7/19/24, 12:21 AM RetroShare - Whonix

Whonix®
Download About Docs Community Support
Donate
Want to help us grow?

RetroShare


1

Contents

collapse ↑
Introduction

Installation

Setup

Configuration
I2P

Tor

Footnotes

Introduction

RetroShare (https://retroshare.cc/index.html) is not an anonymizing network (https://en.wikipedia.o

rg/wiki/Anonymous_proxy) , it is a friend-to-friend (https://en.wikipedia.org/wiki/Friend-to-friend)
(F2F) network, or optionally a darknet (https://en.wikipedia.org/wiki/Darknet) . RetroShare has a very
different audience and threat model.

RetroShare is in active development. Users can operate servers for themselves, but the architecture
doesn't depend on them. Communications are encrypted end-to-end and provide for messaging, mail,
forums, pubsub, file exchange and even telephony. The problems with RetroShare are the confused
user interface, the necessity to have it run most of the time and contribute to the distributed hashtable
(DHT, causing continuous CPU usage) and three relevant privacy aspects: You expose your social graph
to a global passive adversary because friends connect to friends directly. Your public IP is available in
the DHT, allowing to track your physical locations. And your visible user name is exposed in the TLS
certificate when somebody connects to your RetroShare node.
By using our
Several website,
of these you acknowledge
problems thatby
can be solved youdisabling
have read,
theunderstood and
built-in DHT MoreRetroShare
and hiding information
behind
OKa
agreed to our
Tor onion Privacy
service. Policy,who
People Cookie
scanPolicy, Termsservices
Tor onion of Service,
willand E-Signstill be able to connect the service
however
and see the RetroShare user name in the self-signed certificate. This can be prevented by setting up
Consent.
https://www.whonix.org/wiki/RetroShare 1/7
7/19/24, 12:21 AM RetroShare - Whonix

Authenticated Onion
® Services and
Download limiting
About connectionsSupport
Docs Community only to trusted people.
Whonix Donate
On November 4, 2014, RetroShare scored 6 out of 7 points on the Electronic Frontier Foundation's
secure messaging scorecard. It lost a point because there has not been an independent code audit. [1]
A recent audit by the pen-testing group Elttam uncovered many bugs in the code (some remotely
exploitable) that were promptly fixed. The auditor's opinion was that RetroShare's codebase lacked
secure coding practice. [2]

Running RetroShare through Tor enables you, to do things, which are normally potentially dangerous,
such as adding random people (from a forum), while staying anonymous. (For example, to join a
RetroShare forum.) This is not a recommendation, just stating a possibility.

After adding tons of random "friends" from a public forum, connection to a very few people over TCP. [3]
[4] Approximately only 5% were online. Although probably only a very small portion of the network could
be seen, the content of the network looked pretty interesting.

RetroShare reports Right click → DHT Details: NET WARNING No DHT; Behind NAT UNKNOWN NAT
STATE MANUAL FORWARD

There still may be some privacy caveats left with RetroShare trying to communicate outside of Tor, but
that doesn't matter if Whonix makes any non-Tor traffic impossible.

Installation
WARNING: RetroShare packages are signed with weak (https://github.com/RetroShare/RetroShare/iss
ues/355) 1024 bit keys. Until this is fixed we recommend using Ricochet IM with OnionShare
instead.

Security warning: Adding a third party repository and/or installing third-party software
allows the vendor to replace any software on your system. Including but not limited to the
installation of malware, deleting files and data harvesting. Proceed at your own risk! See
also Foreign Sources for further information. For greater safety, users adding third party
repositories should always use Multiple Whonix-Workstation™ to compartmentalize VMs
with additional software.

Documentation in the Whonix wiki provides guidance on adding third-party software from
different upstream repositories. This is especially useful as upstream often includes generic
instructions for various Linux distributions, which may be complex for users to follow.
Additionally, documentation Whonix usually has a higher focus on security, digital software
signatures verification.
The instructions provided here serve as a "translation layer" from upstream documentation
to Whonix, offering assistance in most scenarios. Nevertheless, it's important to
acknowledge that upstream repositories, software may undergo changes over time.
Consequently, the documentation on this wiki might need occasional updates, such as
revised signing key fingerprints, to stay current and accurate.

Please note, this is a general wiki template and may not apply to all upstream
By using our website, you acknowledge that you have read, understood and More information
documentation scenarios.
agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign
Consent.
https://www.whonix.org/wiki/RetroShare 2/7
7/19/24, 12:21 AM RetroShare - Whonix

Users encountering
® Downloadissues,
Aboutsuch
Docsas signing key
Community problems, are advised to adhere to the Self
Support
WhonixSupport First Policy and engage in Generic Bug Reproduction. This involves attempting Donate
to
replicate the issue on Debian bookworm , contacting upstream directly if the issue can be
reproduced as such problems are likely unspecific to Whonix. In most cases, Whonix is not
responsible for, nor capable of resolving, issues stemming from third-party software.

For further information, refer to Introduction, User Expectations - What Documentation Is

and What It Is Not.

Should the user encounter bugs related to third-party software, it is advisable to report
these issues to the respective upstream projects. Additionally, users are encouraged to
share links to upstream bug reports in the Whonix forums and/or make edits to this wiki
page. For instance, if there are outdated links or key fingerprints in need of updating, please
feel free to make the necessary changes. Contributions aimed at maintaining the
currentness and accuracy of information are highly valued. These updates not only improve
the quality of the wiki but also serve as a useful resource for other users.

The Whonix wiki is an open platform where everyone is welcome to contribute

improvements and edits, with or without an account. Edits to this wiki are subject to
moderation, so contributors should not worry about making mistakes. Your edits will be
reviewed before being made public, ensuring the integrity and accuracy of the information
provided.

RetroShare is currently available on Debian 7.0 Wheezy and 6.0 Squeeze for armel, armhf, i386 and
amd64 architectures and for 8.0 Jessie.

Before adding the repo [5], fetch the key and verify [6] fingerprints. Always check the fingerprint for
yourself. The output at the moment is:

pub 1024D/0x9418A47921691F91 2011-08-16 home:AsamK OBS Project <home:[email protected]

Key fingerprint = E2CE 3677 C801 5772 D097 B0AA 9418 A479 2169 1F91

Download key with curl to home folder.



curl -o retroshare-pubkey.asc https://download.opensuse.org/repositories/network:re

Check fingerprints/owners without importing anything.



gpg --keyid-format long --with-fingerprint retroshare-pubkey.asc

If it looks good import into trusted.gpg.d. [7]



sudo apt-key --keyring /etc/apt/trusted.gpg.d/retroshare-pubkey.gpg add retroshare-

For stable builds:



sudo su -c "echo -e 'deb https://download.opensuse.org/repositories/network:/retros

By using our website, you acknowledge that you have read, understood and More information
For nightly builds:
agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign
Consent.
https://www.whonix.org/wiki/RetroShare 3/7
7/19/24, 12:21 AM RetroShare - Whonix

sudo su ® Download About Docs Community Support

Whonix

-c "echo -e 'deb https://download.opensuse.org/repositories/network:/retros
Donate

Update the package lists.



sudo apt update

Install Retroshare.


sudo apt install retroshare06

For the latest nightly package name install retroshare06-git instead.

[8]

Setup
RetroShare setup:

Pick a pseudonym and password. Don't use real name or location obviously. Move your mouse to
generate enough entropy.
Check Advanced Options → Create a hidden node
Change key-length to 4096 bits for adequate security then generate the new profile.

Configuration

I2P

Follow the steps in this guide (https://blog.kalrong.net/en/2016/09/23/retroshare-over-i2p/) to

connect to others over I2P.

Tor

INCOMPLETE - Depends on unimplemented features for Whonix[9] [10]

On your Whonix-Gateway™.
If you want to read an introduction about onion services and to learn about about onion service
security, see Onion Services.

If you also want to run a hidden web server on the same .onion domain (nice for testing and learning
Onion Services basics), see Onion Services.

Open file /usr/local/etc/torrc.d/50_user.conf in a text editor (https://www.kicksecure.com/wiki/

Software#Text_Editor)
By of your choice
using our website, you acknowledge with
that have read, .understood and
you sudoedit More information
agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign
Consent.
https://www.whonix.org/wiki/RetroShare 4/7
7/19/24, 12:21 AM RetroShare - Whonix

If you are using Qubes-Whonix™, complete the following steps.

Whonix®
Download About Docs Community Support
Donate
Qubes App Launcher (blue/grey "Q") → Whonix-Gateway™ ProxyVM (commonly named sys-
whonix) → Tor User Config (Torrc)

If you are using a graphical Whonix-Gateway, complete the following steps.

Start Menu → Applications → Settings → /usr/local/etc/torrc.d/50_user.conf

If you are using a terminal-only Whonix-Gateway, complete the following steps.



sudoedit /usr/local/etc/torrc.d/50_user.conf

Add. [11]


HiddenServiceDir /var/lib/tor/retroshare/
HiddenServicePort 7812 10.152.152.11:<Local Address port>
HiddenServiceVersion 3

Save.

Reload Tor.

After changing Tor configuration, Tor must be reloaded for changes to take effect.

Note: If Tor does not connect after completing all these steps, then a user mistake is the most
likely explanation. Recheck /usr/local/etc/torrc.d/50_user.conf and repeat the steps
outlined in the sections above. If Tor then connects successfully, all the necessary changes have
been made.

If you are using Qubes-Whonix™, complete the following steps.

Qubes App Launcher (blue/grey "Q") → Whonix-Gateway™ ProxyVM (commonly named 'sys-
whonix') → Reload Tor

If you are using a graphical Whonix-Gateway, complete the following steps.

Start Menu → Applications → Settings → Reload Tor

If you are using a terminal-only Whonix-Gateway, click HERE for instructions.

Reminder: To get your onion service url.



sudo cat /var/lib/tor/retroshare/hostname

Reminder: Always backup the onion service key. This is necessary in order to restore it on another
machine, on a newer Whonix-Gateway™, after HDD/SSD failure, etc. Follow the instructions below to
find its location; root permission is required to access it.

/var/lib/tor/retroshare/hs_ed25519_secret_key

By using our website, you acknowledge that you have read, understood and More information
Qubes-Whonix ™
agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign
Consent.
https://www.whonix.org/wiki/RetroShare 5/7
7/19/24, 12:21 AM RetroShare - Whonix

The following
® example shows
Download how
About copy the /var/lib/tor/retroshare/hs_ed25519_secret_key
to Community
Docs Support
Whonix Donate
from the sys-whonix VM to the vault VM (which should be started beforehand) using qvm-copy (h
ttps://www.qubes-os.org/doc/how-to-copy-and-move-files/) . A dialog will appear asking for
the destination VM.


sudo qvm-copy /var/lib/tor/retroshare/hs_ed25519_secret_key

When the dialog appears asking to confirm, select vault. This copies the Tor onion service private
key file to the QubesIncoming folder of the vault VM.


/home/user/QubesIncoming/sys-whonix/hs_ed25519_secret_key

Consider moving the file from the QubesIncoming folder to another preferred location.

Qubes VM Manager can be used to conveniently backup the vault and/or other VMs. Please refer
to the Qubes backups documentation for necessary steps to accomplish that.

Non-Qubes-Whonix

See also:

file manager  Thunar with Administrator Rights

File Transfer

Documentation for this is incomplete. Contributions are happily considered! See this
for potential alternatives.

Footnotes

1. https://www.eff.org/pages/secure-messaging-scorecard
2. https://www.elttam.com/blog/a-review-of-the-eff-secure-messaging-scorecard-pt1/
3. Chance of working better (untested): Tunnel UDP over Tor.
4. Note, in case you are using the previous footnote, Other Anonymizing Networks over Tor UDP Tunnel
applies.
5. https://retroshare.cc/downloads.html
6. https://download.opensuse.org/repositories/network:retroshare/Debian_11/Release.key
7. T o import asc key files into trusted.gpg.d they must be converted into a .gpg keychain file first.
8. RetroShare .deb Packages installation instructions from RetroShare's third party repository (https://ret
roshare.cc/downloads.html)
9. https://github.com/RetroShare/RetroShare/issues/356
10. This task is up for grabs: https://phabricator.whonix.org/T560
By using our website, you acknowledge that you have read, understood and More information
11. Arbitrary choice of port to avoid conflicts with custom RetroShare setups.
agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign
Consent.
https://www.whonix.org/wiki/RetroShare 6/7
7/19/24, 12:21 AM RetroShare - Whonix

Whonix®
Download About Docs Community Support
Donate
Whonix
The most watertight privacy operating system in the world.

 Dark mode

Follow us on social media

FREE · PLUS · PREMIUM Support

At Whonix we value freedom and trust, supporting Open Source and

Freedom Software

By using this website, you acknowledge you have read, understood, and agree to be bound by these
these agreements: Terms of Service, Privacy Policy, Cookie Policy, E-Sign Consent, DMCA, Imprint

2012-2024 ENCRYPTED SUPPORT LP

Retrieved from "https://www.whonix.org/w/index.php?title=RetroShare&oldid=99362"

By using our website, you acknowledge that you have read, understood and More information
agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign
Consent.
https://www.whonix.org/wiki/RetroShare 7/7