Installing Katzenpost

Installing Katzenpost

Table of Contents

Requirements
Obtain the Katzenpost code
Install the latest Go version
Build server components
Build clients
Install the server components
Create service accounts
Create configuration files
Configure systemd
Generate keys

The section provides an overview of how to download Katzenpost, set up a development environment, build the code, install the Katzenpost binaries, and configure the components.

Requirements

An up-to-date Debian or Ubuntu Linux system is assumed as the build and hosting environment for all Katzenpost server-side components. Required packages include the following:

  • git

  • gcc

  • build-essential

  • libc-dev-bin

Obtain the Katzenpost code

Complete the following steps to set up a local Katzenpost git repository.

  1. Clone Katzenpost. 

    $ git clone git@github.com:katzenpost/katzenpost.git

  2. Get the latest tagged commit of the Katzenpostwith the following commands.

    $ git fetch --tags$ tag=$(git describe --tags `git rev-list --tags --max-count=1`)$ git checkout $tag

Install the latest Go version

Download the latest version of the Go programming language from https://go.dev/dl and unzip it in a suitable location. As root, set the necessary environment variables: 

# export PATH=$PATH:/<your Go location>/bin# export GO111MODULE=on# export CGO_CFLAGS_ALLOW="-DPARAMS=sphincs-shake-256f"

The go/bin path must be included in your user $PATH environment variable.

[Note] Note

Do not use the Debian/Ubuntu golang packages. They are probably too old.

Build server components

To build a Katzenpost server component, navigate to the directory containing its source code and run go build. The paths shown are relative to the Katzenpost repository root.

Table 1. Server component directories

Component Source code directory Binary
Mix, gateway, or service node server/cmd/server/ server
Directory authority authority/cmd/dirauth/ dirauth

Build clients

The Katzenpost client components are useful for testing an operational mixnet. To build them, navigate to the directory containing each component's source code and run go build. The paths shown are relative to the Katzenpost repository root.

[Note] Note

The Katzen chat client is under development and not currently functional. For more information about the clients generally, see Clients.

Table 2. Client directories

Component Source code directory Binary or application

Ping

 ping/ ping

Fetch

authority/cmd/fetch/

fetch

Status

 Obtain from GitHub repository katzenpost/status. status.py

Worldmap

 Obtain from GitHub repository katzenpost/worldmap world_map.py

Install the server components

To install the server binaries, run the following commands from the katzenpost repository root.

# cp server/cmd/server/server /usr/local/bin/katzenpost-mixserver
# cp authority/cmd/dirauth/dirauth /usr/local/bin/katzenpost-authority

Create service accounts

Create a service account account for each of the node types that you deploy.

To create a service user for a directory authority. 

# adduser \
    --disabled-login \
    --disabled-password \ 
    --system \
    --group \
    --home /var/lib/katzenpost-authority \
    katzenpost-authority

To create a service user for a mix, gateway, or service node. 

# adduser \
    --disabled-login \
    --disabled-password \ 
    --system \
    --group \
    --home /var/lib/katzenpost-mixserver \
    katzenpost-mixserver

Create configuration files

The best way currently to construct a node configuration file is to use one of the samples in Appendix: Configuration files from the Docker test mixnet, and to modify it based on the published component parameters, combined with attention to the latest state of the code tree. Bear in mind that the IP address:port scheme used in the Docker image is specific to that container environment, and is not transferable to a production network without modifcation.

Katzenpost currently has no configuration automation tool that is ready for general use.

Configure systemd

If you are running your Katzenpost components under systemd, create and install a systemd service file for each node type that you plan to deploy. The following scripts are examples of how to do this.

To create a systemd service file for a directory authority. 

#!/bin/bash -x

cat << EOF > /etc/systemd/system/katzenpost-mixserver.service
[Unit]
Description=Katzenpost Mix Server
After=network.target

[Service]
IPAccounting=yes
Type=simple
User=katzenpost-mixserver
WorkingDirectory=/var/lib/katzenpost-mixserver
ExecStart=/usr/local/bin/katzenpost-mixserver -f /etc/katzenpost-mixserver/katzenpost.toml
PrivateTmp=yes
NoNewPrivileges=yes
# RestartSec=5
Restart=on-failure

[Install]
WantedBy=default.target
EOF

To create a systemd service file for a mix, gateway, or service node. 

#!/bin/bash -x

cat << EOF > /etc/systemd/system/katzenpost-authority.service
[Unit]
Description=Katzenpost Authority
After=network.target

[Service]
Type=simple
IPAccounting=yes
User=katzenpost-authority
WorkingDirectory=/var/lib/katzenpost-authority
ExecStart=/usr/local/bin/katzenpost-authority -f /etc/katzenpost-authority/authority.toml
PrivateTmp=yes
NoNewPrivileges=yes
Restart=on-failure

[Install]
WantedBy=default.target
EOF

Generate keys

The first time that you run a server binary directly or using systemd, identity and encryption keys are automatically generated and installed if they are not already present. The key location is specified by the value of DataDir in the [Server] section of the configuration. For configuration parameter details, see Components and configuration of the Katzenpost mixnet. For server binary commandline options, see the Quickstart guide.

Once the keys are in place, restart the server to begin operations.

Last modified March 5, 2025: Revisions per review, spell-checked, link-checked, files regenerated (1e64ace3)