answer all requests, it needs to prioritize. For that, peers do | ||
247 | not take the priorities of the requests received at face value. | ||
248 | First, they check how much they trust the sender, and depending on | ||
249 | that amount of trust they assign the request a (possibly lower) | ||
250 | effective priority. Then, they drop the requests with the lowest | ||
251 | effective priority to satisfy their resource constraints. This way, | ||
252 | GNUnet's economic model ensures that nodes that are not currently | ||
253 | considered to have a surplus in contributions will not be served if | ||
254 | the network load is high. | ||
255 | @footnote{Christian Grothoff. An Excess-Based Economic Model for Resource | ||
256 | Allocation in Peer-to-Peer Networks. Wirtschaftsinformatik, June 2003. | ||
257 | (@uref{https://gnunet.org/git/bibliography.git/plain/docs/ebe.pdf, https://gnunet.org/git/bibliography.git/plain/docs/ebe.pdf})} | ||
258 | @c 2009? | ||
259 | |||
260 | @cindex Confidentiality | ||
261 | @node Confidentiality | ||
262 | @subsection Confidentiality | ||
263 | |||
264 | Adversaries (malicious, bad actors) outside of GNUnet are not supposed | ||
265 | to know what kind of actions a peer is involved in. Only the specific | ||
266 | neighbor of a peer that is the corresponding sender or recipient of a | ||
267 | message may know its contents, and even then application protocols may | ||
268 | place further restrictions on that knowledge. In order to ensure | ||
269 | confidentiality, GNUnet uses link encryption, that is each message | ||
270 | exchanged between two peers is encrypted using a pair of keys only | ||
271 | known to these two peers. Encrypting traffic like this makes any kind | ||
272 | of traffic analysis much harder. Naturally, for some applications, it | ||
273 | may still be desirable if even neighbors cannot determine the concrete | ||
274 | contents of a message. In GNUnet, this problem is addressed by the | ||
275 | specific application-level protocols. See for example the following | ||
276 | sections @pxref{Anonymity}, @pxref{How file-sharing achieves Anonymity}, | ||
277 | and @pxref{Deniability}. | ||
278 | |||
279 | @cindex Anonymity | ||
280 | @node Anonymity | ||
281 | @subsection Anonymity | ||
282 | 75 | ||
283 | @menu | 76 | For certain applications like file-sharing GNUnet allows participants to trade degrees of anonymity in |
284 | * How file-sharing achieves Anonymity:: | 77 | exchange for increased efficiency. However, it is not possible for any |
285 | @end menu | 78 | user's efficiency requirements to compromise the anonymity |
286 | 79 | of any other user. | |
287 | Providing anonymity for users is the central goal for the anonymous | ||
288 | file-sharing application. Many other design decisions follow in the | ||
289 | footsteps of this requirement. | ||
290 | Anonymity is never absolute. While there are various | ||
291 | scientific metrics@footnote{Claudia Díaz, Stefaan Seys, Joris Claessens, | ||
292 | and Bart Preneel. Towards measuring anonymity. | ||
293 | 2002. | ||
294 | (@uref{https://gnunet.org/git/bibliography.git/plain/docs/article-89.pdf, https://gnunet.org/git/bibliography.git/plain/docs/article-89.pdf})} | ||
295 | that can help quantify the level of anonymity that a given mechanism | ||
296 | provides, there is no such thing as "complete anonymity". | ||
297 | GNUnet's file-sharing implementation allows users to select for each | ||
298 | operation (publish, search, download) the desired level of anonymity. | ||
299 | The metric used is the amount of cover traffic available to hide the | ||
300 | request. | ||
301 | While this metric is not as good as, for example, the theoretical metric | ||
302 | given in scientific metrics@footnote{likewise}, | ||
303 | it is probably the best metric available to a peer with a purely local | ||
304 | view of the world that does not rely on unreliable external information. | ||
305 | The default anonymity level is @code{1}, which uses anonymous routing but | ||
306 | imposes no minimal requirements on cover traffic. It is possible | ||
307 | to forego anonymity when this is not required. The anonymity level of | ||
308 | @code{0} allows GNUnet to use more efficient, non-anonymous routing. | ||
309 | |||
310 | @cindex How file-sharing achieves Anonymity | ||
311 | @node How file-sharing achieves Anonymity | ||
312 | @subsubsection How file-sharing achieves Anonymity | ||
313 | |||
314 | Contrary to other designs, we do not believe that users achieve strong | ||
315 | anonymity just because their requests are obfuscated by a couple of | ||
316 | indirections. This is not sufficient if the adversary uses traffic | ||
317 | analysis. | ||
318 | The threat model used for anonymous file sharing in GNUnet assumes that | ||
319 | the adversary is quite powerful. | ||
320 | In particular, we assume that the adversary can see all the traffic on | ||
321 | the Internet. And while we assume that the adversary | ||
322 | can not break our encryption, we assume that the adversary has many | ||
323 | participating nodes in the network and that it can thus see many of the | ||
324 | node-to-node interactions since it controls some of the nodes. | ||
325 | |||
326 | The system tries to achieve anonymity based on the idea that users can be | ||
327 | anonymous if they can hide their actions in the traffic created by other | ||
328 | users. | ||
329 | Hiding actions in the traffic of other users requires participating in the | ||
330 | traffic, bringing back the traditional technique of using indirection and | ||
331 | source rewriting. Source rewriting is required to gain anonymity since | ||
332 | otherwise an adversary could tell if a message originated from a host by | ||
333 | looking at the source address. If all packets look like they originate | ||
334 | from one node, the adversary can not tell which ones originate from that | ||
335 | node and which ones were routed. | ||
336 | Note that in this mindset, any node can decide to break the | ||
337 | source-rewriting paradigm without violating the protocol, as this | ||
338 | only reduces the amount of traffic that a node can hide its own traffic | ||
339 | in. | ||
340 | |||
341 | If we want to hide our actions in the traffic of other nodes, we must make | ||
342 | our traffic indistinguishable from the traffic that we route for others. | ||
343 | As our queries must have us as the receiver of the reply | ||
344 | (otherwise they would be useless), we must put ourselves as the receiver | ||
345 | of replies that actually go to other hosts; in other words, we must | ||
346 | indirect replies. | ||
347 | Unlike other systems, in anonymous file-sharing as implemented on top of | ||
348 | GNUnet we do not have to indirect the replies if we don't think we need | ||
349 | more traffic to hide our own actions. | ||
350 | |||
351 | This increases the efficiency of the network as we can indirect less under | ||
352 | higher load.@footnote{Krista Bennett and Christian Grothoff. | ||
353 | GAP --- practical anonymous networking. In Proceedings of | ||
354 | Designing Privacy Enhancing Technologies, 2003. | ||
355 | (@uref{https://gnunet.org/git/bibliography.git/plain/docs/aff.pdf, https://gnunet.org/git/bibliography.git/plain/docs/aff.pdf})} | ||
356 | |||
357 | @cindex Deniability | ||
358 | @node Deniability | ||
359 | @subsection Deniability | ||
360 | |||
361 | Even if the user that downloads data and the server that provides data are | ||
362 | anonymous, the intermediaries may still be targets. In particular, if the | ||
363 | intermediaries can find out which queries or which content they are | ||
364 | processing, a strong adversary could try to force them to censor | ||
365 | certain materials. | ||
366 | |||
367 | With the file-encoding used by GNUnet's anonymous file-sharing, this | ||
368 | problem does not arise. | ||
369 | The reason is that queries and replies are transmitted in | ||
370 | an encrypted format such that intermediaries cannot tell what the query | ||
371 | is for or what the content is about. Mind that this is not the same | ||
372 | encryption as the link-encryption between the nodes. GNUnet has | ||
373 | encryption on the network layer (link encryption, confidentiality, | ||
374 | authentication) and again on the application layer (provided | ||
375 | by @command{gnunet-publish}, @command{gnunet-download}, | ||
376 | @command{gnunet-search} and @command{gnunet-gtk}). | ||
377 | @footnote{Christian Grothoff, Krista Grothoff, Tzvetan Horozov, | ||
378 | and Jussi T. Lindgren. | ||
379 | An Encoding for Censorship-Resistant Sharing. | ||
380 | 2009. | ||
381 | (@uref{https://gnunet.org/git/bibliography.git/plain/docs/ecrs.pdf, https://gnunet.org/git/bibliography.git/plain/docs/ecrs.pdf})} | ||
382 | |||
383 | @cindex Peer Identities | ||
384 | @node Peer Identities | ||
385 | @subsection Peer Identities | ||
386 | |||
387 | Peer identities are used to identify peers in the network and are unique | ||
388 | for each peer. The identity for a peer is simply its public key, which is | ||
389 | generated along with a private key the peer is started for the first time. | ||
390 | While the identity is binary data, it is often expressed as ASCII string. | ||
391 | For example, the following is a peer identity as you might see it in | ||
392 | various places: | ||
393 | |||
394 | @example | ||
395 | UAT1S6PMPITLBKSJ2DGV341JI6KF7B66AC4JVCN9811NNEGQLUN0 | ||
396 | @end example | ||
397 | |||
398 | @noindent | ||
399 | You can find your peer identity by running @command{gnunet-peerinfo -s}. | ||
400 | |||
401 | @cindex Zones in the GNU Name System (GNS Zones) | ||
402 | @node Zones in the GNU Name System (GNS Zones) | ||
403 | @subsection Zones in the GNU Name System (GNS Zones) | ||
404 | |||
405 | @c FIXME: Explain or link to an explanation of the concept of public keys | ||
406 | @c and private keys. | ||
407 | @c FIXME: Rewrite for the latest GNS changes. | ||
408 | GNS@footnote{Matthias Wachs, Martin Schanzenbach, and Christian Grothoff. | ||
409 | A Censorship-Resistant, Privacy-Enhancing and Fully Decentralized Name | ||
410 | System. In proceedings of 13th International Conference on Cryptology and | ||
411 | Network Security (CANS 2014). 2014. | ||
412 | @uref{https://gnunet.org/git/bibliography.git/plain/docs/gns2014wachs.pdf, https://gnunet.org/git/bibliography.git/plain/docs/gns2014wachs.pdf}} | ||
413 | zones are similar to those of DNS zones, but instead of a hierarchy of | ||
414 | authorities to governing their use, GNS zones are controlled by a private | ||
415 | key. | ||
416 | When you create a record in a DNS zone, that information is stored in your | ||
417 | nameserver. Anyone trying to resolve your domain then gets pointed | ||
418 | (hopefully) by the centralised authority to your nameserver. | ||
419 | Whereas GNS, being fully decentralized by design, stores that information | ||
420 | in DHT. The validity of the records is assured cryptographically, by | ||
421 | signing them with the private key of the respective zone. | ||
422 | |||
423 | Anyone trying to resolve records in a zone of your domain can then verify | ||
424 | the signature of the records they get from the DHT and be assured that | ||
425 | they are indeed from the respective zone. | ||
426 | To make this work, there is a 1:1 correspondence between zones and | ||
427 | their public-private key pairs. | ||
428 | So when we talk about the owner of a GNS zone, that's really the owner of | ||
429 | the private key. | ||
430 | And a user accessing a zone needs to somehow specify the corresponding | ||
431 | public key first. | ||
432 | |||
433 | @cindex Egos | ||
434 | @node Egos | ||
435 | @subsection Egos | ||
436 | 80 | ||
437 | @c what is the difference between peer identity and egos? It seems | ||
438 | @c like both are linked to public-private key pair. | ||
439 | Egos are your "identities" in GNUnet. Any user can assume multiple | ||
440 | identities, for example to separate their activities online. Egos can | ||
441 | correspond to "pseudonyms" or "real-world identities". Technically an | ||
442 | ego is first of all a key pair of a public- and private-key. | ||
diff --git a/doc/documentation/chapters/user.texi b/doc/documentation/chapters/user.texi index 9c9bd8df8..2dd6cbcb5 100644 --- a/doc/documentation/chapters/user.texi +++ b/doc/documentation/chapters/user.texi | |||
@@ -20,232 +20,32 @@ always welcome. | |||
20 | 20 | ||
21 | 21 | ||
22 | @menu | 22 | @menu |
23 | * Checking the Installation:: | 23 | * Start and stop GNUnet:: |
24 | * First steps - File-sharing:: | ||
25 | * First steps - Using the GNU Name System:: | 24 | * First steps - Using the GNU Name System:: |
26 | * First steps - Using GNUnet Conversation:: | 25 | * First steps - Using GNUnet Conversation:: |
27 | * First steps - Using the GNUnet VPN:: | 26 | * First steps - Using the GNUnet VPN:: |
28 | * File-sharing:: | 27 | * File-sharing:: |
29 | * The GNU Name System:: | 28 | * The GNU Name System:: |
30 | * Using the Virtual Public Network:: | 29 | * Using the Virtual Public Network:: |
31 | * The graphical configuration interface:: | 30 | * MOVE TO INSTALL The graphical configuration interface:: |
32 | * How to start and stop a GNUnet peer:: | 31 | * MOVE TO INSTALL Checking the Installation:: |
32 | * MOVE TO INSTALL Config Leftovers:: | ||
33 | @end menu | 33 | @end menu |
34 | 34 | ||
35 | @node Checking the Installation | 35 | @node Start and stop GNUnet |
36 | @section Checking the Installation | 36 | @section Start and stop GNUnet |
37 | @c %**end of header | ||
38 | |||
39 | This section describes a quick, casual way to check if your GNUnet | ||
40 | installation works. However, if it does not, we do not cover | ||
41 | steps for recovery --- for this, please study the instructions | ||
42 | provided in the developer handbook as well as the system-specific | ||
43 | instruction in the source code repository@footnote{The system specific instructions are not provided as part of this handbook!}. | ||
44 | |||
45 | |||
46 | @menu | ||
47 | * gnunet-gtk:: | ||
48 | * Statistics:: | ||
49 | * Peer Information:: | ||
50 | @end menu | ||
51 | |||
52 | @cindex GNUnet GTK | ||
53 | @cindex GTK | ||
54 | @cindex GTK user interface | ||
55 | @node gnunet-gtk | ||
56 | @subsection gnunet-gtk | ||
57 | @c %**end of header | ||
58 | |||
59 | The @command{gnunet-gtk} package contains several graphical | ||
60 | user interfaces for the respective GNUnet applications. | ||
61 | Currently these interfaces cover: | ||
62 | |||
63 | @itemize @bullet | ||
64 | @item Statistics | ||
65 | @item Peer Information | ||
66 | @item GNU Name System | ||
67 | @item File Sharing | ||
68 | @item Identity Management | ||
69 | @item Conversation | ||
70 | @end itemize | ||
71 | 37 | ||
72 | @node Statistics | 38 | Previous to use any GNUnet-based application, one has to start a node: |
73 | @subsection Statistics | ||
74 | @c %**end of header | ||
75 | |||
76 | First, you should launch GNUnet gtk@footnote{Obviously you should also start gnunet, via gnunet-arm or the system provided method}. | ||
77 | You can do this from the command-line by typing | ||
78 | 39 | ||
79 | @example | 40 | @example |
80 | gnunet-statistics-gtk | 41 | $ gnunet-arm -s -l gnunet.log |
81 | @end example | 42 | @end example |
82 | 43 | ||
83 | If your peer@footnote{The term ``peer'' is a common word used in federated and distributed networks to describe a participating device which is connected to the network. Thus, your Personal Computer or whatever it is you are looking at the Gtk+ interface describes a ``Peer'' or a ``Node''.} | 44 | To stop GNUnet: |
84 | is running correctly, you should see a bunch of lines, | ||
85 | all of which should be ``significantly'' above zero (at least if your | ||
86 | peer has been running for more than a few seconds). The lines indicate | ||
87 | how many other peers your peer is connected to (via different | ||
88 | mechanisms) and how large the entire overlay network is currently | ||
89 | estimated to be. The X-axis represents time (in seconds since the | ||
90 | start of @command{gnunet-gtk}). | ||
91 | |||
92 | You can click on "Traffic" to see information about the amount of | ||
93 | bandwidth your peer has consumed, and on "Storage" to check the amount | ||
94 | of storage available and used by your peer. Note that "Traffic" is | ||
95 | plotted cumulatively, so you should see a strict upwards trend in the | ||
96 | traffic. | ||
97 | |||
98 | @node Peer Information | ||
99 | @subsection Peer Information | ||
100 | @c %**end of header | ||
101 | |||
102 | First, you should launch the graphical user interface. You can do | ||
103 | this from the command-line by typing | ||
104 | 45 | ||
105 | @example | 46 | @example |
106 | $ gnunet-peerinfo-gtk | 47 | $ gnunet-arm -e |
107 | @end example | 48 | @end example |
108 | |||
109 | Once you have done this, you will see a list of known peers (by the | ||
110 | first four characters of their public key), their friend status (all | ||
111 | should be marked as not-friends initially), their connectivity (green | ||
112 | is connected, red is disconnected), assigned bandwidth, country of | ||
113 | origin (if determined) and address information. If hardly any peers | ||
114 | are listed and/or if there are very few peers with a green light for | ||
115 | connectivity, there is likely a problem with your network | ||
116 | configuration. | ||
117 | |||
118 | @node First steps - File-sharing | ||
119 | @section First steps - File-sharing | ||
120 | @c %**end of header | ||
121 | |||
122 | This chapter describes first steps for file-sharing with GNUnet. | ||
123 | To start, you should launch @command{gnunet-fs-gtk}. | ||
124 | |||
125 | As we want to be sure that the network contains the data that we are | ||
126 | looking for for testing, we need to begin by publishing a file. | ||
127 | |||
128 | |||
129 | @menu | ||
130 | * Publishing:: | ||
131 | * Searching:: | ||
132 | * Downloading:: | ||
133 | @end menu | ||
134 | |||
135 | @node Publishing | ||
136 | @subsection Publishing | ||
137 | @c %**end of header | ||
138 | |||
139 | To publish a file, select "File Sharing" in the menu bar just below the | ||
140 | "Statistics" icon, and then select "Publish" from the menu. | ||
141 | |||
142 | Afterwards, the following publishing dialog will appear: | ||
143 | |||
144 | @c Add image here | ||
145 | |||
146 | In this dialog, select the "Add File" button. This will open a | ||
147 | file selection dialog: | ||
148 | |||
149 | @c Add image here | ||
150 | |||
151 | Now, you should select a file from your computer to be published on | ||
152 | GNUnet. To see more of GNUnet's features later, you should pick a | ||
153 | PNG or JPEG file this time. You can leave all of the other options | ||
154 | in the dialog unchanged. Confirm your selection by pressing the "OK" | ||
155 | button in the bottom right corner. Now, you will briefly see a | ||
156 | "Messages..." dialog pop up, but most likely it will be too short for | ||
157 | you to really read anything. That dialog is showing you progress | ||
158 | information as GNUnet takes a first look at the selected file(s). | ||
159 | For a normal image, this is virtually instant, but if you later | ||
160 | import a larger directory you might be interested in the progress dialog | ||
161 | and potential errors that might be encountered during processing. | ||
162 | After the progress dialog automatically disappears, your file | ||
163 | should now appear in the publishing dialog: | ||
164 | |||
165 | @c Add image here | ||
166 | |||
167 | Now, select the file (by clicking on the file name) and then click | ||
168 | the "Edit" button. This will open the editing dialog: | ||
169 | |||
170 | @c Add image here | ||
171 | |||
172 | In this dialog, you can see many details about your file. In the | ||
173 | top left area, you can see meta data extracted about the file, | ||
174 | such as the original filename, the mimetype and the size of the image. | ||
175 | In the top right, you should see a preview for the image | ||
176 | (if GNU libextractor was installed correctly with the | ||
177 | respective plugins). Note that if you do not see a preview, this | ||
178 | is not a disaster, but you might still want to install more of | ||
179 | GNU libextractor in the future. In the bottom left, the dialog contains | ||
180 | a list of keywords. These are the keywords under which the file will be | ||
181 | made available. The initial list will be based on the extracted meta data. | ||
182 | Additional publishing options are in the right bottom corner. We will | ||
183 | now add an additional keyword to the list of keywords. This is done by | ||
184 | entering the keyword above the keyword list between the label "Keyword" | ||
185 | and the "Add keyword" button. Enter "test" and select "Add keyword". | ||
186 | Note that the keyword will appear at the bottom of the existing keyword | ||
187 | list, so you might have to scroll down to see it. Afterwards, push the | ||
188 | "OK" button at the bottom right of the dialog. | ||
189 | |||
190 | You should now be back at the "Publish content on GNUnet" dialog. Select | ||
191 | "Execute" in the bottom right to close the dialog and publish your file | ||
192 | on GNUnet! Afterwards, you should see the main dialog with a new area | ||
193 | showing the list of published files (or ongoing publishing operations | ||
194 | with progress indicators): | ||
195 | |||
196 | @c Add image here | ||
197 | |||
198 | @node Searching | ||
199 | @subsection Searching | ||
200 | @c %**end of header | ||
201 | |||
202 | Below the menu bar, there are four entry widges labeled "Namespace", | ||
203 | "Keywords", "Anonymity" and "Mime-type" (from left to right). These | ||
204 | widgets are used to control searching for files in GNUnet. Between the | ||
205 | "Keywords" and "Anonymity" widgets, there is also a big "Search" button, | ||
206 | which is used to initiate the search. We will ignore the "Namespace", | ||
207 | "Anonymity" and "Mime-type" options in this tutorial, please leave them | ||
208 | empty. Instead, simply enter "test" under "Keywords" and press "Search". | ||
209 | Afterwards, you should immediately see a new tab labeled after your | ||
210 | search term, followed by the (current) number of search | ||
211 | results --- "(15)" in our screenshot. Note that your results may | ||
212 | vary depending on what other users may have shared and how your | ||
213 | peer is connected. | ||
214 | |||
215 | You can now select one of the search results. Once you do this, | ||
216 | additional information about the result should be displayed on the | ||
217 | right. If available, a preview image should appear on the top right. | ||
218 | Meta data describing the file will be listed at the bottom right. | ||
219 | |||
220 | Once a file is selected, at the bottom of the search result list | ||
221 | a little area for downloading appears. | ||
222 | |||
223 | @node Downloading | ||
224 | @subsection Downloading | ||
225 | @c %**end of header | ||
226 | |||
227 | In the downloading area, you can select the target directory (default is | ||
228 | "Downloads") and specify the desired filename (by default the filename it | ||
229 | taken from the meta data of the published file). Additionally, you can | ||
230 | specify if the download should be anonymous and (for directories) if | ||
231 | the download should be recursive. In most cases, you can simply start | ||
232 | the download with the "Download!" button. | ||
233 | |||
234 | Once you selected download, the progress of the download will be | ||
235 | displayed with the search result. You may need to resize the result | ||
236 | list or scroll to the right. The "Status" column shows the current | ||
237 | status of the download, and "Progress" how much has been completed. | ||
238 | When you close the search tab (by clicking on the "X" button next to | ||
239 | the "test" label), ongoing and completed downloads are not aborted | ||
240 | but moved to a special "*" tab. | ||
241 | |||
242 | You can remove completed downloads from the "*" tab by clicking the | ||
243 | cleanup button next to the "*". You can also abort downloads by right | ||
244 | clicking on the respective download and selecting "Abort download" | ||
245 | from the menu. | ||
246 | |||
247 | That's it, you now know the basics for file-sharing with GNUnet! | ||
248 | |||
249 | @node First steps - Using the GNU Name System | 49 | @node First steps - Using the GNU Name System |
250 | @section First steps - Using the GNU Name System | 50 | @section First steps - Using the GNU Name System |
251 | @c %**end of header | 51 | @c %**end of header |
@@ -309,7 +109,7 @@ rules - GO0T87F9BPMF8NKD5A54L2AH1T0GRML539TPFSRMCEA98182QD30 | |||
309 | @subsection The GNS Tab | 109 | @subsection The GNS Tab |
310 | @c %**end of header | 110 | @c %**end of header |
311 | 111 | ||
312 | Maintaining your zones is through the NAMESTORE service and is discussed | 112 | Maintaing your zones is through the NAMESTORE service and is discussed |
313 | here. You can manage your zone using @command{gnunet-identity} and | 113 | here. You can manage your zone using @command{gnunet-identity} and |
314 | @command{gnunet-namestore}, or most conveniently using | 114 | @command{gnunet-namestore}, or most conveniently using |
315 | @command{gnunet-namestore-gtk}. | 115 | @command{gnunet-namestore-gtk}. |
@@ -899,24 +699,198 @@ the searcher/downloader specify "no anonymity", non-anonymous | |||
899 | file-sharing is used. If either user specifies some desired degree | 699 | file-sharing is used. If either user specifies some desired degree |
900 | of anonymity, anonymous file-sharing will be used. | 700 | of anonymity, anonymous file-sharing will be used. |
901 | 701 | ||
902 | In this chapter, we will first look at the various concepts in GNUnet's | 702 | After a short introduction, we will first look at the various concepts in |
903 | file-sharing implementation. Then, we will discuss specifics as to | 703 | GNUnet's file-sharing implementation. Then, we will discuss specifics as to how |
904 | how they impact users that publish, search or download files. | 704 | they impact users that publish, search or download files. |
905 | |||
906 | 705 | ||
907 | 706 | ||
908 | @menu | 707 | @menu |
909 | * File-sharing Concepts:: | 708 | * fs-Searching:: |
910 | * File-sharing Publishing:: | 709 | * fs-Downloading:: |
911 | * File-sharing Searching:: | 710 | * fs-Publishing:: |
912 | * File-sharing Downloading:: | 711 | * fs-Concepts:: |
913 | * File-sharing Directories:: | 712 | * fs-Directories:: |
914 | * File-sharing Namespace Management:: | 713 | * Namespace Management:: |
915 | * File-Sharing URIs:: | 714 | * File-Sharing URIs:: |
715 | * GTK User Interface:: | ||
916 | @end menu | 716 | @end menu |
917 | 717 | ||
918 | @node File-sharing Concepts | 718 | @node fs-Searching |
919 | @subsection File-sharing Concepts | 719 | @subsection Searching |
720 | @c %**end of header | ||
721 | |||
722 | The command @command{gnunet-search} can be used to search | ||
723 | for content on GNUnet. The format is: | ||
724 | |||
725 | @example | ||
726 | $ gnunet-search [-t TIMEOUT] KEYWORD | ||
727 | @end example | ||
728 | |||
729 | @noindent | ||
730 | The -t option specifies that the query should timeout after | ||
731 | approximately TIMEOUT seconds. A value of zero is interpreted | ||
732 | as @emph{no timeout}, which is also the default. In this case, | ||
733 | gnunet-search will never terminate (unless you press CTRL-C). | ||
734 | |||
735 | If multiple words are passed as keywords, they will all be | ||
736 | considered optional. Prefix keywords with a "+" to make them mandatory. | ||
737 | |||
738 | Note that searching using | ||
739 | |||
740 | @example | ||
741 | $ gnunet-search Das Kapital | ||
742 | @end example | ||
743 | |||
744 | @noindent | ||
745 | is not the same as searching for | ||
746 | |||
747 | @example | ||
748 | $ gnunet-search "Das Kapital" | ||
749 | @end example | ||
750 | |||
751 | @noindent | ||
752 | as the first will match files shared under the keywords | ||
753 | "Das" or "Kapital" whereas the second will match files | ||
754 | shared under the keyword "Das Kapital". | ||
755 | |||
756 | Search results are printed by gnunet-search like this: | ||
757 | |||
758 | @c it will be better the avoid the ellipsis altogether because I don't | ||
759 | @c understand the explanation below that | ||
760 | @example | ||
761 | #15: | ||
762 | gnunet-download -o "COPYING" gnunet://fs/chk/PGK8M...3EK130.75446 | ||
763 | |||
764 | @end example | ||
765 | |||
766 | @noindent | ||
767 | The whole line is the command you would have to enter to download | ||
768 | the file. The argument passed to @code{-o} is the suggested | ||
769 | filename (you may change it to whatever you like). | ||
770 | It is followed by the key for decrypting the file, the query for searching the | ||
771 | file, a checksum (in hexadecimal) finally the size of the file in bytes. | ||
772 | |||
773 | @node fs-Downloading | ||
774 | @subsection Downloading | ||
775 | @c %**end of header | ||
776 | |||
777 | In order to download a file, you need the whole line returned by | ||
778 | @command{gnunet-search}. | ||
779 | You can then use the tool @command{gnunet-download} to obtain the file: | ||
780 | |||
781 | @example | ||
782 | $ gnunet-download -o <FILENAME> <GNUNET-URL> | ||
783 | @end example | ||
784 | |||
785 | @noindent | ||
786 | FILENAME specifies the name of the file where GNUnet is supposed | ||
787 | to write the result. Existing files are overwritten. If the | ||
788 | existing file contains blocks that are identical to the | ||
789 | desired download, those blocks will not be downloaded again | ||
790 | (automatic resume). | ||
791 | |||
792 | If you want to download the GPL from the previous example, | ||
793 | you do the following: | ||
794 | |||
795 | @example | ||
796 | $ gnunet-download -o "COPYING" gnunet://fs/chk/PGK8M...3EK130.75446 | ||
797 | @end example | ||
798 | |||
799 | @noindent | ||
800 | If you ever have to abort a download, you can continue it at any time by | ||
801 | re-issuing @command{gnunet-download} with the same filename. | ||
802 | In that case, GNUnet will @strong{not} download blocks again that are | ||
803 | already present. | ||
804 | |||
805 | GNUnet's file-encoding mechanism will ensure file integrity, even if the | ||
806 | existing file was not downloaded from GNUnet in the first place. | ||
807 | |||
808 | You may want to use the @command{-V} switch to turn on verbose reporting. In | ||
809 | this case, @command{gnunet-download} will print the current number of bytes | ||
810 | downloaded whenever new data was received. | ||
811 | |||
812 | @node fs-Publishing | ||
813 | @subsection Publishing | ||
814 | @c %**end of header | ||
815 | |||
816 | The command @command{gnunet-publish} can be used to add content | ||
817 | to the network. The basic format of the command is | ||
818 | |||
819 | @example | ||
820 | $ gnunet-publish [-n] [-k KEYWORDS]* [-m TYPE:VALUE] FILENAME | ||
821 | @end example | ||
822 | |||
823 | For example | ||
824 | @example | ||
825 | $ gnunet-publish -m "description:GNU License" -k gpl -k test -m "mimetype:text/plain" COPYING | ||
826 | @end example | ||
827 | |||
828 | @menu | ||
829 | * Important command-line options:: | ||
830 | * Indexing vs. Inserting:: | ||
831 | @end menu | ||
832 | |||
833 | @node Important command-line options | ||
834 | @subsubsection Important command-line options | ||
835 | @c %**end of header | ||
836 | |||
837 | The option @code{-k} is used to specify keywords for the file that | ||
838 | should be inserted. You can supply any number of keywords, | ||
839 | and each of the keywords will be sufficient to locate and | ||
840 | retrieve the file. Please note that you must use the @code{-k} option | ||
841 | more than once -- one for each expression you use as a keyword for | ||
842 | the filename. | ||
843 | |||
844 | The -m option is used to specify meta-data, such as descriptions. | ||
845 | You can use -m multiple times. The TYPE passed must be from the | ||
846 | list of meta-data types known to libextractor. You can obtain this | ||
847 | list by running @command{extract -L}. Use quotes around the entire | ||
848 | meta-data argument if the value contains spaces. The meta-data | ||
849 | is displayed to other users when they select which files to | ||
850 | download. The meta-data and the keywords are optional and | ||
851 | maybe inferred using @code{GNU libextractor}. | ||
852 | |||
853 | gnunet-publish has a few additional options to handle namespaces and | ||
854 | directories. See the man-page for details. | ||
855 | |||
856 | @node Indexing vs. Inserting | ||
857 | @subsubsection Indexing vs Inserting | ||
858 | @c %**end of header | ||
859 | |||
860 | By default, GNUnet indexes a file instead of making a full copy. | ||
861 | This is much more efficient, but requries the file to stay unaltered | ||
862 | at the location where it was when it was indexed. If you intend to move, | ||
863 | delete or alter a file, consider using the option @code{-n} which will | ||
864 | force GNUnet to make a copy of the file in the database. | ||
865 | |||
866 | Since it is much less efficient, this is strongly discouraged for large | ||
867 | files. When GNUnet indexes a file (default), GNUnet does @strong{not} | ||
868 | create an additional encrypted copy of the file but just computes a | ||
869 | summary (or index) of the file. That summary is approximately two percent | ||
870 | of the size of the original file and is stored in GNUnet's database. | ||
871 | Whenever a request for a part of an indexed file reaches GNUnet, | ||
872 | this part is encrypted on-demand and send out. This way, there is no | ||
873 | need for an additional encrypted copy of the file to stay anywhere | ||
874 | on the drive. This is different from other systems, such as Freenet, | ||
875 | where each file that is put online must be in Freenet's database in | ||
876 | encrypted format, doubling the space requirements if the user wants | ||
877 | to preseve a directly accessible copy in plaintext. | ||
878 | |||
879 | Thus indexing should be used for all files where the user will keep | ||
880 | using this file (at the location given to gnunet-publish) and does | ||
881 | not want to retrieve it back from GNUnet each time. If you want to | ||
882 | remove a file that you have indexed from the local peer, use the tool | ||
883 | @command{gnunet-unindex} to un-index the file. | ||
884 | |||
885 | The option @code{-n} may be used if the user fears that the file might | ||
886 | be found on their drive (assuming the computer comes under the control | ||
887 | of an adversary). When used with the @code{-n} flag, the user has a | ||
888 | much better chance of denying knowledge of the existence of the file, | ||
889 | even if it is still (encrypted) on the drive and the adversary is | ||
890 | able to crack the encryption (e.g. by guessing the keyword. | ||
891 | |||
892 | @node fs-Concepts | ||
893 | @subsection Concepts | ||
920 | @c %**end of header | 894 | @c %**end of header |
921 | 895 | ||
922 | Sharing files in GNUnet is not quite as simple as in traditional | 896 | Sharing files in GNUnet is not quite as simple as in traditional |
@@ -1072,184 +1046,9 @@ replication level into the network, and then decrement the replication | |||
1072 | level by one. If all blocks reach replication level zero, the | 1046 | level by one. If all blocks reach replication level zero, the |
1073 | selection is simply random. | 1047 | selection is simply random. |
1074 | 1048 | ||
1075 | @node File-sharing Publishing | ||
1076 | @subsection File-sharing Publishing | ||
1077 | @c %**end of header | ||
1078 | |||
1079 | The command @command{gnunet-publish} can be used to add content | ||
1080 | to the network. The basic format of the command is | ||
1081 | |||
1082 | @example | ||
1083 | $ gnunet-publish [-n] [-k KEYWORDS]* [-m TYPE:VALUE] FILENAME | ||
1084 | @end example | ||
1085 | |||
1086 | |||
1087 | @menu | ||
1088 | * Important command-line options:: | ||
1089 | * Indexing vs. Inserting:: | ||
1090 | @end menu | ||
1091 | |||
1092 | @node Important command-line options | ||
1093 | @subsubsection Important command-line options | ||
1094 | @c %**end of header | ||
1095 | |||
1096 | The option @code{-k} is used to specify keywords for the file that | ||
1097 | should be inserted. You can supply any number of keywords, | ||
1098 | and each of the keywords will be sufficient to locate and | ||
1099 | retrieve the file. Please note that you must use the @code{-k} option | ||
1100 | more than once -- one for each expression you use as a keyword for | ||
1101 | the filename. | ||
1102 | |||
1103 | The -m option is used to specify meta-data, such as descriptions. | ||
1104 | You can use -m multiple times. The TYPE passed must be from the | ||
1105 | list of meta-data types known to libextractor. You can obtain this | ||
1106 | list by running @command{extract -L}. Use quotes around the entire | ||
1107 | meta-data argument if the value contains spaces. The meta-data | ||
1108 | is displayed to other users when they select which files to | ||
1109 | download. The meta-data and the keywords are optional and | ||
1110 | maybe inferred using @code{GNU libextractor}. | ||
1111 | |||
1112 | gnunet-publish has a few additional options to handle namespaces and | ||
1113 | directories. See the man-page for details. | ||
1114 | |||
1115 | @node Indexing vs. Inserting | ||
1116 | @subsubsection Indexing vs Inserting | ||
1117 | @c %**end of header | ||
1118 | |||
1119 | By default, GNUnet indexes a file instead of making a full copy. | ||
1120 | This is much more efficient, but requries the file to stay unaltered | ||
1121 | at the location where it was when it was indexed. If you intend to move, | ||
1122 | delete or alter a file, consider using the option @code{-n} which will | ||
1123 | force GNUnet to make a copy of the file in the database. | ||
1124 | |||
1125 | Since it is much less efficient, this is strongly discouraged for large | ||
1126 | files. When GNUnet indexes a file (default), GNUnet does @strong{not} | ||
1127 | create an additional encrypted copy of the file but just computes a | ||
1128 | summary (or index) of the file. That summary is approximately two percent | ||
1129 | of the size of the original file and is stored in GNUnet's database. | ||
1130 | Whenever a request for a part of an indexed file reaches GNUnet, | ||
1131 | this part is encrypted on-demand and send out. This way, there is no | ||
1132 | need for an additional encrypted copy of the file to stay anywhere | ||
1133 | on the drive. This is different from other systems, such as Freenet, | ||
1134 | where each file that is put online must be in Freenet's database in | ||
1135 | encrypted format, doubling the space requirements if the user wants | ||
1136 | to preseve a directly accessible copy in plaintext. | ||
1137 | |||
1138 | Thus indexing should be used for all files where the user will keep | ||
1139 | using this file (at the location given to gnunet-publish) and does | ||
1140 | not want to retrieve it back from GNUnet each time. If you want to | ||
1141 | remove a file that you have indexed from the local peer, use the tool | ||
1142 | @command{gnunet-unindex} to un-index the file. | ||
1143 | 1049 | ||
1144 | The option @code{-n} may be used if the user fears that the file might | 1050 | @node fs-Directories |
1145 | be found on their drive (assuming the computer comes under the control | 1051 | @subsection Directories |
1146 | of an adversary). When used with the @code{-n} flag, the user has a | ||
1147 | much better chance of denying knowledge of the existence of the file, | ||
1148 | even if it is still (encrypted) on the drive and the adversary is | ||
1149 | able to crack the encryption (e.g. by guessing the keyword. | ||
1150 | |||
1151 | @node File-sharing Searching | ||
1152 | @subsection File-sharing Searching | ||
1153 | @c %**end of header | ||
1154 | |||
1155 | The command @command{gnunet-search} can be used to search | ||
1156 | for content on GNUnet. The format is: | ||
1157 | |||
1158 | @example | ||
1159 | $ gnunet-search [-t TIMEOUT] KEYWORD | ||
1160 | @end example | ||
1161 | |||
1162 | @noindent | ||
1163 | The -t option specifies that the query should timeout after | ||
1164 | approximately TIMEOUT seconds. A value of zero is interpreted | ||
1165 | as @emph{no timeout}, which is also the default. In this case, | ||
1166 | gnunet-search will never terminate (unless you press CTRL-C). | ||
1167 | |||
1168 | If multiple words are passed as keywords, they will all be | ||
1169 | considered optional. Prefix keywords with a "+" to make them mandatory. | ||
1170 | |||
1171 | Note that searching using | ||
1172 | |||
1173 | @example | ||
1174 | $ gnunet-search Das Kapital | ||
1175 | @end example | ||
1176 | |||
1177 | @noindent | ||
1178 | is not the same as searching for | ||
1179 | |||
1180 | @example | ||
1181 | $ gnunet-search "Das Kapital" | ||
1182 | @end example | ||
1183 | |||
1184 | @noindent | ||
1185 | as the first will match files shared under the keywords | ||
1186 | "Das" or "Kapital" whereas the second will match files | ||
1187 | shared under the keyword "Das Kapital". | ||
1188 | |||
1189 | Search results are printed by gnunet-search like this: | ||
1190 | |||
1191 | @c it will be better the avoid the ellipsis altogether because I don't | ||
1192 | @c understand the explanation below that | ||
1193 | @example | ||
1194 | $ gnunet-download -o "COPYING" --- gnunet://fs/chk/N8...C92.17992 | ||
1195 | => The GNU Public License <= (mimetype: text/plain) | ||
1196 | @end example | ||
1197 | |||
1198 | @noindent | ||
1199 | The first line is the command you would have to enter to download | ||
1200 | the file. The argument passed to @code{-o} is the suggested | ||
1201 | filename (you may change it to whatever you like). | ||
1202 | @c except it's triple dash in the above example --- | ||
1203 | The @code{--} is followed by key for decrypting the file, | ||
1204 | the query for searching the file, a checksum (in hexadecimal) | ||
1205 | finally the size of the file in bytes. | ||
1206 | The second line contains the description of the file; here this is | ||
1207 | "The GNU Public License" and the mime-type (see the options for | ||
1208 | gnunet-publish on how to specify these). | ||
1209 | |||
1210 | @node File-sharing Downloading | ||
1211 | @subsection File-sharing Downloading | ||
1212 | @c %**end of header | ||
1213 | |||
1214 | In order to download a file, you need the three values returned by | ||
1215 | @command{gnunet-search}. | ||
1216 | You can then use the tool @command{gnunet-download} to obtain the file: | ||
1217 | |||
1218 | @example | ||
1219 | $ gnunet-download -o FILENAME --- GNUNETURL | ||
1220 | @end example | ||
1221 | |||
1222 | @noindent | ||
1223 | FILENAME specifies the name of the file where GNUnet is supposed | ||
1224 | to write the result. Existing files are overwritten. If the | ||
1225 | existing file contains blocks that are identical to the | ||
1226 | desired download, those blocks will not be downloaded again | ||
1227 | (automatic resume). | ||
1228 | |||
1229 | If you want to download the GPL from the previous example, | ||
1230 | you do the following: | ||
1231 | |||
1232 | @example | ||
1233 | $ gnunet-download -o "COPYING" --- gnunet://fs/chk/N8...92.17992 | ||
1234 | @end example | ||
1235 | |||
1236 | @noindent | ||
1237 | If you ever have to abort a download, you can continue it at any time by | ||
1238 | re-issuing @command{gnunet-download} with the same filename. | ||
1239 | In that case, GNUnet will @strong{not} download blocks again that are | ||
1240 | already present. | ||
1241 | |||
1242 | GNUnet's file-encoding mechanism will ensure file integrity, even if the | ||
1243 | existing file was not downloaded from GNUnet in the first place. | ||
1244 | |||
1245 | You may want to use the @command{-V} switch (must be added before | ||
1246 | @c Same as above it's triple dash | ||
1247 | the @command{--}) to turn on verbose reporting. In this case, | ||
1248 | @command{gnunet-download} will print the current number of | ||
1249 | bytes downloaded whenever new data was received. | ||
1250 | |||
1251 | @node File-sharing Directories | ||
1252 | @subsection File-sharing Directories | ||
1253 | @c %**end of header | 1052 | @c %**end of header |
1254 | 1053 | ||
1255 | Directories are shared just like ordinary files. If you download a | 1054 | Directories are shared just like ordinary files. If you download a |
@@ -1264,8 +1063,8 @@ typically includes the mime-type, description, a filename and | |||
1264 | other meta information, and possibly even the full original file | 1063 | other meta information, and possibly even the full original file |
1265 | (if it was small). | 1064 | (if it was small). |
1266 | 1065 | ||
1267 | @node File-sharing Namespace Management | 1066 | @node Namespace Management |
1268 | @subsection File-sharing Namespace Management | 1067 | @subsection Namespace Management |
1269 | @c %**end of header | 1068 | @c %**end of header |
1270 | 1069 | ||
1271 | @b{Please note that the text in this subsection is outdated and needs} | 1070 | @b{Please note that the text in this subsection is outdated and needs} |
@@ -1436,6 +1235,135 @@ chosen keyword (or password!). A commonly used identifier is | |||
1436 | "root" which by convention refers to some kind of index or other | 1235 | "root" which by convention refers to some kind of index or other |
1437 | entry point into the namespace. | 1236 | entry point into the namespace. |
1438 | 1237 | ||
1238 | @node GTK User Interface | ||
1239 | @subsection GTK User Interface | ||
1240 | This chapter describes first steps for file-sharing with GNUnet. | ||
1241 | To start, you should launch @command{gnunet-fs-gtk}. | ||
1242 | |||
1243 | As we want to be sure that the network contains the data that we are | ||
1244 | looking for for testing, we need to begin by publishing a file. | ||
1245 | |||
1246 | @menu | ||
1247 | * gtk-Publishing:: | ||
1248 | * gtk-Searching:: | ||
1249 | * gtk-Downloading:: | ||
1250 | @end menu | ||
1251 | |||
1252 | @node gtk-Publishing | ||
1253 | @subsubsection Publishing | ||
1254 | @c %**end of header | ||
1255 | |||
1256 | To publish a file, select "File Sharing" in the menu bar just below the | ||
1257 | "Statistics" icon, and then select "Publish" from the menu. | ||
1258 | |||
1259 | Afterwards, the following publishing dialog will appear: | ||
1260 | |||
1261 | @c Add image here | ||
1262 | |||
1263 | In this dialog, select the "Add File" button. This will open a | ||
1264 | file selection dialog: | ||
1265 | |||
1266 | @c Add image here | ||
1267 | |||
1268 | Now, you should select a file from your computer to be published on | ||
1269 | GNUnet. To see more of GNUnet's features later, you should pick a | ||
1270 | PNG or JPEG file this time. You can leave all of the other options | ||
1271 | in the dialog unchanged. Confirm your selection by pressing the "OK" | ||
1272 | button in the bottom right corner. Now, you will briefly see a | ||
1273 | "Messages..." dialog pop up, but most likely it will be too short for | ||
1274 | you to really read anything. That dialog is showing you progress | ||
1275 | information as GNUnet takes a first look at the selected file(s). | ||
1276 | For a normal image, this is virtually instant, but if you later | ||
1277 | import a larger directory you might be interested in the progress dialog | ||
1278 | and potential errors that might be encountered during processing. | ||
1279 | After the progress dialog automatically disappears, your file | ||
1280 | should now appear in the publishing dialog: | ||
1281 | |||
1282 | @c Add image here | ||
1283 | |||
1284 | Now, select the file (by clicking on the file name) and then click | ||
1285 | the "Edit" button. This will open the editing dialog: | ||
1286 | |||
1287 | @c Add image here | ||
1288 | |||
1289 | In this dialog, you can see many details about your file. In the | ||
1290 | top left area, you can see meta data extracted about the file, | ||
1291 | such as the original filename, the mimetype and the size of the image. | ||
1292 | In the top right, you should see a preview for the image | ||
1293 | (if GNU libextractor was installed correctly with the | ||
1294 | respective plugins). Note that if you do not see a preview, this | ||
1295 | is not a disaster, but you might still want to install more of | ||
1296 | GNU libextractor in the future. In the bottom left, the dialog contains | ||
1297 | a list of keywords. These are the keywords under which the file will be | ||
1298 | made available. The initial list will be based on the extracted meta data. | ||
1299 | Additional publishing options are in the right bottom corner. We will | ||
1300 | now add an additional keyword to the list of keywords. This is done by | ||
1301 | entering the keyword above the keyword list between the label "Keyword" | ||
1302 | and the "Add keyword" button. Enter "test" and select "Add keyword". | ||
1303 | Note that the keyword will appear at the bottom of the existing keyword | ||
1304 | list, so you might have to scroll down to see it. Afterwards, push the | ||
1305 | "OK" button at the bottom right of the dialog. | ||
1306 | |||
1307 | You should now be back at the "Publish content on GNUnet" dialog. Select | ||
1308 | "Execute" in the bottom right to close the dialog and publish your file | ||
1309 | on GNUnet! Afterwards, you should see the main dialog with a new area | ||
1310 | showing the list of published files (or ongoing publishing operations | ||
1311 | with progress indicators): | ||
1312 | |||
1313 | @c Add image here | ||
1314 | |||
1315 | @node gtk-Searching | ||
1316 | @subsubsection Searching | ||
1317 | @c %**end of header | ||
1318 | |||
1319 | Below the menu bar, there are four entry widges labeled "Namespace", | ||
1320 | "Keywords", "Anonymity" and "Mime-type" (from left to right). These | ||
1321 | widgets are used to control searching for files in GNUnet. Between the | ||
1322 | "Keywords" and "Anonymity" widgets, there is also a big "Search" button, | ||
1323 | which is used to initiate the search. We will ignore the "Namespace", | ||
1324 | "Anonymity" and "Mime-type" options in this tutorial, please leave them | ||
1325 | empty. Instead, simply enter "test" under "Keywords" and press "Search". | ||
1326 | Afterwards, you should immediately see a new tab labeled after your | ||
1327 | search term, followed by the (current) number of search | ||
1328 | results --- "(15)" in our screenshot. Note that your results may | ||
1329 | vary depending on what other users may have shared and how your | ||
1330 | peer is connected. | ||
1331 | |||
1332 | You can now select one of the search results. Once you do this, | ||
1333 | additional information about the result should be displayed on the | ||
1334 | right. If available, a preview image should appear on the top right. | ||
1335 | Meta data describing the file will be listed at the bottom right. | ||
1336 | |||
1337 | Once a file is selected, at the bottom of the search result list | ||
1338 | a little area for downloading appears. | ||
1339 | |||
1340 | @node gtk-Downloading | ||
1341 | @subsubsection Downloading | ||
1342 | @c %**end of header | ||
1343 | |||
1344 | In the downloading area, you can select the target directory (default is | ||
1345 | "Downloads") and specify the desired filename (by default the filename it | ||
1346 | taken from the meta data of the published file). Additionally, you can | ||
1347 | specify if the download should be anonynmous and (for directories) if | ||
1348 | the download should be recursive. In most cases, you can simply start | ||
1349 | the download with the "Download!" button. | ||
1350 | |||
1351 | Once you selected download, the progress of the download will be | ||
1352 | displayed with the search result. You may need to resize the result | ||
1353 | list or scroll to the right. The "Status" column shows the current | ||
1354 | status of the download, and "Progress" how much has been completed. | ||
1355 | When you close the search tab (by clicking on the "X" button next to | ||
1356 | the "test" label), ongoing and completed downloads are not aborted | ||
1357 | but moved to a special "*" tab. | ||
1358 | |||
1359 | You can remove completed downloads from the "*" tab by clicking the | ||
1360 | cleanup button next to the "*". You can also abort downloads by right | ||
1361 | clicking on the respective download and selecting "Abort download" | ||
1362 | from the menu. | ||
1363 | |||
1364 | That's it, you now know the basics for file-sharing with GNUnet! | ||
1365 | |||
1366 | |||
1439 | @node The GNU Name System | 1367 | @node The GNU Name System |
1440 | @section The GNU Name System | 1368 | @section The GNU Name System |
1441 | @c %**end of header | 1369 | @c %**end of header |
@@ -2032,8 +1960,8 @@ that will terminate at the respective peer's service. | |||
2032 | 1960 | ||
2033 | @c NOTE: Inserted from Installation Handbook in original ``order'': | 1961 | @c NOTE: Inserted from Installation Handbook in original ``order'': |
2034 | @c FIXME: Move this to User Handbook. | 1962 | @c FIXME: Move this to User Handbook. |
2035 | @node The graphical configuration interface | 1963 | @node MOVE TO INSTALL The graphical configuration interface |
2036 | @section The graphical configuration interface | 1964 | @section MOVE TO INSTALL The graphical configuration interface |
2037 | 1965 | ||
2038 | If you also would like to use @command{gnunet-gtk} and | 1966 | If you also would like to use @command{gnunet-gtk} and |
2039 | @command{gnunet-setup} (highly recommended for beginners), do: | 1967 | @command{gnunet-setup} (highly recommended for beginners), do: |
@@ -2264,7 +2192,7 @@ the configuration: | |||
2264 | 2192 | ||
2265 | If you operate a peer permanently connected to GNUnet you can configure | 2193 | If you operate a peer permanently connected to GNUnet you can configure |
2266 | your peer to act as a hostlist server, providing other peers the list of | 2194 | your peer to act as a hostlist server, providing other peers the list of |
2267 | peers known to it. | 2195 | peers known to him. |
2268 | 2196 | ||
2269 | Your server can act as a bootstrap server and peers needing to obtain a | 2197 | Your server can act as a bootstrap server and peers needing to obtain a |
2270 | list of peers can contact it to download this list. | 2198 | list of peers can contact it to download this list. |
@@ -2883,7 +2811,7 @@ iwconfig wlan0 channel 1 | |||
2883 | @subsection Configuring HTTP(S) reverse proxy functionality using Apache or nginx | 2811 | @subsection Configuring HTTP(S) reverse proxy functionality using Apache or nginx |
2884 | 2812 | ||
2885 | The HTTP plugin supports data transfer using reverse proxies. A reverse | 2813 | The HTTP plugin supports data transfer using reverse proxies. A reverse |
2886 | proxy forwards the HTTP request it receives with a certain URL to another | 2814 | proxy forwards the HTTP request he receives with a certain URL to another |
2887 | webserver, here a GNUnet peer. | 2815 | webserver, here a GNUnet peer. |
2888 | 2816 | ||
2889 | So if you have a running Apache or nginx webserver you can configure it to | 2817 | So if you have a running Apache or nginx webserver you can configure it to |
@@ -3619,8 +3547,91 @@ desktop-user to "sudo" (i.e. using gtksudo) to the "gnunet" user account | |||
3619 | and then runs "gnunet-arm -e", "gnunet-setup" and "gnunet-arm -s" in | 3547 | and then runs "gnunet-arm -e", "gnunet-setup" and "gnunet-arm -s" in |
3620 | sequence. | 3548 | sequence. |
3621 | 3549 | ||
3622 | @node How to start and stop a GNUnet peer | 3550 | @node MOVE TO INSTALL Checking the Installation |
3623 | @section How to start and stop a GNUnet peer | 3551 | @section MOVE TO INSTALL Checking the Installation |
3552 | @c %**end of header | ||
3553 | |||
3554 | This section describes a quick, casual way to check if your GNUnet | ||
3555 | installation works. However, if it does not, we do not cover | ||
3556 | steps for recovery --- for this, please study the instructions | ||
3557 | provided in the developer handbook as well as the system-specific | ||
3558 | instruction in the source code repository@footnote{The system specific instructions are not provided as part of this handbook!}. | ||
3559 | |||
3560 | |||
3561 | @menu | ||
3562 | * gnunet-gtk:: | ||
3563 | * Statistics:: | ||
3564 | * Peer Information:: | ||
3565 | @end menu | ||
3566 | |||
3567 | @cindex GNUnet GTK | ||
3568 | @cindex GTK | ||
3569 | @cindex GTK user interface | ||
3570 | @node gnunet-gtk | ||
3571 | @subsection gnunet-gtk | ||
3572 | @c %**end of header | ||
3573 | |||
3574 | The @command{gnunet-gtk} package contains several graphical | ||
3575 | user interfaces for the respective GNUnet applications. | ||
3576 | Currently these interfaces cover: | ||
3577 | |||
3578 | @itemize @bullet | ||
3579 | @item Statistics | ||
3580 | @item Peer Information | ||
3581 | @item GNU Name System | ||
3582 | @item File Sharing | ||
3583 | @item Identity Management | ||
3584 | @item Conversation | ||
3585 | @end itemize | ||
3586 | |||
3587 | @node Statistics | ||
3588 | @subsection Statistics | ||
3589 | @c %**end of header | ||
3590 | |||
3591 | First, you should launch GNUnet gtk@footnote{Obviously you should also start gnunet, via gnunet-arm or the system provided method}. | ||
3592 | You can do this from the command-line by typing | ||
3593 | |||
3594 | @example | ||
3595 | gnunet-statistics-gtk | ||
3596 | @end example | ||
3597 | |||
3598 | If your peer@footnote{The term ``peer'' is a common word used in federated and distributed networks to describe a participating device which is connected to the network. Thus, your Personal Computer or whatever it is you are looking at the Gtk+ interface describes a ``Peer'' or a ``Node''.} | ||
3599 | is running correctly, you should see a bunch of lines, | ||
3600 | all of which should be ``significantly'' above zero (at least if your | ||
3601 | peer has been running for more than a few seconds). The lines indicate | ||
3602 | how many other peers your peer is connected to (via different | ||
3603 | mechanisms) and how large the entire overlay network is currently | ||
3604 | estimated to be. The X-axis represents time (in seconds since the | ||
3605 | start of @command{gnunet-gtk}). | ||
3606 | |||
3607 | You can click on "Traffic" to see information about the amount of | ||
3608 | bandwidth your peer has consumed, and on "Storage" to check the amount | ||
3609 | of storage available and used by your peer. Note that "Traffic" is | ||
3610 | plotted cummulatively, so you should see a strict upwards trend in the | ||
3611 | traffic. | ||
3612 | |||
3613 | @node Peer Information | ||
3614 | @subsection Peer Information | ||
3615 | @c %**end of header | ||
3616 | |||
3617 | First, you should launch the graphical user interface. You can do | ||
3618 | this from the command-line by typing | ||
3619 | |||
3620 | @example | ||
3621 | $ gnunet-peerinfo-gtk | ||
3622 | @end example | ||
3623 | |||
3624 | Once you have done this, you will see a list of known peers (by the | ||
3625 | first four characters of their public key), their friend status (all | ||
3626 | should be marked as not-friends initially), their connectivity (green | ||
3627 | is connected, red is disconnected), assigned bandwidth, country of | ||
3628 | origin (if determined) and address information. If hardly any peers | ||
3629 | are listed and/or if there are very few peers with a green light for | ||
3630 | connectivity, there is likely a problem with your network | ||
3631 | configuration. | ||
3632 | |||
3633 | @node MOVE TO INSTALL Config Leftovers | ||
3634 | @section MOVE TO INSTALL Config Leftovers | ||
3624 | 3635 | ||
3625 | This section describes how to start a GNUnet peer. It assumes that you | 3636 | This section describes how to start a GNUnet peer. It assumes that you |
3626 | have already compiled and installed GNUnet and its' dependencies. | 3637 | have already compiled and installed GNUnet and its' dependencies. |
@@ -3949,3 +3960,4 @@ Furthermore, 'make install' will silently fail to set the DNS binaries to | |||
3949 | be owned by group "gnunetdns" unless that group already exists (!). | 3960 | be owned by group "gnunetdns" unless that group already exists (!). |
3950 | An alternative name for the "gnunetdns" group can be specified using the | 3961 | An alternative name for the "gnunetdns" group can be specified using the |
3951 | @code{--with-gnunetdns=GRPNAME} configure option. | 3962 | @code{--with-gnunetdns=GRPNAME} configure option. |
3963 | |||
diff --git a/doc/documentation/gnunet.texi b/doc/documentation/gnunet.texi index 0d539a9d7..5ba6f6b15 100644 --- a/doc/documentation/gnunet.texi +++ b/doc/documentation/gnunet.texi | |||
@@ -82,6 +82,7 @@ This document is the Reference Manual for GNUnet version @value{VERSION}. | |||
82 | 82 | ||
83 | * Preface:: Chapter 0 | 83 | * Preface:: Chapter 0 |
84 | * Philosophy:: About GNUnet | 84 | * Philosophy:: About GNUnet |
85 | * Key Concepts:: Key concepts of GNUnet | ||
85 | @c * Vocabulary:: Vocabulary | 86 | @c * Vocabulary:: Vocabulary |
86 | * Installing GNUnet:: Installing GNUnet | 87 | * Installing GNUnet:: Installing GNUnet |
87 | * Using GNUnet:: Using GNUnet | 88 | * Using GNUnet:: Using GNUnet |
@@ -105,11 +106,12 @@ Preface | |||
105 | 106 | ||
106 | Philosophy | 107 | Philosophy |
107 | 108 | ||
108 | * Design Goals:: | 109 | * Design Principles:: |
109 | * Security and Privacy:: | 110 | * Privacy and Anonymity:: |
110 | * Versatility:: | 111 | * Practicality:: |
111 | * Practicality:: | 112 | |
112 | * Key Concepts:: | 113 | Key Concepts |
114 | |||
113 | * Authentication:: | 115 | * Authentication:: |
114 | * Accounting to Encourage Resource Sharing:: | 116 | * Accounting to Encourage Resource Sharing:: |
115 | * Confidentiality:: | 117 | * Confidentiality:: |
@@ -125,16 +127,16 @@ Installing GNUnet | |||
125 | 127 | ||
126 | Using GNUnet | 128 | Using GNUnet |
127 | 129 | ||
128 | * Checking the Installation:: | 130 | * Start and stop GNUnet:: |
129 | * First steps - File-sharing:: | ||
130 | * First steps - Using the GNU Name System:: | 131 | * First steps - Using the GNU Name System:: |
131 | * First steps - Using GNUnet Conversation:: | 132 | * First steps - Using GNUnet Conversation:: |
132 | * First steps - Using the GNUnet VPN:: | 133 | * First steps - Using the GNUnet VPN:: |
133 | * File-sharing:: | 134 | * File-sharing:: |
134 | * The GNU Name System:: | 135 | * The GNU Name System:: |
135 | * Using the Virtual Public Network:: | 136 | * Using the Virtual Public Network:: |
136 | * The graphical configuration interface:: | 137 | * MOVE TO INSTALL The graphical configuration interface:: |
137 | * How to start and stop a GNUnet peer:: | 138 | * MOVE TO INSTALL Checking the Installation:: |
139 | * MOVE TO INSTALL Config Leftovers:: | ||
138 | 140 | ||
139 | GNUnet Contributors Handbook | 141 | GNUnet Contributors Handbook |
140 | 142 | ||
@@ -196,6 +198,10 @@ GNUnet Developer Handbook | |||
196 | @c ********************************************************************* | 198 | @c ********************************************************************* |
197 | 199 | ||
198 | @c ********************************************************************* | 200 | @c ********************************************************************* |
201 | @include chapters/keyconcepts.texi | ||
202 | @c ********************************************************************* | ||
203 | |||
204 | @c ********************************************************************* | ||
199 | @include chapters/installation.texi | 205 | @include chapters/installation.texi |
200 | @c ********************************************************************* | 206 | @c ********************************************************************* |
201 | 207 | ||