Introduction

Installation

For hosting a keybear instance we assume you are using a Debian derived OS (Debian, Ubuntu, Mint, etc.).

Building a debian package

Prerequisites

A Rust installation is required for this step. Installation instructions can be found here: rustup.rs

Install the cargo deb prequisite for building a .deb package:

cargo install cargo-deb

We also need to clone our repository somewhere:

git clone https://github.com/keybear/keybear && cd keybear

Build

Build the installation package:

cargo deb

This will produce a .deb package in the target/debian folder.

Install the package

Install the package:

sudo dpkg -i target/debian/keybear*.deb

Installing the package should start the systemd service, ensure it’s running without any errors:

sudo systemctl status keybear.service

Configure Tor

Let Tor load our configuration for the onion service, add the following line to /etc/tor/torrc:

%include /etc/keybear/torrc

echo "%include /etc/keybear/torrc" | sudo tee -a /etc/tor/torrc

Restart the Tor service to enable the hidden service:

sudo systemctl restart tor.service

From source (advanced)

Cargo

Install the keybear binary:

cargo install keybear

Create a symbolic link in /usr/local/bin:

ln -s $HOME/.cargo/bin/keybear /usr/local/bin/keybear

Installing it manually using Cargo

Prerequisites

A Rust installation is required for this step. Installation instructions can be found here: rustup.rs

Cargo

Install the package using Cargo:

git clone https://github.com/keybear/keybear.git
cd keybear
cargo install

Tor

Install Tor:

sudo apt install tor

Configure a hidden Tor onion service, add the following lines to /etc/tor/torrc:

HiddenServiceDir /var/lib/tor/keybear
HiddenServicePort 5219 127.0.0.1:52477

printf "HiddenServiceDir /var/lib/tor/keybear\nHiddenServicePort 5219 127.0.0.1:52477" | sudo tee -a /etc/tor/torrc

Restart Tor:

sudo systemctl restart tor.service

Systemd

Copy the service file to /usr/lib/systemd/system:

sudo cp keybear.service /usr/lib/systemd/system/

Tell systemd to look for the new service file, to start it everytime we boot and to start it now:

sudo systemctl daemon-reload
sudo systemctl enable keybear.service
sudo systemctl start keybear.service

Verify that the service is running:

sudo systemctl status keybear.service

Cryptography

Whenever a device is registered public X25519 keys are exchanged between the server and the client. All communication from this point on is encrypted with the ChaCha20Poly1305 cipher using a generated X25519 shared key as the ChaCha20 key.