2011-02-10 11:22:11 +00:00
|
|
|
#!/bin/zsh
|
2011-01-13 13:37:52 +00:00
|
|
|
#
|
|
|
|
# Tomb, the Crypto Undertaker
|
|
|
|
#
|
|
|
|
# a tool to easily operate file encryption of private and secret data
|
|
|
|
#
|
|
|
|
# Copyleft (C) 2007-2011 Denis Roio <jaromil@dyne.org>
|
|
|
|
#
|
|
|
|
# This source code is free software; you can redistribute it and/or
|
|
|
|
# modify it under the terms of the GNU Public License as published by
|
|
|
|
# the Free Software Foundation; either version 3 of the License, or
|
|
|
|
# (at your option) any later version.
|
|
|
|
#
|
|
|
|
# This source code is distributed in the hope that it will be useful,
|
|
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
|
|
|
|
# Please refer to the GNU Public License for more details.
|
|
|
|
#
|
|
|
|
# You should have received a copy of the GNU Public License along with
|
|
|
|
# this source code; if not, write to:
|
|
|
|
# Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
|
|
|
|
2011-01-12 16:02:19 +00:00
|
|
|
# startup wrapper to open tombs
|
|
|
|
|
2011-01-13 13:37:52 +00:00
|
|
|
|
2011-01-13 21:43:18 +00:00
|
|
|
try() {
|
|
|
|
which ${1} > /dev/null
|
|
|
|
if [ $? = 0 ]; then return 0;
|
|
|
|
else return -1; fi
|
|
|
|
}
|
2011-02-11 23:36:21 +00:00
|
|
|
|
2011-02-20 13:59:30 +00:00
|
|
|
# popup notification
|
|
|
|
tomb-notify() {
|
2011-01-13 13:37:52 +00:00
|
|
|
|
2011-02-20 13:59:30 +00:00
|
|
|
which notify-send > /dev/null
|
|
|
|
if [ $? != 0 ]; then return 1; fi
|
|
|
|
|
|
|
|
# look for our icon in common prefixes
|
|
|
|
if [ -r /usr/share/pixmaps/monmort.xpm ]; then icon=/usr/share/pixmaps/monmort.xpm
|
|
|
|
elif [ -r /usr/share/icons/monmort.xpm ]; then icon=/usr/share/icons/monmort.xpm
|
|
|
|
elif [ -r /usr/local/share/pixmaps/monmort.xpm ]; then icon=/usr/local/share/pixmaps/monmort.xpm
|
|
|
|
elif [ -r /usr/local/share/icons/monmort.xpm ]; then icon=/usr/local/share/icons/monmort.xpm
|
|
|
|
elif [ -r /opt/share/pixmaps/monmort.xpm ]; then icon=/opt/share/pixmaps/monmort.xpm
|
|
|
|
elif [ -r /sw/share/pixmaps/monmort.xpm ]; then icon=/sw/share/pixmaps/monmort.xpm
|
|
|
|
fi
|
|
|
|
|
|
|
|
if [ -z $1 ]; then
|
|
|
|
notify-send -i $icon \
|
|
|
|
-u low -h string:App:Tomb \
|
|
|
|
"Tomb version $VERSION" \
|
|
|
|
"Hi, I'm the Undertaker.
|
|
|
|
Let's start setting your Crypt?"
|
|
|
|
else
|
|
|
|
notify-send -i $icon ${@}
|
|
|
|
fi
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
# USB plug auto detect using dmesg
|
|
|
|
# tested on ubuntu 10.04 and debian 6.0
|
|
|
|
# please test and patch on other systems if you can.
|
|
|
|
# TODO: use udev rules, see how archlinux folks document it:
|
|
|
|
# https://wiki.archlinux.org/index.php/System_Encryption_with_LUKS_for_dm-crypt
|
|
|
|
# here we could modularize the choice of methods using function pointers,
|
|
|
|
# so that they are configurable when calling tomb.
|
|
|
|
ask_usbkey() {
|
|
|
|
unset usbkey_mount
|
|
|
|
echo "Waiting 1 minute for a usb key to connect"
|
|
|
|
echo -n " . please insert your usb key "
|
|
|
|
|
|
|
|
tomb-notify "Insert your USB KEY" \
|
|
|
|
"Tomb is waiting 30 seconds for you to insert an external key."
|
|
|
|
|
|
|
|
plugged=false
|
|
|
|
c=0
|
|
|
|
while [ "$plugged" != "true" ]; do
|
|
|
|
dmesg | tail -n 12 | grep -q 'new.*USB device'
|
|
|
|
if [ $? = 0 ]; then plugged=true; fi
|
|
|
|
echo -n "."
|
|
|
|
sleep .5
|
|
|
|
c=`expr $c + 1`
|
|
|
|
if [ $c -gt 60 ]; then
|
|
|
|
echo
|
|
|
|
echo "[!] timeout."
|
|
|
|
return 1;
|
|
|
|
fi
|
|
|
|
done
|
|
|
|
|
|
|
|
echo
|
|
|
|
echo -n " . usb key inserted, attaching "
|
|
|
|
|
|
|
|
c=0
|
|
|
|
attached=false
|
|
|
|
while [ "$attached" != "true" ]; do
|
|
|
|
dmesg | tail -n 12| grep -q 'Attached.*removable disk'
|
|
|
|
if [ $? = 0 ]; then attached=true; fi
|
|
|
|
echo -n "."
|
|
|
|
sleep .5
|
|
|
|
c=`expr $c + 1`
|
|
|
|
if [ $c -gt 30 ]; then
|
|
|
|
echo
|
|
|
|
echo "[!] timeout."
|
|
|
|
export usbkey_mount=none
|
|
|
|
return 1;
|
|
|
|
fi
|
|
|
|
done
|
|
|
|
|
|
|
|
echo
|
|
|
|
echo -n " . usb attached, opening "
|
|
|
|
|
|
|
|
# get the first partition
|
|
|
|
# usbpart=`dmesg |tail -n 12 | grep ' sd.:' |cut -d: -f2 |tr -d ' '`
|
|
|
|
for i in $(seq 1 10); do
|
|
|
|
usbpart=$(dmesg | tail -n 12 | sed '/ sd.:/!d;s/^.*: \(sd.[0-9]*\)/\1/')
|
|
|
|
if [ -n "$usbpart" ]; then
|
|
|
|
break
|
|
|
|
elif [ $i -eq 10 ]; then
|
|
|
|
echo "[!] timeout."
|
|
|
|
return 1
|
|
|
|
else
|
|
|
|
echo -n .
|
|
|
|
sleep 1
|
|
|
|
fi
|
|
|
|
done
|
|
|
|
|
|
|
|
mtmp=$(/bin/mktemp -d --tmpdir tomb.XXXXXXXXXXXX)
|
|
|
|
sudo mount /dev/$usbpart $mtmp
|
|
|
|
if [ $? = 0 ]; then
|
|
|
|
usbmount=$mtmp
|
|
|
|
else
|
|
|
|
echo "[!] cannot mount usbkey partition $usbmount"
|
|
|
|
return 1
|
|
|
|
fi
|
|
|
|
|
|
|
|
echo
|
|
|
|
echo " . usb key mounted on $usbmount"
|
|
|
|
usbkey_mount=$usbmount
|
|
|
|
return 0
|
|
|
|
}
|
|
|
|
|
|
|
|
launch_status() {
|
|
|
|
# calculates the correct arguments to launch tomb-status tray
|
|
|
|
# applet; it takes the tomb name as an argument and should be
|
|
|
|
# launched after a successful tomb mount.
|
|
|
|
if ! [ $1 ]; then
|
|
|
|
echo "[!] cannot launch status tray applet: we don't even know the name of our tomb."
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
|
|
|
|
tombname=${1}
|
|
|
|
tombmap=`mount -l | awk "/\[${tombname}\]$/"' { print $1 } '`
|
|
|
|
tombmount=`mount -l | awk "/\[${tombname}\]$/"' { print $3 } '`
|
|
|
|
tomb-status $tombmap $tombname $tombmount &!
|
|
|
|
}
|
2011-01-13 13:37:52 +00:00
|
|
|
|
2011-02-09 19:35:11 +00:00
|
|
|
# got an argument
|
2011-02-11 23:36:21 +00:00
|
|
|
if [ $1 ]; then # is it a file?
|
2011-02-09 19:35:11 +00:00
|
|
|
|
2011-02-20 13:59:30 +00:00
|
|
|
tombdir=`dirname $1`
|
|
|
|
tombfile=`basename $1`
|
|
|
|
tombname=${tombfile%%\.*}
|
|
|
|
|
2011-02-11 23:36:21 +00:00
|
|
|
if [ -f ${tombdir}/${tombfile} ]; then
|
2011-02-09 19:35:11 +00:00
|
|
|
|
2011-02-11 23:36:21 +00:00
|
|
|
# is it a luks partition
|
2011-02-20 13:59:30 +00:00
|
|
|
file ${tombdir}/${tombfile} | grep -i LUKS > /dev/null
|
2011-02-09 19:35:11 +00:00
|
|
|
if [ $? = 0 ]; then # tomb is a valid LUKS file
|
2011-02-20 19:10:08 +00:00
|
|
|
if [ -r ${tombdir}/${tombname}.tomb.key ]; then
|
|
|
|
tombkey=${tombdir}/${tombname}.tomb.key
|
2011-02-20 13:59:30 +00:00
|
|
|
else
|
|
|
|
ask_usbkey
|
|
|
|
if ! [ $usbkey_mount ]; then # no usb key was mounted
|
|
|
|
echo "key not provided for tomb: $tombname"
|
|
|
|
echo "operation aborted." # TODO: dialog with pinentry
|
|
|
|
exit 1
|
|
|
|
else # usb mounted, check key presence
|
2011-02-20 19:10:08 +00:00
|
|
|
if [ -r ${usbkey_mount}/.tomb/${tombname}.tomb.key ]; then
|
|
|
|
tombkey=${usbkey_mount}/.tomb/${tombname}.tomb.key
|
2011-02-20 13:59:30 +00:00
|
|
|
elif [ -r ${usbkey_mount}/.tomb ]; then
|
|
|
|
echo "we can't find the right key, have a look yourself:"
|
|
|
|
ls -lha ${usbkey_mount}/.tomb
|
|
|
|
exit 1
|
|
|
|
else
|
|
|
|
echo "there are no keys stored in your usb"
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
if ! [ ${tombkey} ]; then # just to be sure
|
|
|
|
echo "key not found, operation aborted."
|
|
|
|
exit 1
|
|
|
|
else
|
|
|
|
|
|
|
|
tomb -k ${tombkey} mount ${tombdir}/${tombfile}
|
|
|
|
success=$?
|
|
|
|
fi
|
2011-02-09 19:35:11 +00:00
|
|
|
|
2011-02-20 13:59:30 +00:00
|
|
|
if [ $usbkey_mount ]; then
|
|
|
|
sudo umount ${usbkey_mount}
|
|
|
|
rmdir ${usbkey_mount}
|
|
|
|
unset usbkey_mount
|
|
|
|
fi
|
2011-02-09 19:35:11 +00:00
|
|
|
|
2011-02-20 13:59:30 +00:00
|
|
|
if [ $success = 0 ]; then # mount was succesfull (with password and all)
|
|
|
|
launch_status ${tombname}
|
2011-02-09 19:35:11 +00:00
|
|
|
exit 0
|
|
|
|
else
|
2011-02-20 13:59:30 +00:00
|
|
|
tomb-notify "Tomb cannot open." "Are you knocking the wrong door?"
|
2011-02-09 19:35:11 +00:00
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
else
|
2011-02-20 13:59:30 +00:00
|
|
|
tomb-notify "Not a real Tomb." "We found no real bones in there."
|
2011-02-09 19:35:11 +00:00
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
2011-02-11 23:36:21 +00:00
|
|
|
elif [ -d $1 ]; then # its a directory
|
2011-02-09 19:35:11 +00:00
|
|
|
|
2011-01-13 13:37:52 +00:00
|
|
|
# FIXME: somehow xdg-open loses mailcap mimes when executed by tomb-status
|
2011-01-13 21:43:18 +00:00
|
|
|
# try xdg-open; if [ $? = 0 ]; then xdg-open ${1}; exit 0; fi
|
2011-02-09 19:35:11 +00:00
|
|
|
try gnome-open; if [ $? = 0 ]; then gnome-open ${1}; exit 0; fi
|
|
|
|
try thunar; if [ $? = 0 ]; then thunar ${1}; exit 0; fi
|
|
|
|
try pcmanfm; if [ $? = 0 ]; then pcmanfm ${1}; exit 0; fi
|
|
|
|
try rox; if [ $? = 0 ]; then rox ${1}; exit 0; fi
|
|
|
|
try fsviewer; if [ $? = 0 ]; then fsviewer ${1}; exit 0; fi
|
|
|
|
# try xnc; if [ $? = 0 ]; then xnc ${1}; exit 0; fi
|
2011-02-20 13:59:30 +00:00
|
|
|
tomb-notify "File manager not found." "Tomb cannot guess which filemanager you are using"
|
2011-01-13 13:37:52 +00:00
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
|
2011-02-09 19:35:11 +00:00
|
|
|
|
2011-01-13 13:37:52 +00:00
|
|
|
# no argument but on graphical display: creation dialog
|
|
|
|
if [ -z $DISPLAY ]; then
|
|
|
|
echo "[!] tomb-open is a wrapper for the command 'tomb'"
|
|
|
|
tomb -h
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
|
2011-02-09 19:35:11 +00:00
|
|
|
# no arguments: start guided tomb creation
|
2011-02-20 13:59:30 +00:00
|
|
|
tomb-notify
|
|
|
|
# we do it on the desktop by default
|
|
|
|
if [ -r $HOME/Desktop ]; then
|
|
|
|
cd $HOME/Desktop;
|
|
|
|
# or inside HOME
|
|
|
|
else cd $HOME; fi
|
|
|
|
|
2011-01-13 13:37:52 +00:00
|
|
|
cat <<EOF
|
|
|
|
Create a new Tomb
|
|
|
|
=================
|
|
|
|
|
|
|
|
A Tomb is a special folder that keeps files safe using a password:
|
|
|
|
it makes use of strong encryption and helps you keep the keys on a
|
|
|
|
separate USB storage for safer transports.
|
|
|
|
|
|
|
|
Inside a Tomb you can store private informations without fear that
|
|
|
|
other people possessing it will discover your secrets, unless they
|
|
|
|
have your USB key and your password.
|
|
|
|
|
2011-02-08 10:00:28 +00:00
|
|
|
If you choose to proceed now, we'll guide you through the creation
|
2011-02-10 13:59:20 +00:00
|
|
|
of a new Tomb.
|
2011-01-13 13:37:52 +00:00
|
|
|
If you will, I'll be your Crypto Undertaker.
|
2011-01-28 11:26:35 +00:00
|
|
|
Do you want to proceed, Master? (y/n)
|
2011-01-13 13:37:52 +00:00
|
|
|
EOF
|
|
|
|
echo -n "> "
|
|
|
|
read -q
|
|
|
|
if [ $? != 0 ]; then
|
|
|
|
echo "Operation aborted."
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
# let's proceed
|
|
|
|
echo " Please type in the name for your new tomb file:"
|
|
|
|
echo -n "> "
|
2011-02-20 13:59:30 +00:00
|
|
|
read tombname
|
2011-01-13 13:37:52 +00:00
|
|
|
echo " How big you want the Tomb to be?"
|
|
|
|
echo " Type a size number in Megabytes:"
|
|
|
|
echo -n "> "
|
2011-02-20 13:59:30 +00:00
|
|
|
read tombsize
|
|
|
|
clear
|
2011-01-13 13:37:52 +00:00
|
|
|
echo " You have commanded the creation of this Tomb:"
|
2011-02-20 13:59:30 +00:00
|
|
|
echo " $tombname ( $tombsize MBytes )";
|
2011-01-13 13:37:52 +00:00
|
|
|
echo
|
2011-02-10 13:59:20 +00:00
|
|
|
cat <<EOF
|
|
|
|
Please confirm if you want to proceed now:
|
|
|
|
|
|
|
|
You will need the super-user (sudo) password for the computer you
|
|
|
|
are using, as well time available: depending how big your tomb will
|
|
|
|
be, make sure you are not running low on batteries, or inside a
|
|
|
|
detachable screen if on a server. Considering 1GB takes usually
|
|
|
|
little less than an hour to be digged.
|
|
|
|
EOF
|
|
|
|
echo " "
|
|
|
|
echo " Digging will take quite some time! Should we start? (y/n)"
|
2011-01-13 13:37:52 +00:00
|
|
|
echo -n "> "
|
|
|
|
read -q
|
|
|
|
if [ $? != 0 ]; then
|
|
|
|
echo "Operation aborted."
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
cat <<EOF
|
|
|
|
Operation confirmed! we will now call the undertaker to do its
|
|
|
|
job, but in order to do so you will need to provide your sudo
|
|
|
|
password:
|
|
|
|
EOF
|
2011-02-03 19:42:46 +00:00
|
|
|
|
2011-02-20 13:59:30 +00:00
|
|
|
tombfile=${tombname}.tomb
|
|
|
|
tomb -s $tombsize create ${tombfile}
|
2011-02-03 19:42:46 +00:00
|
|
|
|
2011-02-03 16:11:08 +00:00
|
|
|
if [ $? != 0 ]; then
|
2011-02-03 19:42:46 +00:00
|
|
|
echo "An error occurred creating tomb, operation aborted."
|
2011-02-03 16:11:08 +00:00
|
|
|
exit 1
|
|
|
|
fi
|
2011-02-10 13:59:20 +00:00
|
|
|
|
2011-02-20 13:59:30 +00:00
|
|
|
tomb-notify "The Tomb is ready!" "We will now open your new Tomb for the first time."
|
|
|
|
cat <<EOF
|
|
|
|
Would you like to save the key on an external usb device?"
|
|
|
|
This is recommended for safety:"
|
|
|
|
Always keep the key in a different place than the door!"
|
|
|
|
If you answer yes, you'll need a USB KEY now: (y/n)"
|
|
|
|
EOF
|
|
|
|
# tomb-notify "Tomb has forged a key." "Would you like to save it on USB?"
|
|
|
|
echo -n " > "
|
|
|
|
read -q
|
|
|
|
if [ $? = 0 ]; then
|
|
|
|
ask_usbkey
|
|
|
|
if [ ${usbkey_mount} ]; then
|
|
|
|
|
|
|
|
sudo mkdir -m 0700 -p ${usbkey_mount}/.tomb
|
|
|
|
sudo cp -v ${tombname}.key ${usbkey_mount}/.tomb/
|
|
|
|
sudo chmod -R go-rwx ${usbkey_mount}/.tomb
|
2011-02-10 13:59:20 +00:00
|
|
|
|
2011-02-20 13:59:30 +00:00
|
|
|
echo "${tombname}.key succesfully saved on your USB"
|
|
|
|
echo "now we'll proceed opening your brand new tomb"
|
|
|
|
|
2011-02-20 19:10:08 +00:00
|
|
|
tomb -k ${tombname}.tomb.key open ${tombfile}
|
2011-02-20 13:59:30 +00:00
|
|
|
if [ $? = 0 ]; then
|
|
|
|
launch_status ${tombname}
|
|
|
|
fi
|
|
|
|
|
2011-02-20 19:10:08 +00:00
|
|
|
rm -f ${tombname}.tomb.key
|
2011-02-20 13:59:30 +00:00
|
|
|
|
|
|
|
sudo umount ${usbkey_mount}
|
|
|
|
rmdir ${usbkey_mount}
|
|
|
|
unset usbkey_mount
|
|
|
|
|
|
|
|
exit 0
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
|
|
|
|
cat <<EOF
|
|
|
|
Impossible to save the key on USB.
|
|
|
|
We recommend to preserve the key in a separate place!
|
|
|
|
You can move it yourself later, place it in a hidden directory
|
|
|
|
named .tomb inside the first partition of an usb key.
|
|
|
|
EOF
|
|
|
|
|
2011-02-20 19:10:08 +00:00
|
|
|
tomb -k ${tombname}.tomb.key open ${tombfile}
|
2011-02-20 13:59:30 +00:00
|
|
|
if [ $? = 0 ]; then
|
|
|
|
launch_status ${tombname}
|
|
|
|
fi
|
2011-01-12 16:02:19 +00:00
|
|
|
|
2011-02-20 13:59:30 +00:00
|
|
|
exit 0
|