diff --git a/doc/tomb.1 b/doc/tomb.1 index 7962739..5fa4aa0 100644 --- a/doc/tomb.1 +++ b/doc/tomb.1 @@ -1,4 +1,4 @@ -.TH tomb 1 "February 05, 2017" "tomb" +.TH tomb 1 "April 16, 2017" "tomb" .SH NAME Tomb \- the Crypto Undertaker @@ -43,14 +43,13 @@ when run on a server with low entropy; to switch using a non-blocking source the \fI--use-urandom\fR flag can be used. The \fI-g\fR option switches on the use of a GPG key instead of a password (asymmetric encryption), then the \fI-r\fR option indicates the recipient key; -more recipient GPG ids can be indicated (comma separated) if the -option is followed by the \fI--shared\fR flag. The default cipher to -protect the key is AES256, a custom one can be specified using the -\fI-o\fR option, for a list of supported ciphers use \fI-v\fR. For -additional protection against dictionary attacks on keys, the -\fI--kdf\fR option can be used when forging a key, making sure that -the \fItomb-kdb-pbkdf2\fR binaries in \fIextras/kdf\fR were compiled -and installed on the system. +more recipient GPG ids can be indicated (comma separated). The default +cipher to protect the key is AES256, a custom one can be specified +using the \fI-o\fR option, for a list of supported ciphers use +\fI-v\fR. For additional protection against dictionary attacks on +keys, the \fI--kdf\fR option can be used when forging a key, making +sure that the \fItomb-kdb-pbkdf2\fR binaries in \fIextras/kdf\fR were +compiled and installed on the system. .B .IP "lock" @@ -129,12 +128,11 @@ situations. It requires \fIlsof\fR else it falls back to \fIclose\fR. Changes the password protecting a key file specified using \fI-k\fR. With keys encrypted for GPG recipients use \fI-g\fR followed by \fI-r\fR to indicate the new recipient key, or a comma separated -list followed by the \fI--shared\fR flag if more than one. The user -will need to know the key's current password, or possess at least one -of the current recipients GPG secret keys, because the key contents -will be decoded and reencoded using the new passwords or keys. If the -key file is broken (missing headers) this function also attempts its -recovery. +list.. The user will need to know the key's current password, or +possess at least one of the current recipients GPG secret keys, +because the key contents will be decoded and reencoded using the new +passwords or keys. If the key file is broken (missing headers) this +function also attempts its recovery. .B .IP "setkey" @@ -144,8 +142,8 @@ operation and their passwords or GPG recipient(s) secret keys must be available. The new key must be specified using the \fI-k\fR option, the first argument should be the old key and the second and last argument the tomb file. Use the \fI-g\fR option to unlock the tomb -with a GPG key, the \fI-r\fR to indicate the recipient and the -\fI--shared\fR option if encrypting for more than one recipient. +with a GPG key, the \fI-r\fR to indicate the recipient or a comma +separated list for more than one recipient. .B .IP "resize" @@ -218,17 +216,11 @@ the \fIsize\fR of the new file to be created. Units are megabytes (MiB). .B .IP "-g" Tell tomb to use a asymmetric GnuPG key encryption instead of a -symmetric passphrase to protect a tomb key. This option can be followed by \fI-r\fR when the command needs to specify recipient(s) and by the \fI--shared\fR flag when recipients are more than one. +symmetric passphrase to protect a tomb key. This option can be followed by \fI-r\fR when the command needs to specify recipient(s). .B .IP "-r \fI[,]\fR" -Provide a new set of recipient to encrypt a tomb key. \fIgpg_ids\fR -can be one or more (comma separated), if more than one recipient is -present the --shared flag must be present. -.B -.IP "--shared" -Activate the capability to share an asymmetrically encrypted tomb key -among multiple recipients. When this flag is enabled the \fI-r\fR -option should indicate more than one recipient, comma separated. +Provide a new set of recipient(s) to encrypt a tomb key. \fIgpg_ids\fR +can be one or more GPG key ID, comma separated. .B .IP "--kdf \fI\fR" Activate the KDF feature against dictionary attacks when creating a @@ -390,14 +382,16 @@ eval $(gpg-agent --daemon --write-env-file "${HOME}/.gpg-agent-info") In the future it may become mandatory to run gpg-agent when using tomb. .SH SHARE A TOMB -A tomb key can be encrypted with more than one recipient. Therefore, -a tomb can be shared between different user. The multiple recipients -are given using the \fI-r\fR (or/and \fI-R\fR) option and must be -separated by a coma: \fI,\fR. It is a very sensitive action, and the user -needs to trust all the GPG public keys it is going to share its tomb. -This is why this feature needs to be explicitly activated using in -more the flag \fI--shared\fR. The \fI--shared\fR option can be used -in the tomb commands: \fIforge\fR \fIsetkey\fR and \fIpasswd\fR. +A tomb key can be encrypted with more than one recipient. Therefore, a +tomb can be shared between different users. The recipients are given +using the \fI-r\fR (or/and \fI-R\fR) option and if multiple each GPG +key ID must be separated by a comma (\fI,\fR). Sharing a tomb is a +very sensitive action and the user needs to trust that all the GPG +public keys used are kept safe. If one of them its stolen or lost, it +will be always possible to use it to access the tomb key unless all +its copies are destroyed. The \fI-r\fR option can be used in the tomb +commands: \fIopen\fR, \fIforge\fR \fIsetkey\fR, \fIpasswd\fR, +\fIbury\fR, \fIexhume\fR and \fIresize\fR. .SH EXAMPLES @@ -487,7 +481,7 @@ channel on \fIhttps://irc.dyne.org\fR. .SH COPYING -This manual is Copyright (c) 2011-2015 by Denis Roio <\fIjaromil@dyne.org\fR> +This manual is Copyright (c) 2011-2017 by Denis Roio <\fIjaromil@dyne.org\fR> This manual includes contributions by Boyska and Hellekin O. Wolf.