documentation updates

This commit is contained in:
Jaromil 2014-08-29 23:23:08 +02:00
parent e8aaf03b52
commit 76248f2d66
5 changed files with 89 additions and 47 deletions

View File

@ -1,18 +1,23 @@
Tomb is designed and written by Denis Roio aka Jaromil. Tomb is designed and written by Denis Roio aka Jaromil.
Tomb includes code by Anathema, Boyska and Hellekin O. Wolf. Tomb includes code by Anathema, Boyska, Hellekin O. Wolf and GDrooid.
Tomb's artwork is contributed by Jordi aka Mon Mort Tomb's artwork is contributed by Jordi aka Mon Mort.
Testing, reviews and documentation are contributed by Dreamer, Gettext internationalization and Spanish translation is contributed by
Shining, Mancausoft, Asbesto Molesto, Nignux, Vlax, Reiven and GDrooid, French translation by Hellekin, Russian translation by fsLeg,
GDrooid. German translation by x3nu.
Cryptsetup was developed by Christophe Saout and Clemens Fruhwirth Testing, reviews and documentation are contributed by Dreamer, Shining
the Translucent, Mancausoft, Asbesto Molesto, Nignux, Vlax, The Grugq,
Reiven, GDrooid and the Linux Action Show!
Cryptsetup was developed by Christophe Saout and Clemens Fruhwirth.
Tomb includes an implementation of the "Password-Based Key Derivation Tomb includes an implementation of the "Password-Based Key Derivation
Function v2" based on GCrypt and written by by Anthony Thyssen Function v2" based on GCrypt and written by Anthony Thyssen.
Tomb's developers can be contacted via the "crypto" mailinglist on Tomb's developers can be contacted via GitHub issues on
http://lists.dyne.org or on IRC https://irc.dyne.org channel #dyne https://www.github.com/dyne/Tomb or over IRC https://irc.dyne.org
channel **#dyne**.

View File

@ -1,5 +1,16 @@
# Tomb ChangeLog # Tomb ChangeLog
## 1.6
### September 2014
The way secrets are handled internally has been refactored to avoid
writing anything on the filesystem, improving security and speed.
Steganography functions have fixes and improved usability: it is now
possible to use an image directly as key i.e. `tomb open -k
image.jpg`. Four translations have been contributed: Spanish, French,
Russian and German.
## 1.5.3 ## 1.5.3
### June 2014 ### June 2014

View File

@ -45,10 +45,10 @@ Tomb can use some optional tools to extend its functionalities:
executable | function executable | function
---------- | --------------------------------------------------- ---------- | ---------------------------------------------------
dcfldd | show progress while executing long operations dcfldd | show progress while digging tombs and keys
steghide | bury and exhume keys inside images steghide | bury and exhume keys inside images
resizefs | extend the size of existing tomb volumes resizefs | extend the size of existing tomb volumes
qrencode | engrave keys into printable qrcode tags qrencode | engrave keys into printable qrcode sheets
mlocate | have fast search of file names inside tombs mlocate | have fast search of file names inside tombs
swish++ | have fast search of file contents inside tombs swish++ | have fast search of file contents inside tombs
unoconv | have fast search of contents in PDF and DOC files unoconv | have fast search of contents in PDF and DOC files
@ -58,12 +58,40 @@ the packages provided by each distribution.
Once any of the above is installed Tomb will find the tool automatically. Once any of the above is installed Tomb will find the tool automatically.
## Install Tomb extras ## Install Tomb Extras
Tomb comes with a bunch of extra tools that contribute to enhance its Tomb comes with a bunch of extra tools that contribute to enhance its
functionality or integrate it into particular system environments. functionality or integrate it into particular system environments.
### Install translations ### extras/gtk-tray
The Gtk3 tray adds a nifty tomb skull into the desktop toolbar: one can use it to close, slam and explore the open tomb represented by it.
To have it enter `extras/gtk-tray` then
1- make sure libnotify and gtk+-3.0 dev packages are available
2- run `make` inside the directory to build `tomb-gtk-tray`
3- optionally copy tomb-gtk-tray into your PATH (/usr/local/bin)
4- start `tomb-gtk-tray tombname` for each tomb
One can include the launch of tomb-gtk-tray from scripts.
### extras/kdf-keys
The KDF wrapper programs allows one to use KDF rounds on passwords in order to obstruct dictionary based and similar brute-forcing attacks.
In case an attacker comes in possession of both a tomb and its key, the easy to memorize password can be guessed by rapidly trying different combinations. With KDF every try will require a significant amount of computation that will slow down the process avoiding tight loops and in fact making such attacks very onerous and almost impossible.
To have it enter `extras/kdf-keys` then
1- make sure libgcrypt dev packages are available
2- run `make` inside the directory to build tomb-kdb-* executables
3- optionally copy tomb-kdb-* into your PATH (/usr/local/bin)
4- always use tomb using the `--kdf` flag: forge, lock, open etc.
In case one creates and uses KDF keys then the --kdf flag must be always present for tomb to work correctly. It might be handy to create an alias tomb=`tomb --kdf`.
### extras/po (translations)
There are translations available for Tomb. If you wish to install them There are translations available for Tomb. If you wish to install them
navigate to extras/po and run 'make install' as root: navigate to extras/po and run 'make install' as root:

View File

@ -12,12 +12,15 @@
' "*88888888* 'Y" `~ " `"` `%888*%" ' "*88888888* 'Y" `~ " `"` `%888*%"
^"***"` "` ^"***"` "`
*A minimalistic commandline tool to manage encrypted volumes* *A minimalistic commandline tool to manage encrypted volumes* aka **The Crypto Undertaker**
Latest version: **1.5.3** Latest stable version: **1.5.3**
Updates on website: http://dyne.org/software/tomb Updates on website: http://dyne.org/software/tomb
Get the stable .tar.gz signed release for production use!
Download it from https://files.dyne.org/tomb
# What is Tomb, the crypto undertaker # What is Tomb, the crypto undertaker
Tomb aims to be a free and open source system for easy encryption and Tomb aims to be a free and open source system for easy encryption and
@ -29,22 +32,6 @@ standard filesystem tools (GNU) and the cryptographic API of the Linux
kernel (cryptsetup and LUKS). Tomb can also produce machine parsable kernel (cryptsetup and LUKS). Tomb can also produce machine parsable
output to facilitate its use inside graphical applications. output to facilitate its use inside graphical applications.
# Use stable releases in production
Anyone planning to use Tomb to store and access secrets should not use
the latest development version in Git, but use instead the .tar.gz
release on https://files.dyne.org/tomb . The stable version will
always insure backward compatibility with older tombs: we make sure it
creates sane tombs and keys by running various tests before releasing
it. The development version in Git might introduce sudden bugs and is
not granted to produce backward or forward compatible tombs and keys.
Only developers and testers should use the Git version to report bugs,
test new features and develop patches.
So be warned: do not use the latest Git version in production
environments, but use a stable release versioned and packed as
tarball on https://files.dyne.org/tomb
# How does it works # How does it works
For the instructions on how to get started using Tomb, see [INSTALL](INSTALL.md). For the instructions on how to get started using Tomb, see [INSTALL](INSTALL.md).
@ -98,9 +85,25 @@ military grade use, where the integrity of informations stored depend
from the user's behaviour and the strenght of a standard AES-256 from the user's behaviour and the strenght of a standard AES-256
(XTS plain) encryption algorithm. (XTS plain) encryption algorithm.
# Use stable releases in production
Anyone planning to use Tomb to store and access secrets should not use
the latest development version in Git, but use instead the .tar.gz
release on https://files.dyne.org/tomb . The stable version will
always insure backward compatibility with older tombs: we make sure it
creates sane tombs and keys by running various tests before releasing
it. The development version in Git might introduce sudden bugs and is
not granted to produce backward or forward compatible tombs and keys.
Only developers and testers should use the Git version to report bugs,
test new features and develop patches.
So be warned: do not use the latest Git version in production
environments, but use a stable release versioned and packed as
tarball on https://files.dyne.org/tomb
# How can you help # How can you help
Donations are always welcome, see https://dyne.org/donate Donations are always welcome, see https://www.dyne.org/donate
Translations are also needed: they can be contributed via this website Translations are also needed: they can be contributed via this website
https://poeditor.com/join/project?hash=33bdefea2e46b26f512a0caae55fbbb5 https://poeditor.com/join/project?hash=33bdefea2e46b26f512a0caae55fbbb5
@ -112,10 +115,9 @@ to be further implemented.
For the bleeding edge visit https://github.com/dyne/Tomb For the bleeding edge visit https://github.com/dyne/Tomb
Tomb's developers can be contacted via the "crypto" mailinglist on Tomb's developers can be contacted using the issues on GitHub or over
http://lists.dyne.org or via IRC on https://irc.dyne.org channel #dyne IRC on https://irc.dyne.org channel **#dyne**
Some enthusiastic ideas are in the [TODO](doc/TODO.org) file. Some enthusiastic ideas are in the [TODO](doc/TODO.org) file.
Information on developers involved is found in the [AUTHORS](AUTHORS.md) file. Information on developers involved is found in the [AUTHORS](AUTHORS.md) file.

20
tomb
View File

@ -40,8 +40,8 @@
# {{{ Global variables # {{{ Global variables
VERSION=1.5.3 VERSION=1.6
DATE="Jun/2014" DATE="Sept/2014"
TOMBEXEC=$0 TOMBEXEC=$0
typeset -a OLDARGS typeset -a OLDARGS
for arg in ${argv}; do OLDARGS+=($arg); done for arg in ${argv}; do OLDARGS+=($arg); done
@ -1483,18 +1483,14 @@ change_tomb_key() {
# backward compatibility # backward compatibility
create_tomb() { create_tomb() {
_verbose "create_tomb(): ${=@} ${=OLDARGS}" _verbose "create_tomb(): ${=@} ${=OLDARGS}"
if ! [ $1 ]; then [[ "$1" = "" ]] && {
_warning "No tomb name specified for creation." _warning "No tomb name specified for creation."
return 1 return 1 }
fi
{ test -r "$1" } && {
_warning "Creating this tomb would overwrite an existing file. Operation aborted."
_failure "`ls -lh $1`" }
{ test $? = 0 } || { _failure "Failed to dig tomb, operation aborted." }
{ test -s "$1" } && {
_warning "Creating this tomb would overwrite an existing file."
ls -lh "$1"
_failure " Operation aborted." }
tombfile=`basename $1` tombfile=`basename $1`
tombdir=`dirname $1` tombdir=`dirname $1`