Table of Content

Overview

Installation

   Quick guide
   Configure your mail server
      Postfix
      Exim4
   Configure your browsers

Metadata & Traffic Analysis

   Protect metadata
   Stop traffic analysis

Key Management

   How key exchange works
   Verify key
   Import key
   Export key

Messages

   Verify arrived privately
   Check if sent privately

Web

Administration

   Mail Options
   Contacts
   Users
   Keyservers
   Backups

Security

Trouble Shooting

Security

Your GoodCrypto private server reduces the vectors of attack by limiting the software installed on the server to the bare minimum. For example, the server does not include ssh and includes a firewall to restrict access.

Your primary concern should be securing the computer running GoodCrypto and keeping up-to-date with security releases.

The most secure way to operate GoodCrypto is on a headless machine. Regardless where you've installed your server it should be behind a well secured network firewall and with limited physical access.

Keeping all security software current is essential so you're not exposed to vulnerabilities.

Other suggestions...

  • You should not add any other software to your server
  • If you're running GoodCrypto in a VM, then don't have any other software running on the computer.
  • Change the Mail | Options on your GoodCrypto server's so users must sign in to verify fingerprints and export keys. This will reduce unauthorized users from figuring out your group's contacts.
You might also want to require a new key be verified before it can be used by changing the Mail | Options on your GoodCrypto server's. A disadvantage might be that it's more hassle for users before they can communicate privately.

 
 
 
 
© 2014-2017 GoodCrypto