imported python tomber into extras

more documentation updates
This commit is contained in:
Jaromil 2014-11-16 15:18:11 +01:00
parent ced2e5fcb8
commit a568cdf546
11 changed files with 233 additions and 20 deletions

View File

@ -3,7 +3,9 @@ Tomb is designed and written by Denis Roio aka Jaromil.
Tomb includes code by Anathema, Boyska, Hellekin O. Wolf and GDrooid. Tomb includes code by Anathema, Boyska, Hellekin O. Wolf and GDrooid.
Tomb's artwork is contributed by Jordi aka Mon Mort. Tomber, the Python Tomb wrapper, is written by Reiven.
Tomb's artwork is contributed by Jordi aka Mon Mort and Logan VanCuren.
Gettext internationalization and Spanish translation is contributed by Gettext internationalization and Spanish translation is contributed by
GDrooid, French translation by Hellekin, Russian translation by fsLeg, GDrooid, French translation by Hellekin, Russian translation by fsLeg,

View File

@ -1,4 +1,3 @@
# TOMB INSTALLATION INSTRUCTIONS # TOMB INSTALLATION INSTRUCTIONS
## Install required tools ## Install required tools
@ -6,6 +5,7 @@
Tomb needs a few programs to be installed on a system in order to work: Tomb needs a few programs to be installed on a system in order to work:
* zsh * zsh
* sudo
* gnupg * gnupg
* cryptsetup * cryptsetup
* pinentry-curses (or -gtk or -qt as you prefer) * pinentry-curses (or -gtk or -qt as you prefer)
@ -52,6 +52,7 @@ executable | function
mlocate | have fast search of file names inside tombs mlocate | have fast search of file names inside tombs
swish++ | have fast search of file contents inside tombs swish++ | have fast search of file contents inside tombs
unoconv | have fast search of contents in PDF and DOC files unoconv | have fast search of contents in PDF and DOC files
haveged | have fast entropy generation for key forging
As for requirements, also optional tools may be easy to install using As for requirements, also optional tools may be easy to install using
the packages provided by each distribution. the packages provided by each distribution.
@ -98,4 +99,3 @@ navigate to extras/po and run 'make install' as root:
cd extras/po cd extras/po
sudo make install sudo make install

120
README.md
View File

@ -1,4 +1,3 @@
..... .. ..... ..
.H8888888h. ~-. . uW8" .H8888888h. ~-. . uW8"
888888888888x `> u. .. . : `t888 888888888888x `> u. .. . : `t888
@ -14,6 +13,8 @@
*A minimalistic commandline tool to manage encrypted volumes* aka **The Crypto Undertaker** *A minimalistic commandline tool to manage encrypted volumes* aka **The Crypto Undertaker**
![](https://github.com/dyne/Tomb/blob/master/extras/images/monmort.png)
Latest stable version: **2.0** Latest stable version: **2.0**
Updates on website: https://www.dyne.org/software/tomb Updates on website: https://www.dyne.org/software/tomb
@ -34,8 +35,74 @@ output to facilitate its use inside graphical applications.
# How does it work? # How does it work?
To create a Tomb, do:
```
$ tomb dig -s 100 secret.tomb
$ tomb forge secret.tomb.key
$ tomb lock secret.tomb -k secret.tomb.key
```
To open it, do
```
$ tomb open secret.tomb -k secret.tomb.key
```
and after you are done
```
$ tomb close
```
or if you are in a hurry
```
$ tomb slam all
```
For the instructions on how to get started using Tomb, see [INSTALL](INSTALL.md). For the instructions on how to get started using Tomb, see [INSTALL](INSTALL.md).
```
Syntax: tomb [options] command [arguments]
Commands:
// Creation:
dig create a new empty TOMB file of size -s in MB
forge create a new KEY file and set its password
lock installs a lock on a TOMB to use it with KEY
// Operations on tombs:
open open an existing TOMB
index update the search indexes of tombs
search looks for filenames matching text patterns
list list of open TOMBs and information on them
close close a specific TOMB (or 'all')
slam slam a TOMB killing all programs using it
resize resize a TOMB to a new size -s (can only grow)
// Operations on keys:
passwd change the password of a KEY (needs old pass)
setkey change the KEY locking a TOMB (needs old key and pass)
// Backup on paper:
engrave makes a QR code of a KEY to be saved on paper
// Steganography:
bury hide a KEY inside a JPEG image (for use with -k)
exhume extract a KEY from a JPEG image (prints to stout)
Options:
-s size of the tomb file when creating/resizing one (in MB)
-k path to the key to be used ('-k -' to read from stdin)
-n don't process the hooks found in tomb
-o mount options used to open (default: rw,noatime,nodev)
-f force operation (i.e. even if swap is active)
--kdf generate passwords armored against dictionary attacks
-h print this help
-v print version, license and list of available ciphers
-q run quietly without printing informations
-D print debugging information at runtime
```
# What is it for, exactly?
This tool can be used to dig .tomb files (LUKS volumes), forge keys This tool can be used to dig .tomb files (LUKS volumes), forge keys
protected by a password (GnuPG symmetric encryption) and use the keys protected by a password (GnuPG symmetric encryption) and use the keys
to lock the tombs. Tombs are like single files whose contents are to lock the tombs. Tombs are like single files whose contents are
@ -81,11 +148,11 @@ encrypt the Home directory of users, a system implemented already in
As of today, Tomb is a very stable tool also used in mission critical As of today, Tomb is a very stable tool also used in mission critical
situations by a number of activists in dangerous zones. It has been situations by a number of activists in dangerous zones. It has been
reviewed by forensics analysts and it can be considered to be safe for reviewed by forensics analysts and it can be considered to be safe for
military grade use where the integrity of information stored depends on military grade use where the integrity of information stored depends
the user's behaviour and the strength of a standard AES-256 on the user's behaviour and the strength of a standard AES-256 (XTS
(XTS plain) encryption algorithm. plain) encryption algorithm.
# Use stable releases in production # Use stable releases in production!
Anyone planning to use Tomb to store and access secrets should not use Anyone planning to use Tomb to store and access secrets should not use
the latest development version in Git, but use instead the .tar.gz the latest development version in Git, but use instead the .tar.gz
@ -121,3 +188,46 @@ IRC on https://irc.dyne.org channel **#dyne**
Some enthusiastic ideas are in the [TODO](doc/TODO.org) file. Some enthusiastic ideas are in the [TODO](doc/TODO.org) file.
Information on developers involved is found in the [AUTHORS](AUTHORS.md) file. Information on developers involved is found in the [AUTHORS](AUTHORS.md) file.
# Can Tomb be used inside other applications?
Sure as Hell it can! Licensing issues aside ([GNU GPLv3+](COPYING)
terms) Tomb provides machine-readable output and interaction via some flags:
flag | function
-------------------- | ------------------------------------------------
--no-color | avoids coloring output to allow parsing
--unsecure-dev-mode | allows giving passwords as argument
--tomb-pwd | specify the key password as argument
--tomb-old-pwd | specify the old key password as argument
--sudo-pwd | specify the sudo password as argument
Yet please consider that these flags may introduce vulnerabilities as
process table scanning can reveal passwords while such commands are
executing. For passwords in particular the best is always let Tomb
gather them via pinentry.
## Python
![](extras/images/python_for_tomb.png)
A Python wrapper is under developed and already usable, but it
introduces the vulnerabilities mentioned above. Find it in
`extras/tomber`. For more information see [PYTHON](extras/PYTHON.md).
## Graphical applications
So far the only graphical application supporting Tomb volumes is
[ZuluCrypt](https://github.com/mhogomchungu/zuluCrypt). One needs to
activate the Tomb plugin included in its source and will be able to
create, open and close tombs. It might still miss advanced Tomb
functionalities that are only available from the command-line.
## Let us know!
If you plan to develop any kind of wrapper for Tomb you are welcome to
let us know. Tomb is really meant to be maintained as a minimal tool
for long-term compatibility when handling something so delicate as our
secrets. For anything else we rely on your own initiative.
Happy hacking! :&^)

73
extras/PYTHON.md Normal file
View File

@ -0,0 +1,73 @@
Tomber: a Python wrapper for Tomb
=================================
Found in [extras/tomber](/extras/tomber)
Description
-----------
Tomber is a python wrapper for [Tomb](https://github.com/dyne/Tomb).
It relies on Python's subprocess module for Tomb command execution.
Please note that for future compatibility with Tomb, using subprocess
execution of the tomb script is the recommended way to wrap its
functionalities in other languages.
Tomber is still under development. Any contributions are greatly
welcomed here or on its original repository
https://github.com/reiven/Tomb
Installation
----------
First of all Tomb must be installed. Refer to [INSTALL](/INSTALL.md)
Then Tomber can be installed from
[PyPi](https://pypi.python.org/pypi) using
[pip](https://pypi.python.org/pypi/pip).
Enter the following command in a terminal:
pip install tomber
Alternatively you can install it from this source repository
Example usage
-------------
```python
from tomber import *
# dig a tomb of 20mb
tdig('test.tomb',20)
# forge a key
tforge('test.key', 'this is the passphrase for the key')
# lock the tomb
tlock('test.tomb', 'test.key', 'this is the passphrase for the key')
# open the tomb
topen('test.tomb', 'test.key', 'this is the passphrase for the key', '/tmp/tomb')
# close the tomb
tclose('test')
```
Running tests
-------------
Keep in mind that the included *test.py* file execute the
`Tomb.slam()` command which will likely close any tombs, encrypted
volumes, you may have open.
License
-------
Tomber is Copyright (c) 2014 by Federico Cardoso <reiven@gmail.com>
This package is distributed under BSD License.
See [LICENSE](https://github.com/reiven/pynientos/blob/master/LICENSE)

8
extras/desktop/README Normal file
View File

@ -0,0 +1,8 @@
This is unfinished and very boring to do.
Freedesktop standards are gnarly.
Hoping someone in need finishes this sometime.
For contact: https://irc.dyne.org #dyne (IRC SSL port 9999)

24
extras/gtk-tray/README.md Normal file
View File

@ -0,0 +1,24 @@
# Gtk2 tray icon for Tomb
## by Jaromil
If you like to see our nifty little skull on the upper right corner of
your desktop, then compile and install this little auxiliary program.
Use by launching `tomb-gtk-tray` followed by the name of your tomb as
reported by `tomb list`. For instance if your tomb is `secrets.tomb`:
```
$ tomb-gtk-tray secrets
```
The tray offers a drop-down menu with three options:
+ `explore` will launch your desktop configured filemanager
+ `close` will try to close the tomb (fails if in use)
+ `slam` will slam the tomb killing all applications using it
Please note you need to launch this program for each tomb you want it
to administer, then you will have a skull visible for each tomb open.
By mouse-over the skull tells the name of the tomb it is open for.
Enjoy!

Binary file not shown.

After

Width:  |  Height:  |  Size: 929 B

View File

@ -5,14 +5,14 @@ all:
gcc -O2 -o tomb-kdb-pbkdf2 pbkdf2.c -lgcrypt gcc -O2 -o tomb-kdb-pbkdf2 pbkdf2.c -lgcrypt
gcc -O2 -o tomb-kdb-pbkdf2-getiter benchmark.c -lgcrypt gcc -O2 -o tomb-kdb-pbkdf2-getiter benchmark.c -lgcrypt
gcc -O2 -o tomb-kdb-pbkdf2-gensalt gen_salt.c -lgcrypt gcc -O2 -o tomb-kdb-pbkdf2-gensalt gen_salt.c -lgcrypt
gcc -O2 -o hexencode hexencode.c gcc -O2 -o tomb-kdb-hexencode hexencode.c
clean: clean:
rm -f tomb-kdb-pbkdf2 tomb-kdb-pbkdf2-getiter tomb-kdb-pbkdf2-gensalt hexencode rm -f tomb-kdb-pbkdf2 tomb-kdb-pbkdf2-getiter tomb-kdb-pbkdf2-gensalt tomb-kdb-hexencode
install: install:
install -Dm755 tomb-kdb-pbkdf2 ${DESTDIR}${PREFIX}/bin/tomb-kdb-pbkdf2 install -Dm755 tomb-kdb-pbkdf2 ${DESTDIR}${PREFIX}/bin/tomb-kdb-pbkdf2
install -Dm755 tomb-kdb-pbkdf2-getiter ${DESTDIR}${PREFIX}/bin/tomb-kdb-pbkdf2-getiter install -Dm755 tomb-kdb-pbkdf2-getiter ${DESTDIR}${PREFIX}/bin/tomb-kdb-pbkdf2-getiter
install -Dm755 tomb-kdb-pbkdf2-gensalt ${DESTDIR}${PREFIX}/bin/tomb-kdb-pbkdf2-gensalt install -Dm755 tomb-kdb-pbkdf2-gensalt ${DESTDIR}${PREFIX}/bin/tomb-kdb-pbkdf2-gensalt
install -Dm755 hexencode ${DESTDIR}${PREFIX}/bin/hexencode install -Dm755 hexencode ${DESTDIR}${PREFIX}/bin/tomb-kdb-hexencode
@echo "Tomb-kdb auxiliary binaries installed in ${PREFIX}" @echo "Tomb-kdb auxiliary binaries installed in ${DESTDIR}${PREFIX}/bin"

View File

@ -13,12 +13,10 @@ PLANS
While this can be useful for general purpose, it specially fits tomb, and it's designed for easy integration and compilation. While this can be useful for general purpose, it specially fits tomb, and it's designed for easy integration and compilation.
Binary name will then be: Binary name will then be:
tomb-kdf-${algo} tomb-kdb-${algo}
tomb-kdf-${algo}-gensalt tomb-kdb-${algo}-gensalt
tomb-kdf-${algo}-getiter tomb-kdb-${algo}-getiter
tomb-kdb-hexencode
hexencode (or similar utils, should they be developed), go with:
tomb-utils-hexencode
Base64 vs hexencode Base64 vs hexencode
------------------- -------------------

2
tomb
View File

@ -2279,8 +2279,6 @@ umount_tomb() {
_warning "or issue the command 'tomb close all' to close them all." _warning "or issue the command 'tomb close all' to close them all."
_failure "Operation aborted." } _failure "Operation aborted." }
_message "Tomb close ::1::" $1
for t in ${mounted_tombs}; do for t in ${mounted_tombs}; do
mapper=`basename ${t[(ws:;:)1]}` mapper=`basename ${t[(ws:;:)1]}`
tombname=${t[(ws:;:)5]} tombname=${t[(ws:;:)5]}