Tomb/README.md

124 lines
5.4 KiB
Markdown
Raw Normal View History

2014-04-15 10:56:00 +00:00
..... ..
.H8888888h. ~-. . uW8"
888888888888x `> u. .. . : `t888
X~ `?888888hx~ ...ue888b .888: x888 x888. 8888 .
' x8.^"*88*" 888R Y888r ~`8888~'888X`?888f` 9888.z88N
`-:- X8888x 888R I888> X888 888X '888> 9888 888E
488888> 888R I888> X888 888X '888> 9888 888E
.. `"88* 888R I888> X888 888X '888> 9888 888E
x88888nX" . u8888cJ888 X888 888X '888> 9888 888E
!"*8888888n.. : "*888*P" "*88%""*88" '888!` .8888 888"
' "*88888888* 'Y" `~ " `"` `%888*%"
^"***"` "`
2014-08-29 21:23:08 +00:00
*A minimalistic commandline tool to manage encrypted volumes* aka **The Crypto Undertaker**
2010-08-23 19:28:09 +00:00
2014-11-16 12:55:51 +00:00
Latest stable version: **2.0**
2014-11-16 12:55:51 +00:00
Updates on website: https://www.dyne.org/software/tomb
2014-04-15 10:56:00 +00:00
2014-08-29 21:23:08 +00:00
Get the stable .tar.gz signed release for production use!
Download it from https://files.dyne.org/tomb
# What is Tomb, the crypto undertaker?
2010-08-23 13:10:57 +00:00
Tomb aims to be a free and open source system for easy encryption and
backup of personal files, written in code that is easy to review and
2013-05-25 14:29:19 +00:00
links shared GNU/Linux components.
At present, Tomb consists of a simple shell script (Zsh) using
2010-08-25 18:18:15 +00:00
standard filesystem tools (GNU) and the cryptographic API of the Linux
2013-05-25 14:29:19 +00:00
kernel (cryptsetup and LUKS). Tomb can also produce machine parsable
output to facilitate its use inside graphical applications.
2010-08-23 13:10:57 +00:00
# How does it work?
2014-04-15 10:56:00 +00:00
For the instructions on how to get started using Tomb, see [INSTALL](INSTALL.md).
2010-08-23 13:10:57 +00:00
This tool can be used to dig .tomb files (LUKS volumes), forge keys
2013-05-25 14:29:19 +00:00
protected by a password (GnuPG symmetric encryption) and use the keys
to lock the tombs. Tombs are like single files whose contents are
inaccessible in the absence of the key they were locked with and its
2013-05-25 14:29:19 +00:00
password.
Once open, the tombs are just like normal folders and can contain
2013-05-25 14:29:19 +00:00
different files, plus they offer advanced functionalities like bind
and execution hooks and fast search, or they can be slammed close even
if busy. Keys can be stored on separate media like USB sticks, NFC, or
2013-05-25 14:29:19 +00:00
bluetooth devices to make the transport of data safer: one always
needs both the tomb and the key, plus its password, to access it.
The tomb script takes care of several details to improve the security
of tombs in everyday usage: adopting PIN entry for passwords,
2013-05-25 14:29:19 +00:00
facilitating the storage of backup keys using image steganography,
listing open tombs and selectively closing them, warning the user
about their size and last time they were used, etc.
2010-08-23 13:10:57 +00:00
2014-04-15 10:56:00 +00:00
# How secure is this?
Death is the only sure thing in life. That said, Tomb is a pretty
secure tool especially because it is kept minimal, its source is always
open, and its code is easy to review with a bit of shell script
knowledge.
All encryption tools being used in Tomb are included as default in
many GNU/Linux operating systems and therefore are regularly peer
reviewed: we don't add anything else to them really, just a layer of
usability.
The code of Tomb can be read in a literate programming style on
http://tomb.dyne.org/literate
2014-04-15 10:56:00 +00:00
# Stage of development
2010-08-23 13:10:57 +00:00
Tomb is an evolution of the 'mknest' tool developed for the dyne:bolic
GNU/Linux distribution, which is used by its 'nesting' mechanism to
2013-05-25 14:29:19 +00:00
encrypt the Home directory of users, a system implemented already in
2001. Since then, the same shell routines kept being maintained and in
2007, they were adapted to work on various other GNU/Linux distributions.
2010-08-23 13:10:57 +00:00
As of today, Tomb is a very stable tool also used in mission critical
situations by a number of activists in dangerous zones. It has been
2013-05-25 14:29:19 +00:00
reviewed by forensics analysts and it can be considered to be safe for
military grade use where the integrity of information stored depends on
the user's behaviour and the strength of a standard AES-256
2014-04-15 10:56:00 +00:00
(XTS plain) encryption algorithm.
2010-08-23 13:10:57 +00:00
2014-08-29 21:23:08 +00:00
# Use stable releases in production
Anyone planning to use Tomb to store and access secrets should not use
the latest development version in Git, but use instead the .tar.gz
release on https://files.dyne.org/tomb . The stable version will
always ensure backward compatibility with older tombs: we make sure it
2014-08-29 21:23:08 +00:00
creates sane tombs and keys by running various tests before releasing
it. The development version in Git might introduce sudden bugs and is
not guaranteed to produce backward- or forward-compatible tombs and keys.
2014-11-16 12:55:51 +00:00
The development version in Git should be used to report bugs, test new
features and develop patches.
2014-08-29 21:23:08 +00:00
So be warned: do not use the latest Git version in production
environments, but use a stable release versioned and packed as
tarball on https://files.dyne.org/tomb
2014-04-15 10:56:00 +00:00
# How can you help
2010-08-23 13:10:57 +00:00
2014-08-29 21:23:08 +00:00
Donations are always welcome, see https://www.dyne.org/donate
2013-06-12 12:28:40 +00:00
2014-06-09 10:42:38 +00:00
Translations are also needed: they can be contributed via this website
https://poeditor.com/join/project?hash=33bdefea2e46b26f512a0caae55fbbb5
or simply sending the .po file. Start from `extras/po/tomb.pot`.
The code is pretty short and readable: start looking around and the
materials found in `doc/` which are good pointers at security measures
2010-08-23 13:10:57 +00:00
to be further implemented.
2013-06-12 12:28:40 +00:00
For the bleeding edge visit https://github.com/dyne/Tomb
2013-05-25 14:29:19 +00:00
2014-08-29 21:23:08 +00:00
Tomb's developers can be contacted using the issues on GitHub or over
IRC on https://irc.dyne.org channel **#dyne**
2014-04-15 10:56:00 +00:00
Some enthusiastic ideas are in the [TODO](doc/TODO.org) file.
2014-04-15 10:56:00 +00:00
Information on developers involved is found in the [AUTHORS](AUTHORS.md) file.