NetCipher: Secured Networking

Better TLS and Tor App Integration

This is an Android Library Project that provides multiple means to improve network security in mobile applications. The “Onion” name refers to not only the Onion Routing concept used by Tor (which provides anonymity and resistance to traffic surveillance), but also the idea of multiple layers of security that any application should utilize.

More specifically this library provides:

  1. Stronger Sockets: Through support for the right cipher suites, pinning and more, we ensure your encrypted connections are as strong as possible.
  2. Proxied Connection Support: HTTP and SOCKS proxy connection support for HTTP and HTTP/S traffic through specific configuration of the Apache HTTPClient library
  3. OrbotHelper: a utility class to support application integration with Orbot: Tor for Android. Check if its installed, running, etc.

IT MUST BE NOTED, that you can use this library without using Orbot/Tor, but obviously we think using strong TLS/SSL connections over Tor is just about the best thing in the world.

https://github.com/guardianproject/NetCipher

This library was formerly named OnionKit

Stronger Sockets

Developers can create their own CACert store using the information provided by our CACertMan project:https://github.com/guardianproject/cacert

It can be used in combination with Android Pinning and the MemorizingTrustManager, to support user prompted override for non-validating certificates.

Proxied Connections

Once Orbot connects successfully to the Tor network, it offers two proxy servers running on localhost that applications can route their traffic through.

HTTP Proxy: localhost:8118 SOCKS 4/5 Proxy: localhost:9050

The sample project shows the basics of how to use this library to open sockets and make HTTP requests via the SOCKS and HTTP proxies available from Orbot The standard Apache HTTPClient libraries provide calls to setup proxying. This sample code demonstrates that. All applications using the SOCKS proxy should not resolve their DNS locally, and instead should pass the hostnames through the SOCKS proxy.

Orbot Helper

Provides simple helper to check if Orbot (Tor for Android) is installed, and whether it is currently running or not. Allows your app to request Orbot to start (user is prompted whether to start or not). Finally, it can show a user prompt to install Orbot, either from Google Play, or via direct APK download from torproject.org or the guardianproject.info site.

For apps with on-device servers, it can also assists in requesting a Tor Hidden Service from Orbot, and discovering the assigned .ONION address.

10 thoughts on “NetCipher: Secured Networking

  1. Hello,

    I’m wondering; is this a standalone library or does it depend on Orbot being installed on the enduser’s device?

    Thanks in advance,
    Dirk

  2. Maybe yu have already been asked this but I would like your opinion on video chat apps. I have a friend in Ghana and im in the USA. WHAT do you recommendations. For my challenge. Thank you all for what you do. Abg

  3. Sorry to trouble you people, but I could use your wisdom in this matter: when I installed tor-wall it gave an error msg! Tor wall init-script doesn’t support my device. Will tor apks work with kindle fire HDX 3 3rd edition. And one more ? If I may; How do I root this device. Or a link explaining how to. I’m a new supporter for Guardian project. You people believe as I do, even if if these products won’t work on my favourite- device, I am still going to support you all as much as I can. I’m trying to read up and understand as much as possible so I can pitch this to others and groups to get more support for Guardian project, Tor, safesurge.. thank yu for your attention to this matter.

  4. Please kindly advise if you are constantly updating and keeping up with rapid developments in encryption and why no mention of two fish?

    Your last comments were 24/12/2014.

    Is there a backdoor?

    Thank you

    1. There is no backdoor. All of our code is up-to-date and available on the github repo linked to on this page. You can monitor active development there.

      Two-fish is not actively used in securing network traffic, so it is not relevant to this library.

  5. Guys, can you explain me please how to Integrate this library to my device?
    I’ am tired to search the way to use this library.
    I need an advice to use this library especially after this words “…obviously we think using strong TLS/SSL connections over Tor is just about the best thing in the world”.
    Sincerely, John.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>