mirror of
https://github.com/Llewellynvdm/Tomb.git
synced 2024-11-22 12:35:13 +00:00
documentation and makefile scripts updates for release
This commit is contained in:
parent
710558381f
commit
0d690bf142
@ -13,7 +13,8 @@ German translation by x3nu.
|
||||
|
||||
Testing, reviews and documentation are contributed by Dreamer, Shining
|
||||
the Translucent, Mancausoft, Asbesto Molesto, Nignux, Vlax, The Grugq,
|
||||
Reiven, GDrooid, Alphazo, Brian May, TheJH and the Linux Action Show!
|
||||
Reiven, GDrooid, Alphazo, Brian May, TheJH, fsLeg, JoelMon and the
|
||||
Linux Action Show!
|
||||
|
||||
Cryptsetup was developed by Christophe Saout and Clemens Fruhwirth.
|
||||
|
||||
|
@ -12,10 +12,11 @@ connections: it is possible to pipe cleartext secrets from stdin using
|
||||
`-k cleartext` but that requires the --unsafe flag.
|
||||
|
||||
The security is also improved by avoiding most uses of temporary
|
||||
files. All code has been refactored for readability and integration
|
||||
with zsh features. Signal handlers are now in place, global arrays are
|
||||
used to keep track of temp files. Namespace has been revisioned and
|
||||
corrected, described in [HACKING](docs/HACKING.txt).
|
||||
files. The privilege escalation model has been simplified and sudo is
|
||||
called only when needed. All code has been refactored for readability
|
||||
and integration with zsh features. Signal handlers are now in place,
|
||||
global arrays are used to keep track of temp files. Namespace has been
|
||||
revisioned and corrected, described in [HACKING](docs/HACKING.txt).
|
||||
|
||||
## 1.5.3
|
||||
### June 2014
|
||||
|
128
INSTALL.md
128
INSTALL.md
@ -8,19 +8,19 @@ Tomb needs a few programs to be installed on a system in order to work:
|
||||
* sudo
|
||||
* gnupg
|
||||
* cryptsetup
|
||||
* pinentry-curses (or -gtk or -qt as you prefer)
|
||||
* pinentry-curses (and/or -gtk-2, -x11, -qt)
|
||||
|
||||
Most systems provide these tools in their package collection,
|
||||
for instance on Debian/Ubuntu one can use 'apt-get install'
|
||||
on Fedora and CentOS one can use 'yum install'
|
||||
Most systems provide these tools in their package collection, for
|
||||
instance on Debian/Ubuntu one can use `apt-get install` on Fedora and
|
||||
CentOS one can use `yum install` and `pacman` on Arch.
|
||||
|
||||
## Install Tomb
|
||||
|
||||
To install Tomb simply download the source distribution (the tar.gz file)
|
||||
and decompress it. From a terminal:
|
||||
from https://files.dyne.org/tomb and decompress it. From a terminal:
|
||||
|
||||
cd Downloads
|
||||
tar xvfz Tomb-1.5.3.tar.gz (correct with actual file name)
|
||||
tar xvfz Tomb-2.0.tar.gz (correct with actual file name)
|
||||
|
||||
Then enter its directory and run 'make install' as root, this will install
|
||||
Tomb into /usr/local:
|
||||
@ -33,12 +33,35 @@ After installation one can read the commandline help or read the manual:
|
||||
tomb -h (print a short help on the commandline)
|
||||
man tomb (show the full usage manual)
|
||||
|
||||
At this point one can proceed creating a tomb, for instance:
|
||||
# Basic usage
|
||||
|
||||
tomb dig -s 1000 secrets.tomb (be patient and wait a bit)
|
||||
tomb forge -k secrets.tomb.key (be patient and follow instructions)
|
||||
Once installed one can proceed creating a tomb, for instance:
|
||||
|
||||
tomb dig -s 10 secrets.tomb (dig a 10MB Tomb, be patient)
|
||||
tomb forge -k secrets.tomb.key (be patient and follow instructions)
|
||||
tomb lock -k secrets.tomb.key secrets.tomb
|
||||
|
||||
When this is done, the tomb can be opened with:
|
||||
|
||||
tomb open -k secrets.tomb.key secrets.tomb
|
||||
|
||||
The key can also be hidden in an image, to be used as key later
|
||||
|
||||
tomb bury -k secrets.tomb.key nosferatu.jpg
|
||||
tomb open -k nosferatu.jpg secrets.tomb
|
||||
|
||||
Or backupped to a QRCode that can be printed on paper and hidden in
|
||||
books. QRCodes can be scanned with any mobile application, resulting
|
||||
into a block of text that can be used with `-k` just as a normal key.
|
||||
|
||||
tomb engrave -k secrets.tomb.key (also an image will work)
|
||||
|
||||
There are some more things that tomb can do for you, make sure you
|
||||
have a look at the manpage and at the commandline help to find out
|
||||
more.
|
||||
|
||||
# Advanced usage
|
||||
|
||||
## Install optional tools
|
||||
|
||||
Tomb can use some optional tools to extend its functionalities:
|
||||
@ -66,36 +89,99 @@ functionality or integrate it into particular system environments.
|
||||
|
||||
### extras/gtk-tray
|
||||
|
||||
The Gtk3 tray adds a nifty tomb skull into the desktop toolbar: one can use it to close, slam and explore the open tomb represented by it.
|
||||
The Gtk tray adds a nifty tomb skull into the desktop toolbar: one can
|
||||
use it to close, slam and explore the open tomb represented by it.
|
||||
|
||||
To have it enter `extras/gtk-tray` then
|
||||
When using pinentry-gtk-2 it also adds a little skull on the password
|
||||
input, useful to not confuse it with other password inputs.
|
||||
|
||||
To have it change directory `extras/gtk-tray` then
|
||||
|
||||
1. make sure libnotify and gtk+-3.0 dev packages are available
|
||||
2. run `make` inside the directory to build `tomb-gtk-tray`
|
||||
3. optionally copy tomb-gtk-tray into your PATH (/usr/local/bin)
|
||||
4. start `tomb-gtk-tray tombname` for each tomb
|
||||
3. run `sudo make install` (default PREFIX is `/usr/local`)
|
||||
4. start `tomb-gtk-tray tombname` after the tomb is open
|
||||
|
||||
One can include the launch of tomb-gtk-tray from scripts.
|
||||
Of cource one can include the launch of tomb-gtk-tray scripts.
|
||||
|
||||
### extras/kdf-keys
|
||||
|
||||
The KDF wrapper programs allows one to use KDF rounds on passwords in order to obstruct dictionary based and similar brute-forcing attacks.
|
||||
The KDF wrapper programs allows one to use KDF rounds on passwords in
|
||||
order to obstruct dictionary based and similar brute-forcing attacks.
|
||||
|
||||
In case an attacker comes in possession of both a tomb and its key, the easy to memorize password can be guessed by rapidly trying different combinations. With KDF every try will require a significant amount of computation that will slow down the process avoiding tight loops and in fact making such attacks very onerous and almost impossible.
|
||||
In case an attacker comes in possession of both a tomb and its key,
|
||||
the easy to memorize password can be guessed by rapidly trying
|
||||
different combinations. With KDF every try will require a significant
|
||||
amount of computation that will slow down the process avoiding tight
|
||||
loops and in fact making such attacks very onerous and almost
|
||||
impossible.
|
||||
|
||||
To have it enter `extras/kdf-keys` then
|
||||
|
||||
1. make sure libgcrypt dev packages are available
|
||||
2. run `make` inside the directory to build tomb-kdb-* executables
|
||||
3. optionally copy tomb-kdb-* into your PATH (/usr/local/bin)
|
||||
4. always use tomb using the `--kdf` flag: forge, lock, open etc.
|
||||
3. run `sudo make install` (default PREFIX is `/usr/local`)
|
||||
4. use `--kdf 100` when forging a key (tune the number to your cpu)
|
||||
|
||||
In case one creates and uses KDF keys then the --kdf flag must be always present for tomb to work correctly. It might be handy to create an alias tomb=`tomb --kdf`.
|
||||
KDF keys are recognized automatically by Tomb, which will always need
|
||||
the `extras/kdf-keys` program to be installed on a machine in order to
|
||||
open the Tomb.
|
||||
|
||||
Please note that it doesn't makes much sense to use KDF keys and
|
||||
steganography, since the latter will invalidate the brute-forcing
|
||||
protection. For details on the issue see [KNOWN_BUGS.md](KNOWN_BUGS).
|
||||
|
||||
### extras/po (translations)
|
||||
|
||||
There are translations available for Tomb. If you wish to install them
|
||||
navigate to extras/po and run 'make install' as root:
|
||||
There are translations available for Tomb and they are installed by
|
||||
default. If you wish to update them manually navigate to extras/po
|
||||
and run 'make install' as root:
|
||||
|
||||
cd extras/po
|
||||
sudo make install
|
||||
|
||||
# Tomb support in other applications
|
||||
|
||||
Can Tomb be used by other applications?
|
||||
|
||||
Sure as Hell it can! Licensing issues aside ([GNU GPLv3+](COPYING)
|
||||
terms) Tomb provides machine-readable output and interaction via some
|
||||
flags:
|
||||
|
||||
flag | function
|
||||
--------------- | ------------------------------------------------
|
||||
--no-color | avoids coloring output to allow parsing
|
||||
--unsafe | allows passwords options and cleartext key from stdin
|
||||
--tomb-pwd | specify the key password as argument
|
||||
--tomb-old-pwd | specify the old key password as argument
|
||||
-k cleartext | reads the unencrypted key from stdin
|
||||
|
||||
Yet please consider that these flags may introduce vulnerabilities and
|
||||
other people logged on the same system can easily log your passwords
|
||||
while such commands are executing.
|
||||
We only recommend using the pinentry to input your passwords.
|
||||
|
||||
## Python
|
||||
|
||||
![](extras/images/python_for_tomb.png)
|
||||
|
||||
A Python wrapper is under development and already usable, but it
|
||||
introduces some vulnerabilities mentioned above. Find it in
|
||||
`extras/tomber`. For more information see [PYTHON](extras/PYTHON.md).
|
||||
|
||||
## Graphical applications
|
||||
|
||||
So far the only graphical application supporting Tomb volumes is
|
||||
[ZuluCrypt](https://github.com/mhogomchungu/zuluCrypt). One needs to
|
||||
activate the Tomb plugin included in its source and will be able to
|
||||
create, open and close tombs. It might still miss advanced Tomb
|
||||
functionalities that are only available from the command-line.
|
||||
|
||||
## Let us know!
|
||||
|
||||
If you plan to develop any kind of wrapper for Tomb you are welcome to
|
||||
let us know. Tomb is really meant to be maintained as a minimal tool
|
||||
for long-term compatibility when handling something so delicate as our
|
||||
secrets. For anything else we rely on your own initiative.
|
||||
|
||||
Happy hacking! :&^)
|
||||
|
69
README.md
69
README.md
@ -15,11 +15,10 @@
|
||||
|
||||
![](https://github.com/dyne/Tomb/blob/master/extras/images/monmort.png)
|
||||
|
||||
Latest stable version: **2.0**
|
||||
|
||||
Updates on website: https://www.dyne.org/software/tomb
|
||||
|
||||
Get the stable .tar.gz signed release for production use!
|
||||
|
||||
Download it from https://files.dyne.org/tomb
|
||||
|
||||
# What is Tomb, the crypto undertaker?
|
||||
@ -137,6 +136,9 @@ usability.
|
||||
|
||||
The code of Tomb is made to be read in literate programming style.
|
||||
|
||||
The file [KNOWN_BUGS.md](KNOWN_BUGS) contains some notes on known
|
||||
vulnerabilities and threat model analysis.
|
||||
|
||||
In absence of the Tomb script it is always possible to access the
|
||||
contents of a Tomb using a dm-crypt enabled Linux kernel, cryptsetup
|
||||
and GnuPG issuing the following commands as root:
|
||||
@ -183,7 +185,7 @@ tarball on https://files.dyne.org/tomb
|
||||
|
||||
# How can you help
|
||||
|
||||
Donations are always welcome, see https://www.dyne.org/donate
|
||||
Donations are very welcome, please go to https://www.dyne.org/donate
|
||||
|
||||
Translations are also needed: they can be contributed via this website
|
||||
https://poeditor.com/join/project?hash=33bdefea2e46b26f512a0caae55fbbb5
|
||||
@ -195,53 +197,32 @@ to be further implemented.
|
||||
|
||||
For the bleeding edge visit https://github.com/dyne/Tomb
|
||||
|
||||
If you plan to commit code into Tomb, please keep in mind this is a
|
||||
minimalist tool and its code should be readable. Guidelines on the
|
||||
coding style are illustrated in [doc/HACKING.txt](HACKING.txt).
|
||||
|
||||
Tomb's developers can be contacted using the issues on GitHub or over
|
||||
IRC on https://irc.dyne.org channel **#dyne**
|
||||
|
||||
Some enthusiastic ideas are in the [TODO](doc/TODO.org) file.
|
||||
# Licensing
|
||||
|
||||
Information on developers involved is found in the [AUTHORS](AUTHORS.md) file.
|
||||
Tomb is Copyright (C) 2007-2014 by the Dyne.org Foundation
|
||||
|
||||
# Can Tomb be used by applications?
|
||||
Tomb is designed, written and maintained by Denis Roio <jaromil@dyne.org>
|
||||
|
||||
Sure as Hell it can! Licensing issues aside ([GNU GPLv3+](COPYING)
|
||||
terms) Tomb provides machine-readable output and interaction via some flags:
|
||||
More information on all the developers involved is found in the
|
||||
[AUTHORS](AUTHORS.md) file.
|
||||
|
||||
flag | function
|
||||
--------------- | ------------------------------------------------
|
||||
--no-color | avoids coloring output to allow parsing
|
||||
--unsafe | allows passwords options and cleartext key from stdin
|
||||
--tomb-pwd | specify the key password as argument
|
||||
--tomb-old-pwd | specify the old key password as argument
|
||||
--sudo-pwd | specify the sudo password as argument
|
||||
-k cleartext | reads the unencrypted key from stdin
|
||||
This source code is free software; you can redistribute it and/or
|
||||
modify it under the terms of the GNU Public License as published by
|
||||
the Free Software Foundation; either version 3 of the License, or
|
||||
(at your option) any later version.
|
||||
|
||||
Yet please consider that these flags may introduce vulnerabilities and
|
||||
other people logged on the same system can easily log your passwords
|
||||
while such commands are executing.
|
||||
We only recommend using the pinentry to input your passwords.
|
||||
This source code is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Please refer
|
||||
to the GNU Public License for more details.
|
||||
|
||||
## Python
|
||||
|
||||
![](extras/images/python_for_tomb.png)
|
||||
|
||||
A Python wrapper is under development and already usable, but it
|
||||
introduces some vulnerabilities mentioned above. Find it in
|
||||
`extras/tomber`. For more information see [PYTHON](extras/PYTHON.md).
|
||||
|
||||
## Graphical applications
|
||||
|
||||
So far the only graphical application supporting Tomb volumes is
|
||||
[ZuluCrypt](https://github.com/mhogomchungu/zuluCrypt). One needs to
|
||||
activate the Tomb plugin included in its source and will be able to
|
||||
create, open and close tombs. It might still miss advanced Tomb
|
||||
functionalities that are only available from the command-line.
|
||||
|
||||
## Let us know!
|
||||
|
||||
If you plan to develop any kind of wrapper for Tomb you are welcome to
|
||||
let us know. Tomb is really meant to be maintained as a minimal tool
|
||||
for long-term compatibility when handling something so delicate as our
|
||||
secrets. For anything else we rely on your own initiative.
|
||||
|
||||
Happy hacking! :&^)
|
||||
You should have received a copy of the GNU Public License along with
|
||||
this source code; if not, write to: Free Software Foundation, Inc.,
|
||||
675 Mass Ave, Cambridge, MA 02139, USA.
|
||||
|
20
doc/tomb.1
20
doc/tomb.1
@ -1,4 +1,4 @@
|
||||
.TH tomb 1 "November 14, 2014" "tomb"
|
||||
.TH tomb 1 "November 26, 2014" "tomb"
|
||||
|
||||
.SH NAME
|
||||
Tomb \- the Crypto Undertaker
|
||||
@ -410,18 +410,24 @@ One can also try to get in touch with developers via the #dyne chat channel on \
|
||||
|
||||
Tomb is designed, written and maintained by Denis Roio aka Jaromil.
|
||||
|
||||
Tomb includes code by Anathema, Boyska and Hellekin O. Wolf.
|
||||
Tomb includes code by Anathema, Boyska, Hellekin O. Wolf and GDrooid.
|
||||
|
||||
Tomb's artwork is contributed by Jordi aka Mon Mort
|
||||
Tomb's artwork is contributed by Jordi aka Mon Mort and Logan VanCuren.
|
||||
|
||||
Testing and reviews are contributed by Dreamer, Shining, Mancausoft,
|
||||
Asbesto Molesto and Nignux.
|
||||
Gettext internationalization and Spanish translation is contributed by
|
||||
GDrooid, French translation by Hellekin, Russian translation by fsLeg,
|
||||
German translation by x3nu.
|
||||
|
||||
Cryptsetup was developed by Christophe Saout and Clemens Fruhwirth
|
||||
Testing, reviews and documentation are contributed by Dreamer, Shining
|
||||
the Translucent, Mancausoft, Asbesto Molesto, Nignux, Vlax, The Grugq,
|
||||
Reiven, GDrooid, Alphazo, Brian May, TheJH, fsLeg, JoelMon and the
|
||||
Linux Action Show!
|
||||
|
||||
Cryptsetup was developed by Christophe Saout and Clemens Fruhwirth.
|
||||
|
||||
.SH COPYING
|
||||
|
||||
This manual is Copyright (c) 2011-2013 by Denis Roio <\fIjaromil@dyne.org\fR>
|
||||
This manual is Copyright (c) 2011-2014 by Denis Roio <\fIjaromil@dyne.org\fR>
|
||||
|
||||
This manual includes contributions by Boyska.
|
||||
|
||||
|
@ -1,7 +1,12 @@
|
||||
PREFIX ?= /usr/local
|
||||
|
||||
all:
|
||||
gcc -I. `pkg-config --cflags libnotify gtk+-3.0` $(CFLAGS) -c tomb-gtk-tray.c
|
||||
gcc tomb-gtk-tray.o `pkg-config --libs libnotify gtk+-3.0` -o tomb-gtk-tray
|
||||
$(CC) -I. `pkg-config --cflags libnotify gtk+-3.0` $(CFLAGS) -c tomb-gtk-tray.c
|
||||
$(CC) tomb-gtk-tray.o `pkg-config --libs libnotify gtk+-3.0` -o tomb-gtk-tray
|
||||
|
||||
install:
|
||||
install -Dm666 gtkrc-2.0 ${DESTDIR}${PREFIX}/share/themes/tomb/gtk-2.0-key/gtkrc
|
||||
install -Dm666 monmort.xpm ${DESTDIR}${PREFIX}/share/themes/tomb/gtk-2.0-key/monmort.xpm
|
||||
|
||||
clean:
|
||||
rm *.o tomb-gtk-tray
|
||||
rm -f *.o tomb-gtk-tray
|
||||
|
3
extras/gtk-tray/gtkrc-2.0
Normal file
3
extras/gtk-tray/gtkrc-2.0
Normal file
@ -0,0 +1,3 @@
|
||||
pixmap_path "%prefix%/pixmaps"
|
||||
style "normal" { stock["gtk-dialog-authentication"] = {{"monmort.xpm"}} }
|
||||
widget "*" style "normal"
|
@ -2,10 +2,10 @@
|
||||
PREFIX ?= /usr/local
|
||||
|
||||
all:
|
||||
gcc -O2 -o tomb-kdb-pbkdf2 pbkdf2.c -lgcrypt
|
||||
gcc -O2 -o tomb-kdb-pbkdf2-getiter benchmark.c -lgcrypt
|
||||
gcc -O2 -o tomb-kdb-pbkdf2-gensalt gen_salt.c -lgcrypt
|
||||
gcc -O2 -o tomb-kdb-hexencode hexencode.c
|
||||
$(CC) -O2 -o tomb-kdb-pbkdf2 pbkdf2.c -lgcrypt
|
||||
$(CC) -O2 -o tomb-kdb-pbkdf2-getiter benchmark.c -lgcrypt
|
||||
$(CC) -O2 -o tomb-kdb-pbkdf2-gensalt gen_salt.c -lgcrypt
|
||||
$(CC) -O2 -o tomb-kdb-hexencode hexencode.c
|
||||
|
||||
clean:
|
||||
rm -f tomb-kdb-pbkdf2 tomb-kdb-pbkdf2-getiter tomb-kdb-pbkdf2-gensalt tomb-kdb-hexencode
|
||||
|
20
tomb
20
tomb
@ -4,9 +4,6 @@
|
||||
#
|
||||
# A commandline tool to easily operate encryption of secret data
|
||||
#
|
||||
# Homepage on: [tomb.dyne.org](http://tomb.dyne.org)
|
||||
#
|
||||
# In Emacs, you can use C-c @ C-q to (un)fold code using folding.el
|
||||
|
||||
# {{{ License
|
||||
|
||||
@ -16,10 +13,18 @@
|
||||
#
|
||||
# With contributions by Anathema, Boyska, Hellekin O. Wolf and GDrooid
|
||||
#
|
||||
# Testing and reviews are contributed by Dreamer, Shining, Mancausoft,
|
||||
# Asbesto Molesto and Nignux.
|
||||
# Gettext internationalization and Spanish translation is contributed by
|
||||
# GDrooid, French translation by Hellekin, Russian translation by fsLeg,
|
||||
# German translation by x3nu.
|
||||
#
|
||||
# Tomb's artwork is contributed by Jordi aka Mon Mort.
|
||||
# Testing, reviews and documentation are contributed by Dreamer, Shining
|
||||
# the Translucent, Mancausoft, Asbesto Molesto, Nignux, Vlax, The Grugq,
|
||||
# Reiven, GDrooid, Alphazo, Brian May, TheJH, fsLeg, JoelMon and the
|
||||
# Linux Action Show!
|
||||
#
|
||||
# Tomb's artwork is contributed by Jordi aka Mon Mort and Logan VanCuren.
|
||||
#
|
||||
# Cryptsetup was developed by Christophe Saout and Clemens Fruhwirth.
|
||||
|
||||
# This source code is free software; you can redistribute it and/or
|
||||
# modify it under the terms of the GNU Public License as published by
|
||||
@ -166,7 +171,8 @@ _cat() { local -a _arr;
|
||||
_is_found() {
|
||||
# returns 0 if binary if found in path
|
||||
[[ "$1" = "" ]] && return 1
|
||||
return command -v "$1" 1>/dev/null 2>/dev/null
|
||||
command -v "$1" 1>/dev/null 2>/dev/null
|
||||
return $?
|
||||
}
|
||||
|
||||
# Identify the running user
|
||||
|
Loading…
Reference in New Issue
Block a user