Introduction

CIYAM Safe is a solution for cold storage that uses 100% air-gapped communications (i.e. there is no wire connection made from the online computer to the offline computer). The recommended way to use the system is to install the Live OS to a USB flash drive which later will only ever be plugged into the offline computer.

The offline computer must use an x86-64 bit CPU and have at least 2GB of memory. For the Live OS itself a 4GB USB flash drive is the minimum size recommended and although VM images are also provided the safest approach is to use the Live OS version. It should not matter about whatever OS might already be installed on the offline computer as the BIOS settings should be changed to ensure that the Live OS is always booted from USB (and maybe consider formatting or even physically removing the offline computer's hard disk).

To further ensure the integrity of a CIYAM Safe system it is recommended to remove hardware such as the WiFi card from the offline computer so that it cannot be connected to the internet (or any other networked device). In the same manner if the computer currently has a standard ethernet socket then it is recommended to install a plug that will prevent it from being normally used (to make it very unlikely that the computer will be accidentally connected to a network).

Installation

Download the Live OS archive and then extract the OS image file CIYAM_Safe.x86_64-0.1.25.raw that it contains.

Windows

To extract the OS image a utility such as 7-Zip would be recommended.

Download ImageWriter.exe and run this program. Next from the Windows Explorer simply drag and drop the CIYAM_Safe.x86_64-0.1.25.raw file into the application's main window and then plug in the USB flash drive and follow the application's instructions.

Linux - SUSE

To extract the OS image simply right click on the archive file and then select the appropriate Extract action

Next install the imagewriter software package using yast (if it is not already present) and then run this application. Using the GUI's file manager drag the OS image file onto the application's main window and then plug in the USB flash drive and then follow the application's instructions.

Linux - Console

To extract the OS image issue the following command:

> tar -zxvf CIYAM_Safe.x86_64-0.1.25.oem.tar.gz

Plug in the USB flash drive to be formatted and issue the following command (issue it once before plugging in to be sure that the last entry appearing is only appearing after you have plugged in the USB flash drive):

> lsblk

NAME   MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
...
sdb      8:16   1 14.9G  0 disk 
└─sdbX   8:17   1 14.9G  0 part 

Next copy the OS image to the device

DANGER: This will erase the contents of /dev/sdbX so don't run this unless you are sure it is the correct device!

> dd if=CIYAM_Safe.x86_64-0.1.25.raw of=/dev/sdbX bs=4k

NOTE: This command make take a few minutes to complete.

To verify that the write worked correctly the output of the following two commands should match:

> md5sum CIYAM_Safe.x86_64-0.1.25.raw

> md5sum /dev/sdb1

In order for the LiveOS to also have persistence it will require another partition which can be created as follows:

> fdisk /dev/sdb1
Command (m for help): n
Command action
e extended
p primary partition (1-4)
p
Partition number (1-4): 2
First cylinder (661-3935, default 661):
Using default value 661
Last cylinder, +cylinders or +size{K,M,G} (661-3935, default 3935):
Using default value 3935
  
Command (m for help): w
The partition table has been altered!

Live OS Setup

After booting the Live OS from the USB flash drive in the offline computer you can log in by clicking on the user name tux and then typing the password linux. As the private keys will be locked using a different password there is no need to change the password for the Live OS user.

To install the CIYAM Safe scripts and code type the following from a console window:

> ./install

At this stage you might wish to use the include Firefox web browser to look at the file usage.html which contains instructions for using the CIYAM Safe software itself after which you would start with the following command:

> ./init

Special Notes

If zbarcam does not work with your webcam then use the included wxcam application in order to take snapshot pictures which can be scanned using zbarimg instead.

Virtual Machine Images

Whilst not recommended for normal usage the following can be helpful for testing and development purposes.

CIYAM_Safe.x86_64-0.1.25.qcow2 for KVM/QEMU.

CIYAM_Safe.x86_64-0.1.25.vmx.tar.gz for VMware/VirtualBox.