Llewellyn/Tomb
1
0
Fork 0
mirror of https://github.com/Llewellynvdm/Tomb.git synced 2024-11-29 16:24:07 +00:00
Code Issues Packages Projects Releases Wiki Activity

Documentation for -k cleartext and --unsafe

Browse Source
This commit is contained in:
Jaromil 2014-11-21 22:50:45 +01:00
parent 4d82b20199
commit 0d485bf51d
2 changed files with 17 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
README.md
View File

@ -208,25 +208,26 @@ Information on developers involved is found in the [AUTHORS](AUTHORS.md) file.
Sure as Hell it can! Licensing issues aside ([GNU GPLv3+](COPYING) Sure as Hell it can! Licensing issues aside ([GNU GPLv3+](COPYING)
terms) Tomb provides machine-readable output and interaction via some flags: terms) Tomb provides machine-readable output and interaction via some flags:
flag | function flag | function
-------------------- | ------------------------------------------------ --------------- | ------------------------------------------------
--no-color | avoids coloring output to allow parsing --no-color | avoids coloring output to allow parsing
--unsecure-dev-mode | allows giving passwords as argument --unsafe | allows passwords options and cleartext key from stdin
--tomb-pwd | specify the key password as argument --tomb-pwd | specify the key password as argument
--tomb-old-pwd | specify the old key password as argument --tomb-old-pwd | specify the old key password as argument
--sudo-pwd | specify the sudo password as argument --sudo-pwd | specify the sudo password as argument
-k cleartext | reads the unencrypted key from stdin
Yet please consider that these flags may introduce vulnerabilities as Yet please consider that these flags may introduce vulnerabilities and
process table scanning can reveal passwords while such commands are other people logged on the same system can easily log your passwords
executing. For passwords in particular the best is always let Tomb while such commands are executing. We only recommend using the
gather them via pinentry. pinentry input for your passwords.
## Python ## Python
![](extras/images/python_for_tomb.png) ![](extras/images/python_for_tomb.png)
A Python wrapper is under developed and already usable, but it A Python wrapper is under development and already usable, but it
introduces the vulnerabilities mentioned above. Find it in introduces some vulnerabilities mentioned above. Find it in
`extras/tomber`. For more information see [PYTHON](extras/PYTHON.md). `extras/tomber`. For more information see [PYTHON](extras/PYTHON.md).
## Graphical applications ## Graphical applications

6
doc/tomb.1
View File

@ -216,7 +216,7 @@ Print more information while running, for debugging purposes
Suppress colors in console output (needed for string parsing by Suppress colors in console output (needed for string parsing by
wrappers). wrappers).
.B .B
.IP "--unsecure-dev-mode" .IP "--unsafe"
Enable using dev-mode arguments, i.e. to pass passwords from Enable using dev-mode arguments, i.e. to pass passwords from
commandline options. This is mostly used needed for execution by commandline options. This is mostly used needed for execution by
wrappers and testing suite. wrappers and testing suite.
@ -345,11 +345,11 @@ local copy of it:
.EE .EE
.IP \(bu .IP \(bu
Open a Tomb on a remote server using the local key on stdin to SSH, Open a Tomb on a remote server passing the unencrypted local key on stdin via SSH,
without saving any remote copy of it: without saving any remote copy of it:
.EX .EX
cat .secrets/tomb.key | ssh server tomb open secret.tomb -k - gpg -d .secrets/tomb.key | ssh server tomb open secret.tomb -k cleartext --unsafe
.EE .EE
.IP \(bu .IP \(bu