Skip to main content

Your Own DarkNet: Retroshare

There are various DarkNet systems available, for example FreeNet, Retroshare, TOR, Ricochet and GnuNet.  These are also known as Friend to Friend networks and creates a Virtual Private Mesh Network between trusted parties.

FreeNet is a little different, in that it can operate in two modes - public and private - where the private mode is a true DarkNet.  The Onion Router (TOR) is also a kind of public DarkNet proxy service which is very easy to use - do get the TOR Browser package - called Orbot on Android - very handy.

With a DarkNet, you can exchange files and chat in complete security - well, as secure as the other endpoints.  So if any of the endpoints run an untrustworthy operating system such as MS Windows, then one could argue that the whole circle is probably not secure.

Retroshare and other systems like it are not completely Black.  With a sniffer, an attacker can glean a little bit of information on who is connected to who, especially when one party is using unsecured WiFi, but they won't get far.

A private DarkNet is useful for Geeks who do support for their whole family and can set the whole mesh net up.  Same as for a corporate network, you can only go black if you have control over all the end points.  As soon as data needs to travel outside your VPN mesh net, it is free to anyone to sniff, spy, gloat and giggle over.

Always remember that the Public Internet is exactly that - it is Public...


The Retroshare application is cross platform and offers an easy way to transfer files between machines.  It also provides voice, video, chat and discussion fora.

You can set up multiple circles of trust, for example 'herman-work' and 'herman-home'. For me it provides a secure alternative to Dropbox and other insecure online FTP services.  Retroshare also works fine between mobile machines.   They always manage to find each other again!

First Steps

Before you start, get two or more machines that you want to be able to connect.  It could even be two virtual machines.  Make sure that the network connections between them are working properly before continuing.

Enable uPnP on your internet gateway.  This is by far the easiest way to ensure that the connection to the wide wide world will be trouble free.

If you only want to install on one machine, then you can test your connection with a public chat server, for example

Do install Keepass (Windows), KeepassX (Linux, Mac), or KeepassDroid (Android) on each of your machines.  If you put the (it is encrypted!) password database in Dropbox or, then you can access your passwords everywhere and only need to remember the long master password.  You can then easily use random highly secure gobbledygook passwords for everything else.

As soon as you start to get serious about security, you will descend into password hell, unless you install a cross platform password manager.  I have over a hundred passwords and most of them are random sequences that are impossible to remember or type by hand.  KeepassX preserves my sanity.

Installation on a Mac

The downloads are here:

On a Mac, download the file, run it, drag it to the Applications folder, then Ctrl-Click to run it the first time.

Installation on Windows

That should be just as easy as on a Mac, but if you are so worried about security that you want to use Retroshare, then you probably should go out and buy a Mac or a Linux machine first and dump your Windows machine in a river...

Installation on Linux

You can download Retroshare for Fedora 20 from here:

Get these files:
  • retroshare-0.5.5c-1.1.x86_64.rpm
  • retroshare-debuginfo-0.5.5c-1.1.x86_64.rpm
  • retroshare-nogui-0.5.5c-1.1.x86_64.rpm
  • retroshare-plugins-0.5.5c-1.1.x86_64.rpm
Use rpm to install them in this order:
      # rpm -ivh retroshare-nogui-0.5.5c-1.1.x86_64.rpm
      # rpm -ivh retroshare-0.5.5c-1.1.x86_64.rpm
      # rpm -ivh retroshare-debuginfo-0.5.5c-1.1.x86_64.rpm
      # rpm -ivh retroshare-plugins-0.5.5c-1.1.x86_64.rpm


To test Retroshare, you can install it on multiple virtual machines and on each one create a new identity.  Once you are comfortable with it, you can transfer your main ID from one of your machines to every machine you own, so that you can work everywhere with the same ID.  This is done with a key Export, Import and Certificate exchange between the two locations.

You need to generate a PGP key, which is your ID in the Retroshare system.  For that, you need a strong password.  Therefore, install KeepassX, if you haven’t got it already, and generate a password of at least 16 characters for good security.  You need to enter this password 3 times,  twice at the start and once more when you generated the new identity and it wants to save it in the GPG key ring.

Once the ID key pair is generated, Retroshare should start up, you’ll have to authorize installation of the plugins and then all should be well.

More information here: and here:

The biggest issue is that you need to use uPnP in your internet router or forward a port manually to make it work through a NAT firewall.

Some more on NAT firewalls here:

For best results, your circle of friends should have at least one, 'always on' computer somewhere.  The initial connection IP address is exchanged together with your PGP key and thereafter your machines are tracked through a Distributed Hash Table (DHT).  Provided that at least one computer in your circle of friends is still at the last address you reached it at, your machine should be able to connect with everybody no matter how much you or them have moved around.  This static member could be a little Raspberry Pi, or a Beaglebone Black.  More on that later!

Connect to Others

Retroshare has an Add a Friend Wizard (the little blue man at the top left) which will allow you to send the friend your Certificate and he has to send you his - both of you must accept it to complete the handshake.  

The first time you do this, I suggest that you use the Enter Certificate Manually method.  Then just highlight copy and paste the certificates to each other.  At the bottom of the certificate, Retroshare appends your IP address.  This enables the receiving party to connect back to you the first time - thereafter it will consult the DHT.

You can also send the certs by email, but that requires email to be set up already, which may not be the case if you are experimenting on a new virtual machine.

If everything (uPnP and DHT) is working, you should be able to connect.  If it fails, check that the two virtual machines are in the same subnet and can ping each other, turn their firewalls off and so on, otherwise nothing is going to work.

Note that Retroshare is completely peer-to-peer.  If all the machines in a net are starting up and shutting down, or travelling around (laptops), then you will have connection problems.  A good solution is to rent a virtual server and install Retroshare with XPRA on it, so that you have at least one machine that is always on.  This machine can then be used as a central file repository.

I hope that works and you can successfully go over to the Dark Side.

May The Force be with you...


  1. This blog post is a gem! It's concise, informative, and packed with actionable advice. I've already implemented some of the strategies mentioned and can already feel a positive impact on my subject of onion network . Keep it up.


Post a Comment

On topic comments are welcome. Junk will be deleted.

Popular posts from this blog

Parasitic Quadrifilar Helical Antenna

This article was reprinted in OSCAR News, March 2018: If you want to receive Satellite Weather Pictures , then you need a decent antenna, otherwise you will receive more noise than picture. For polar orbit satellites, one needs an antenna with a mushroom shaped radiation pattern .  It needs to have strong gain towards the horizon where the satellites are distant, less gain upwards where they are close and as little as possible downwards, which would be wasted and a source of noise.  Most satellites are spin stabilized and therefore the antenna also needs circular polarization, otherwise the received signal will flutter as the antennas rotate through nulls. The helical antenna, first proposed by Kraus in 1948, is the natural solution to circular polarized satellite communications.  It is a simple twisted wire - there seems to be nothing to it.  Various papers have been published on helix antennas, so the operation is pretty well understood. Therefore,

Weather Satellite Turnstile Antennas for the 2 meter Band

NEC2, 2 m band, 146 MHz, Yagi Turnstile Simulation and Build This article describes a Turnstile Antenna for the 2 meter band, 146 MHz amateur satcom, 137 MHz NOAA and Russian Meteor weather satellites.  Weather satellite reception is described here .  A quadrifilar helical antenna is described here .   Engineering, is the art of making what you need,  from what you can get. Radiation Pattern of the Three Element Yagi-Uda Antenna Once one combine and cross two Yagis, the pattern becomes distinctly twisted. The right hand polarization actually becomes visible in the radiation pattern plot, which I found really cool. Radiation Pattern of Six Element Turnstile Antenna Only a true RF Geek can appreciate the twisted invisible inner beauty of a herring bone antenna... Six Element Turnstile Antenna Essentially, it is three crosses on a stick.  The driven elements are broken in the middle at the drive points.  The other elements can go straight throug

To C or not to C, That is the Question

As most would know, the Kernighan and Ritchie C Programming Language is an improved version of B, which is a simplified version of BCPL, which is derived from ALGOL, which is the Ur computer language that started the whole madness, when Adam needed an operating system for his Abacus, to count Eve's apples in the garden of Eden in Iraq.  The result is that C is my favourite, most hated computer language , which I use for everything. At university, I learned FORTRAN with punch cards on a Sperry-Univac, in order to run SPICE, to simulate an operational amplifier.  Computers rapidly lost their glamour after that era! Nobody taught me C.  I bought the book and figured it out myself. Over time, I wrote a couple of assemblers, a linker-locator, various low level debuggers and schedulers and I even fixed a bug in a C compiler - not because I wanted to, but because I had to, to get the job done!   Much of my software work was down in the weeds with DSP and radio modems ( Synchronization,