From 60b72ad91f37cc2773a371676584460b4d14fec5 Mon Sep 17 00:00:00 2001 From: Jaromil Date: Tue, 2 Jan 2018 13:27:42 +0100 Subject: [PATCH] documentation and version updates findmnt version shown --- AUTHORS.md | 3 ++- README.md | 65 +++++++++++++++++++++++++++++++++++------------------- tomb | 7 +++--- 3 files changed, 48 insertions(+), 27 deletions(-) diff --git a/AUTHORS.md b/AUTHORS.md index efb85f6..3a9d012 100644 --- a/AUTHORS.md +++ b/AUTHORS.md @@ -26,7 +26,8 @@ Shining the Translucent, Mancausoft, Asbesto Molesto, Nignux, TheJH, The Grugq, Reiven, GDrooid, Alphazo, Brian May, fsLeg, JoelMon, Narrat, Jerry Polfer, Jim Turner, Maxime Arthaud, RobertMX, mhogomchungu Mandeep Bhutani, Emil Lundberg, Joel Montes de Oca, Armin -Mesbah, Arusekk, Stephan Schindel and... the Linux Action Show! +Mesbah, Arusekk, Stephan Schindel, Asbjørn Apeland, Victor Calvert +and... the Linux Action Show! Tomb includes an implementation of the "Password-Based Key Derivation Function v2" based on GCrypt and written by Anthony Thyssen. diff --git a/README.md b/README.md index 31606a6..c49fab9 100644 --- a/README.md +++ b/README.md @@ -29,7 +29,13 @@ Download it from https://files.dyne.org/tomb Tomb aims to be a free and open source system for easy encryption and backup of personal files, written in code that is easy to review and -links shared GNU/Linux components. +links well reliable GNU/Linux components. + +Tomb's ambition is to provide military-grade security by way of: + +- a minimalist design consisting in small and well readable code +- facilitation of good practices, i.e: key/storage physical separation +- adoption of a few standard and well tested implementations. At present, Tomb consists of a simple shell script (Zsh) using standard filesystem tools (GNU) and the cryptographic API of the Linux @@ -111,24 +117,24 @@ For the instructions on how to get started using Tomb, see [INSTALL](INSTALL.md) # What is this for, exactly? This tool can be used to dig .tomb files (LUKS volumes), forge keys -protected by a password (GnuPG symmetric encryption) and use the keys -to lock the tombs. Tombs are like single files whose contents are -inaccessible in the absence of the key they were locked with and its -password. +protected by a password (GnuPG encryption) and use the keys to lock +the tombs. Tombs are like single files whose contents are inaccessible +in the absence of the key they were locked with and its password. Once open, the tombs are just like normal folders and can contain different files, plus they offer advanced functionalities like bind and execution hooks and fast search, or they can be slammed close even -if busy. Keys can be stored on separate media like USB sticks, NFC, or -bluetooth devices to make the transport of data safer: one always -needs both the tomb and the key, plus its password, to access it. +if busy. Keys can be stored on separate media like USB sticks, NFC, +on-line SSH servers or bluetooth devices to make the transport of data +safer: one always needs both the tomb and the key, plus its password, +to access it. The tomb script takes care of several details to improve user's -behaviour and the security of tombs in everyday usage: secures the +behaviour and the security of tombs in everyday usage: protects the typing of passwords from keyloggers, facilitates hiding keys inside -images, indexes and search a tomb's contents, lists open tombs and -selectively closes them, warns the user about free space and last time -usage, etc. +images, indexes and search a tomb's contents, mounts directories in +place, lists open tombs and selectively closes them, warns the user +about free space and last time usage, etc. # How secure is this? @@ -185,6 +191,15 @@ plain) encryption algorithm. Tomb can be used in conjunction with some other software applications, some are developed by Dyne.org, but some also by third parties. +### Included extra applications + +- [GTomb](extras/gtomb) is a graphical interface using zenity +- [gtk-tray](extras/gtk-tray) is a graphical tray icon for GTK panels +- [qt-tray](extras/qt-tray) is a graphical tray icon for QT panels +- [tomber](extras/tomber) is a wrapper to use Tomb in Python scripts + +### External applications + - [Secrets](https://secrets.dyne.org) is a software that can be operated on-line and on-site to split a Tomb key in shares to be distributed to peers: some of them have to agree to combine back the shares in order to retrieve the key. - [zuluCrypt](https://mhogomchungu.github.io/zuluCrypt/) is a graphical application to manage various types of encrypted volumes on GNU/Linux, among them also Tombs, written in C++. @@ -199,9 +214,14 @@ If you are writing a project supporting tomb volumes or wrapping tomb, let us kn ## Compliancy -Tomb qualifies as sound for use on information rated as "top secret" when used on an underlying stack of carefully reviewed hardware (random number generator and other components) and software (Linux kernel build, crypto modules, device manager, compiler used to built, shell interpreter and packaged dependencies). +Tomb qualifies as sound for use on information rated as "top secret" +when used on an underlying stack of carefully reviewed hardware +(random number generator and other components) and software (Linux +kernel build, crypto modules, device manager, compiler used to built, +shell interpreter and packaged dependencies). -Tomb volumes are fully compliant with the FIPS 197 advanced encryption standard published by NIST and with the following industry standards: +Tomb volumes are fully compliant with the FIPS 197 advanced encryption +standard published by NIST and with the following industry standards: - Information technology -- Security techniques -- Encryption algorithms - [ISO/IEC 18033-1:2015](http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=54530) -- Part 1: General @@ -215,7 +235,8 @@ Tomb implementation is known to address at least partially issues raised in: - [ISO/IEC 27005:2011](http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=56742) Information technology -- Security techniques -- Information security risk management - [ISO/IEC 24759:2014](http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=59142) Information technology -- Security techniques -- Test requirements for cryptographic modules -Any help on further verification of compliancy is very welcome, as the access to ISO/IEC document is limited due to its expensive nature. +Any help on further verification of compliancy is very welcome, as the +access to ISO/IEC document is limited due to its expensive nature. # Use stable releases in production! @@ -238,15 +259,13 @@ tarball on https://files.dyne.org/tomb Donations are very welcome, please go to https://www.dyne.org/donate -Translations are also needed: they can be contributed via this website -https://poeditor.com/join/project/b276xMGAmB -or simply sending the .po file. Start from `extras/po/tomb.pot`. +Translations are also welcome: they can be contributed editing sending +the .po files in [extras/translations](extras/translations). -The code is pretty short and readable: start looking around and the -materials found in `doc/` which are good pointers at security measures -to be further implemented. +The code is pretty short and readable. There is also a collection of +specifications and design materials in the [doc](doc) directory. -For the bleeding edge visit https://github.com/dyne/Tomb +To contribute code and reviews visit https://github.com/dyne/Tomb If you plan to commit code into Tomb, please keep in mind this is a minimalist tool and its code should be readable. Guidelines on the @@ -257,7 +276,7 @@ IRC on https://irc.dyne.org channel **#dyne** (or direct port 9999 SSL) # Licensing -Tomb is Copyright (C) 2007-2017 by the Dyne.org Foundation and +Tomb is Copyright (C) 2007-2018 by the Dyne.org Foundation and maintained by Denis Roio . More information on all the developers involved is found in the [AUTHORS](AUTHORS.md) file. diff --git a/tomb b/tomb index f5dcc30..9cbcd0c 100755 --- a/tomb +++ b/tomb @@ -7,7 +7,7 @@ # {{{ License -# Copyright (C) 2007-2017 Dyne.org Foundation +# Copyright (C) 2007-2018 Dyne.org Foundation # # Tomb is designed, written and maintained by Denis Roio # @@ -44,8 +44,8 @@ # {{{ Global variables -typeset VERSION="2.4" -typeset DATE="Apr/2017" +typeset VERSION="2.5-SNAPSHOT" +typeset DATE="Jan/2018" typeset TOMBEXEC=$0 typeset TMPPREFIX=${TMPPREFIX:-/tmp} # TODO: configure which tmp dir to use from a cli flag @@ -3085,6 +3085,7 @@ main() { `sudo -V | head -n1` `cryptsetup --version` `pinentry --version` + `findmnt -V` `gpg --version | head -n1` - key forging algorithms (GnuPG symmetric ciphers): `list_gnupg_ciphers` EOF