mirror of
https://github.com/Llewellynvdm/Tomb.git
synced 2024-11-29 08:14:08 +00:00
Documentation for -k cleartext and --unsafe
This commit is contained in:
parent
4d82b20199
commit
0d485bf51d
27
README.md
27
README.md
@ -208,25 +208,26 @@ Information on developers involved is found in the [AUTHORS](AUTHORS.md) file.
|
||||
Sure as Hell it can! Licensing issues aside ([GNU GPLv3+](COPYING)
|
||||
terms) Tomb provides machine-readable output and interaction via some flags:
|
||||
|
||||
flag | function
|
||||
-------------------- | ------------------------------------------------
|
||||
--no-color | avoids coloring output to allow parsing
|
||||
--unsecure-dev-mode | allows giving passwords as argument
|
||||
--tomb-pwd | specify the key password as argument
|
||||
--tomb-old-pwd | specify the old key password as argument
|
||||
--sudo-pwd | specify the sudo password as argument
|
||||
flag | function
|
||||
--------------- | ------------------------------------------------
|
||||
--no-color | avoids coloring output to allow parsing
|
||||
--unsafe | allows passwords options and cleartext key from stdin
|
||||
--tomb-pwd | specify the key password as argument
|
||||
--tomb-old-pwd | specify the old key password as argument
|
||||
--sudo-pwd | specify the sudo password as argument
|
||||
-k cleartext | reads the unencrypted key from stdin
|
||||
|
||||
Yet please consider that these flags may introduce vulnerabilities as
|
||||
process table scanning can reveal passwords while such commands are
|
||||
executing. For passwords in particular the best is always let Tomb
|
||||
gather them via pinentry.
|
||||
Yet please consider that these flags may introduce vulnerabilities and
|
||||
other people logged on the same system can easily log your passwords
|
||||
while such commands are executing. We only recommend using the
|
||||
pinentry input for your passwords.
|
||||
|
||||
## Python
|
||||
|
||||
![](extras/images/python_for_tomb.png)
|
||||
|
||||
A Python wrapper is under developed and already usable, but it
|
||||
introduces the vulnerabilities mentioned above. Find it in
|
||||
A Python wrapper is under development and already usable, but it
|
||||
introduces some vulnerabilities mentioned above. Find it in
|
||||
`extras/tomber`. For more information see [PYTHON](extras/PYTHON.md).
|
||||
|
||||
## Graphical applications
|
||||
|
@ -216,7 +216,7 @@ Print more information while running, for debugging purposes
|
||||
Suppress colors in console output (needed for string parsing by
|
||||
wrappers).
|
||||
.B
|
||||
.IP "--unsecure-dev-mode"
|
||||
.IP "--unsafe"
|
||||
Enable using dev-mode arguments, i.e. to pass passwords from
|
||||
commandline options. This is mostly used needed for execution by
|
||||
wrappers and testing suite.
|
||||
@ -345,11 +345,11 @@ local copy of it:
|
||||
.EE
|
||||
|
||||
.IP \(bu
|
||||
Open a Tomb on a remote server using the local key on stdin to SSH,
|
||||
Open a Tomb on a remote server passing the unencrypted local key on stdin via SSH,
|
||||
without saving any remote copy of it:
|
||||
|
||||
.EX
|
||||
cat .secrets/tomb.key | ssh server tomb open secret.tomb -k -
|
||||
gpg -d .secrets/tomb.key | ssh server tomb open secret.tomb -k cleartext --unsafe
|
||||
.EE
|
||||
|
||||
.IP \(bu
|
||||
|
Loading…
Reference in New Issue
Block a user