mirror of
https://github.com/Llewellynvdm/Tomb.git
synced 2025-01-22 14:38:25 +00:00
last fixes and documentation for release
manual page updates and improvements to kdf argument handling
This commit is contained in:
parent
064b9c964c
commit
914ac9594e
18
ChangeLog
18
ChangeLog
@ -1,5 +1,17 @@
|
||||
June 2013 - 1.3.1
|
||||
|
||||
June 2013 - 1.4
|
||||
|
||||
This release fixes an important bug affecting Tomb 1.3.* which
|
||||
breaks backward compatibility with older tombs and invalidates
|
||||
keys created using 1.3 or 1.3.1. For more information about it
|
||||
read the file KNOWN_BUGS. New features are also included:
|
||||
indexing and search of file contents, engraving of keys into paper
|
||||
printable QRCodes for backup purposes and improvements in key
|
||||
encryption. A setkey command is added to change the key file that
|
||||
is locking a Tomb. This release restores backward compatibility
|
||||
with tombs created before the 1.3 release series.
|
||||
|
||||
June 2013 - 1.3.1 (DEPRECATED USAGE, see 1.4 and KNOWN_BUGS)
|
||||
|
||||
Major bugfixes following the recent refactoring. This release
|
||||
fixes various advanced commands as search/index, KDF key
|
||||
protection against dictionary attacks and steganographic hiding of
|
||||
@ -8,7 +20,7 @@ June 2013 - 1.3.1
|
||||
consistent and full paths are honored. A new test suite is
|
||||
included and documentation is updated accordingly.
|
||||
|
||||
May 2013 - 1.3
|
||||
May 2013 - 1.3 (DEPRECATED USAGE, see 1.4 and KNOWN_BUGS)
|
||||
|
||||
A refactoring of Tomb's main script internals was made, including
|
||||
a new messaging system, machine parsable output, cleaner code and
|
||||
|
19
KNOWN_BUGS
Normal file
19
KNOWN_BUGS
Normal file
@ -0,0 +1,19 @@
|
||||
* Compatibility broken in Tomb 1.3 and 1.3.1
|
||||
|
||||
Due to an error in the creation and decoding of key files, release
|
||||
versions 1.3 and 1.3.1 cannot open older tombs, plus the tombs created
|
||||
with them will not be opened with older and newer versions of Tomb.
|
||||
|
||||
This bug was fixed in commit 551a7839f500a9ba4b26cd63774019d91615cb16
|
||||
|
||||
Those who have created tombs with older versions can simply upgrade
|
||||
to release 1.4 (and any other following release) to fix this issue
|
||||
and be able to operate their tombs normally.
|
||||
|
||||
Those who have used Tomb 1.3 or 1.3.1 to create new tombs should use
|
||||
Tomb version 1.3.1 to open them and then migrate the contents into a
|
||||
new tomb created using the latest Tomb version.
|
||||
|
||||
This bug was due to a typo in the code which appended a GnuPG status
|
||||
string to the content of keys. All users of Tomb 1.3.* should pay
|
||||
particular attention to this issue.
|
2
README
2
README
@ -12,7 +12,7 @@ X~ `?888888hx~ ...ue888b .888: x888 x888. 8888 .
|
||||
' "*88888888* 'Y" `~ " `"` `%888*%"
|
||||
^"***"` "`
|
||||
|
||||
A minimalistic commandline tool to manage encrypted volumes v.1.3.1
|
||||
A minimalistic commandline tool to manage encrypted volumes v.1.4
|
||||
|
||||
http://tomb.dyne.org
|
||||
|
||||
|
44
doc/tomb.1
44
doc/tomb.1
@ -1,4 +1,4 @@
|
||||
.TH tomb 1 "May 25, 2013" "tomb"
|
||||
.TH tomb 1 "June 20, 2013" "tomb"
|
||||
|
||||
.SH NAME
|
||||
Tomb \- the Crypto Undertaker
|
||||
@ -30,18 +30,23 @@ harddisk and its key file on a USB stick.
|
||||
.IP "dig"
|
||||
Generates a file that can be used as a tomb and will occupy as much
|
||||
space as its desired initial size, the unlocked \fI.tomb\fR file can
|
||||
then be locked using a \fI.tomb.key\fR. It takes a mandatory option
|
||||
which is the \fI--size\fR in megabytes (MiB). This generation is
|
||||
relatively simple: its a data dump (dd) of low-quality random data
|
||||
(from /dev/urandom) and does not require root privileges.
|
||||
then be locked using a \fIkey\fR. It takes a mandatory option which is
|
||||
the \fI--size\fR in megabytes (MiB). Tombs are digged using
|
||||
low-quality random data (/dev/urandom).
|
||||
|
||||
.B
|
||||
.IP "forge"
|
||||
Creates a new \fIkey\fR and prompts the user for a \fIpassword\fR to
|
||||
protect its usage. This operation requires high quality random data
|
||||
(from /dev/random) which can take quite some time to be gathered on a
|
||||
(/dev/random) which can take quite some time to be gathered on a
|
||||
server: it works better on a desktop where the mouse can be moved
|
||||
around for entropy.
|
||||
around for entropy. The default cipher to protect the key is AES256, a
|
||||
custom one can be specified using the \fI-o\fR option, for a list of
|
||||
supported ciphers use \fI-v\fR. For additional protection against
|
||||
dictionary attacks on keys, the (experimental) \fI--kdf\fR option can
|
||||
be used when forging a key, making sure that the \fItomb-kdb-pbkdf2\fR
|
||||
binaries in \fIextras/kdf\fR were compiled and installed on the
|
||||
system.
|
||||
|
||||
.B
|
||||
.IP "lock"
|
||||
@ -102,13 +107,20 @@ situations.
|
||||
|
||||
.B
|
||||
.IP "passwd"
|
||||
Changes the password protecting a \fIkey\fR file specified using
|
||||
Changes the password protecting a key file specified using
|
||||
\fI-k\fR. The user will need to know the key's current password, then
|
||||
its content will be decoded and reencoded using the new one. This
|
||||
action can't be forced if the current password is not known. If the
|
||||
key file is broken (missing headers) this function also attempts its
|
||||
recovery.
|
||||
|
||||
.B
|
||||
.IP "setkey"
|
||||
Changes the key file that locks a tomb, substituting the old one with
|
||||
a new one. Both the old and the new key files are needed for this
|
||||
operation and their passwords must be known. The new key must be
|
||||
specified using the \fI-k\fR option, the first argument should be the old
|
||||
key and the second and last argument the tomb file.
|
||||
|
||||
.B
|
||||
.IP "resize"
|
||||
@ -119,6 +131,15 @@ can never be made smaller. This command makes use of the cryptsetup
|
||||
resize feature and the resize2fs command: its much more practical than
|
||||
creating a new tomb and moving everything into it.
|
||||
|
||||
.B
|
||||
.IP "engrave"
|
||||
This command transforms a tomb key into an image that can be printed
|
||||
on paper and phisically stored as backup, i.e. hidden in a book. It
|
||||
Renders a QRCode of the tomb key, still protected by its password: a
|
||||
PNG image (extension \fI.qr.png\fR) will be created in the current
|
||||
directory and can be later printed (fits an A4 or Letter format). To
|
||||
recover an engraved key one can use any QRCode reader on a smartphone:
|
||||
save it into a file and then use that file as a key (\fI-k\fR).
|
||||
|
||||
.B
|
||||
.IP "bury"
|
||||
@ -152,9 +173,10 @@ other media. If \fI<keyfile>\fR is "-" (dash), it will read it from
|
||||
stdin.
|
||||
.B
|
||||
.IP "--kdf \fI<seconds>\fR"
|
||||
Activate the KDF feature against dictionary attacks when creating a key: forces a
|
||||
delay of \fI<seconds>\fR every time this key is used. Floating point values
|
||||
are accepted, default is 1.
|
||||
Activate the KDF feature against dictionary attacks when creating a
|
||||
key: forces a delay of \fI<seconds>\fR every time this key is
|
||||
used. This feature is still \fIexperimental\fR and not recommended in
|
||||
production environments.
|
||||
.B
|
||||
.IP "-n"
|
||||
Skip processing of post-hooks and bind-hooks if found inside the tomb.
|
||||
|
@ -57,7 +57,15 @@ notice "Testing creation: forge"
|
||||
|
||||
tt --ignore-swap --unsecure-dev-mode --tomb-pwd ${dummypass} --use-urandom forge /tmp/test.tomb.key
|
||||
|
||||
{ test $? = 0 } && { results+=(forge SUCCESS) }
|
||||
{ test $? = 0 } && {
|
||||
results+=(forge SUCCESS)
|
||||
#
|
||||
say "Dump of clear key contents to examine them:"
|
||||
print ${dummypass} \
|
||||
| gpg --batch --passphrase-fd 0 --no-tty --no-options -d /tmp/test.tomb.key \
|
||||
| hexdump -C
|
||||
echo --
|
||||
}
|
||||
|
||||
notice "Testing creation: lock"
|
||||
|
||||
|
45
tomb
45
tomb
@ -270,16 +270,18 @@ Commands:
|
||||
list list of open TOMBs and information on them
|
||||
close close a specific TOMB (or 'all')
|
||||
slam slam a TOMB killing all programs using it
|
||||
|
||||
// Operations on keys:
|
||||
passwd change the password of a KEY
|
||||
change change the KEY locking a TOMB (needs old one)
|
||||
EOF
|
||||
if [ "$RESIZER" = 1 ]; then
|
||||
cat <<EOF
|
||||
resize resize a TOMB to a new --size (can only grow)
|
||||
EOF
|
||||
fi
|
||||
cat <<EOF
|
||||
|
||||
// Operations on keys:
|
||||
passwd change the password of a KEY
|
||||
setkey change the KEY locking a TOMB (needs old one)
|
||||
EOF
|
||||
|
||||
{ test "$QRENCODE" = "1" } && {
|
||||
cat <<EOF
|
||||
@ -769,22 +771,28 @@ gen_key() {
|
||||
fi
|
||||
|
||||
header=""
|
||||
{ option_is_set --kdf } && {
|
||||
{ test "$KDF" = 1 } && {
|
||||
{ option_is_set --kdf } && {
|
||||
# KDF is a new key strenghtening technique against brute forcing
|
||||
# see: https://github.com/dyne/Tomb/issues/82
|
||||
itertime="`option_value --kdf`"
|
||||
{ test "$itertime" = "" } && { itertime=".5" }
|
||||
_verbose "KDF itertime chosen: $itertime"
|
||||
itertime="`option_value --kdf`"
|
||||
# removing support of floating points because they can't be type checked well
|
||||
if [[ "$itertime" != <-> ]]; then
|
||||
unset tombpass
|
||||
unset tombpasstmp
|
||||
die "Wrong argument for --kdf: must be an integer number (iteration seconds)"
|
||||
fi
|
||||
# --kdf takes one parameter: iter time (on present machine) in seconds
|
||||
local -i microseconds
|
||||
microseconds=$((itertime*1000000))
|
||||
_verbose "Microseconds: $microseconds"
|
||||
pbkdf2_salt=`tomb-kdb-pbkdf2-gensalt`
|
||||
pbkdf2_iter=`tomb-kdb-pbkdf2-getiter $microseconds`
|
||||
local -i microseconds
|
||||
microseconds=$((itertime*10000))
|
||||
yes "Using KDF, iterations: $microseconds"
|
||||
pbkdf2_salt=`tomb-kdb-pbkdf2-gensalt`
|
||||
pbkdf2_iter=`tomb-kdb-pbkdf2-getiter $microseconds`
|
||||
# We use a length of 64bytes = 512bits (more than needed!?)
|
||||
tombpass=`tomb-kdb-pbkdf2 $pbkdf2_salt $pbkdf2_iter 64 <<<"${tombpass}"`
|
||||
|
||||
header="_KDF_pbkdf2sha1_${pbkdf2_salt}_${pbkdf2_iter}_64\n"
|
||||
tombpass=`tomb-kdb-pbkdf2 $pbkdf2_salt $pbkdf2_iter 64 <<<"${tombpass}"`
|
||||
|
||||
header="_KDF_pbkdf2sha1_${pbkdf2_salt}_${pbkdf2_iter}_64\n"
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -796,6 +804,7 @@ gen_key() {
|
||||
-o - -c -a ${lukskey}
|
||||
|
||||
unset tombpass
|
||||
unset tombpasstmp
|
||||
}
|
||||
|
||||
# prints an array of ciphers available in gnupg (to encrypt keys)
|
||||
@ -2147,7 +2156,7 @@ main() {
|
||||
subcommands_opts[forge]="f -force -ignore-swap k: -key=k -kdf: o: -tomb-pwd: -use-urandom "
|
||||
subcommands_opts[dig]="f -force -ignore-swap s: -size=s "
|
||||
subcommands_opts[lock]="f -force -ignore-swap k: -key=k o: -sudo-pwd: -tomb-pwd: "
|
||||
subcommands_opts[change]="f -force -ignore-swap k: -key=k -sudo-pwd: -tomb-pwd: "
|
||||
subcommands_opts[setkey]="f -force -ignore-swap k: -key=k -sudo-pwd: -tomb-pwd: "
|
||||
subcommands_opts[engrave]="k: -key=k "
|
||||
|
||||
subcommands_opts[passwd]="f -ignore-swap -kdf: -tomb-old-pwd: -tomb-pwd: "
|
||||
@ -2275,7 +2284,7 @@ main() {
|
||||
lock_tomb_with_key ${=PARAM}
|
||||
;;
|
||||
|
||||
change)
|
||||
setkey)
|
||||
check_priv
|
||||
change_tomb_key ${=PARAM}
|
||||
;;
|
||||
|
Loading…
x
Reference in New Issue
Block a user