imported python tomber into extras

more documentation updates

AUTHORS.md

@@ -3,7 +3,9 @@ Tomb is designed and written by Denis Roio aka Jaromil.
 
 Tomb includes code by Anathema, Boyska, Hellekin O. Wolf and GDrooid.
 
-Tomb's artwork is contributed by Jordi aka Mon Mort.
+Tomber, the Python Tomb wrapper, is written by Reiven.
+
+Tomb's artwork is contributed by Jordi aka Mon Mort and Logan VanCuren.
 
 Gettext internationalization and Spanish translation is contributed by
 GDrooid, French translation by Hellekin, Russian translation by fsLeg,

INSTALL.md

@@ -1,4 +1,3 @@
-
 # TOMB INSTALLATION INSTRUCTIONS
 
 ## Install required tools
@@ -6,6 +5,7 @@
 Tomb needs a few programs to be installed on a system in order to work:
 
  * zsh
+ * sudo
  * gnupg
  * cryptsetup
  * pinentry-curses (or -gtk or -qt as you prefer)
@@ -52,6 +52,7 @@ executable | function
   mlocate  | have fast search of file names inside tombs
   swish++  | have fast search of file contents inside tombs
   unoconv  | have fast search of contents in PDF and DOC files
+  haveged  | have fast entropy generation for key forging
 
 As for requirements, also optional tools may be easy to install using
 the packages provided by each distribution.
@@ -98,4 +99,3 @@ navigate to extras/po and run 'make install' as root:
 
     cd extras/po
     sudo make install
-

README.md

@@ -1,4 +1,3 @@
-
         .....                                                ..
      .H8888888h.  ~-.                                  . uW8"
      888888888888x  `>        u.      ..    .     :    `t888
@@ -14,6 +13,8 @@
 
 *A minimalistic commandline tool to manage encrypted volumes* aka **The Crypto Undertaker**
 
+![](https://github.com/dyne/Tomb/blob/master/extras/images/monmort.png)
+
 Latest stable version: **2.0**
 
 Updates on website: https://www.dyne.org/software/tomb
@@ -34,8 +35,74 @@ output to facilitate its use inside graphical applications.
 
 # How does it work?
 
+To create a Tomb, do:
+```
+ $ tomb dig -s 100 secret.tomb
+ $ tomb forge secret.tomb.key
+ $ tomb lock secret.tomb -k secret.tomb.key
+```
+To open it, do
+```
+ $ tomb open secret.tomb -k secret.tomb.key
+```
+and after you are done
+```
+ $ tomb close
+```
+or if you are in a hurry
+```
+ $ tomb slam all
+```
+
 For the instructions on how to get started using Tomb, see [INSTALL](INSTALL.md).
 
+```
+  Syntax: tomb [options] command [arguments]
+
+  Commands:
+
+   // Creation:
+   dig     create a new empty TOMB file of size -s in MB
+   forge   create a new KEY file and set its password
+   lock    installs a lock on a TOMB to use it with KEY
+
+   // Operations on tombs:
+   open    open an existing TOMB
+   index   update the search indexes of tombs
+   search  looks for filenames matching text patterns
+   list    list of open TOMBs and information on them
+   close   close a specific TOMB (or 'all')
+   slam    slam a TOMB killing all programs using it
+   resize  resize a TOMB to a new size -s (can only grow)
+
+   // Operations on keys:
+   passwd  change the password of a KEY (needs old pass)
+   setkey  change the KEY locking a TOMB (needs old key and pass)
+
+   // Backup on paper:
+   engrave makes a QR code of a KEY to be saved on paper
+
+   // Steganography:
+   bury    hide a KEY inside a JPEG image (for use with -k)
+   exhume  extract a KEY from a JPEG image (prints to stout)
+
+  Options:
+
+   -s     size of the tomb file when creating/resizing one (in MB)
+   -k     path to the key to be used ('-k -' to read from stdin)
+   -n     don't process the hooks found in tomb
+   -o     mount options used to open (default: rw,noatime,nodev)
+   -f     force operation (i.e. even if swap is active)
+   --kdf  generate passwords armored against dictionary attacks
+
+   -h     print this help
+   -v     print version, license and list of available ciphers
+   -q     run quietly without printing informations
+   -D     print debugging information at runtime
+```
+
+# What is it for, exactly?
+
 This tool can be used to dig .tomb files (LUKS volumes), forge keys
 protected by a password (GnuPG symmetric encryption) and use the keys
 to lock the tombs. Tombs are like single files whose contents are
@@ -81,11 +148,11 @@ encrypt the Home directory of users, a system implemented already in
 As of today, Tomb is a very stable tool also used in mission critical
 situations by a number of activists in dangerous zones. It has been
 reviewed by forensics analysts and it can be considered to be safe for
-military grade use where the integrity of information stored depends on 
+military grade use where the integrity of information stored depends
-the user's behaviour and the strength of a standard AES-256
+on the user's behaviour and the strength of a standard AES-256 (XTS
-(XTS plain) encryption algorithm.
+plain) encryption algorithm.
 
-# Use stable releases in production
+# Use stable releases in production!
 
 Anyone planning to use Tomb to store and access secrets should not use
 the latest development version in Git, but use instead the .tar.gz
@@ -121,3 +188,46 @@ IRC on https://irc.dyne.org channel **#dyne**
 Some enthusiastic ideas are in the [TODO](doc/TODO.org) file.
 
 Information on developers involved is found in the [AUTHORS](AUTHORS.md) file.
+
+# Can Tomb be used inside other applications?
+
+Sure as Hell it can! Licensing issues aside ([GNU GPLv3+](COPYING)
+terms) Tomb provides machine-readable output and interaction via some flags:
+
+              flag   | function
+-------------------- | ------------------------------------------------
+ --no-color          | avoids coloring output to allow parsing
+ --unsecure-dev-mode | allows giving passwords as argument
+ --tomb-pwd          | specify the key password as argument
+ --tomb-old-pwd      | specify the old key password as argument
+ --sudo-pwd          | specify the sudo password as argument
+
+Yet please consider that these flags may introduce vulnerabilities as
+process table scanning can reveal passwords while such commands are
+executing. For passwords in particular the best is always let Tomb
+gather them via pinentry.
+
+## Python
+
+![](extras/images/python_for_tomb.png)
+
+A Python wrapper is under developed and already usable, but it
+introduces the vulnerabilities mentioned above. Find it in
+`extras/tomber`. For more information see [PYTHON](extras/PYTHON.md).
+
+## Graphical applications
+
+So far the only graphical application supporting Tomb volumes is
+[ZuluCrypt](https://github.com/mhogomchungu/zuluCrypt). One needs to
+activate the Tomb plugin included in its source and will be able to
+create, open and close tombs. It might still miss advanced Tomb
+functionalities that are only available from the command-line.
+
+## Let us know!
+
+If you plan to develop any kind of wrapper for Tomb you are welcome to
+let us know. Tomb is really meant to be maintained as a minimal tool
+for long-term compatibility when handling something so delicate as our
+secrets. For anything else we rely on your own initiative.
+
+Happy hacking! :&^)

extras/PYTHON.md

@@ -0,0 +1,73 @@
+Tomber: a Python wrapper for Tomb
+=================================
+
+Found in [extras/tomber](/extras/tomber)
+
+Description
+-----------
+
+Tomber is a python wrapper for [Tomb](https://github.com/dyne/Tomb).
+It relies on Python's subprocess module for Tomb command execution.
+
+Please note that for future compatibility with Tomb, using subprocess
+execution of the tomb script is the recommended way to wrap its
+functionalities in other languages.
+
+Tomber is still under development. Any contributions are greatly
+welcomed here or on its original repository
+https://github.com/reiven/Tomb
+
+
+Installation
+----------
+
+First of all Tomb must be installed. Refer to [INSTALL](/INSTALL.md)
+
+Then Tomber can be installed from
+[PyPi](https://pypi.python.org/pypi) using
+[pip](https://pypi.python.org/pypi/pip).
+
+Enter the following command in a terminal:
+
+	pip install tomber
+
+Alternatively you can install it from this source repository
+
+
+Example usage
+-------------
+```python
+from tomber import *
+
+# dig a tomb of 20mb
+tdig('test.tomb',20)
+
+# forge a key
+tforge('test.key', 'this is the passphrase for the key')
+
+# lock the tomb
+tlock('test.tomb', 'test.key', 'this is the passphrase for the key')
+
+# open the tomb
+topen('test.tomb', 'test.key', 'this is the passphrase for the key', '/tmp/tomb')
+
+# close the tomb
+tclose('test')
+```
+
+Running tests
+-------------
+
+Keep in mind that the included *test.py* file execute the
+`Tomb.slam()` command which will likely close any tombs, encrypted
+volumes, you may have open.
+
+
+License
+-------
+
+Tomber is Copyright (c) 2014 by Federico Cardoso <reiven@gmail.com>
+
+This package is distributed under BSD License.
+
+See [LICENSE](https://github.com/reiven/pynientos/blob/master/LICENSE)

extras/desktop/README

@@ -0,0 +1,8 @@
+This is unfinished and very boring to do.
+
+Freedesktop standards are gnarly.
+
+Hoping someone in need finishes this sometime.
+
+For contact: https://irc.dyne.org #dyne (IRC SSL port 9999)
+

extras/gtk-tray/README.md

@@ -0,0 +1,24 @@
+# Gtk2 tray icon for Tomb
+## by Jaromil
+
+If you like to see our nifty little skull on the upper right corner of
+your desktop, then compile and install this little auxiliary program.
+
+Use by launching `tomb-gtk-tray` followed by the name of your tomb as
+reported by `tomb list`. For instance if your tomb is `secrets.tomb`:
+
+```
+ $ tomb-gtk-tray secrets
+```
+
+The tray offers a drop-down menu with three options:
+ + `explore` will launch your desktop configured filemanager
+ + `close` will try to close the tomb (fails if in use)
+ + `slam` will slam the tomb killing all applications using it
+
+Please note you need to launch this program for each tomb you want it
+to administer, then you will have a skull visible for each tomb open.
+
+By mouse-over the skull tells the name of the tomb it is open for.
+
+Enjoy!

extras/kdf-keys/Makefile

@@ -5,14 +5,14 @@ all:
 	gcc -O2 -o tomb-kdb-pbkdf2 pbkdf2.c -lgcrypt
 	gcc -O2 -o tomb-kdb-pbkdf2-getiter benchmark.c -lgcrypt
 	gcc -O2 -o tomb-kdb-pbkdf2-gensalt gen_salt.c -lgcrypt
-	gcc -O2 -o hexencode hexencode.c
+	gcc -O2 -o tomb-kdb-hexencode hexencode.c
 
 clean:
-	rm -f tomb-kdb-pbkdf2 tomb-kdb-pbkdf2-getiter tomb-kdb-pbkdf2-gensalt hexencode
+	rm -f tomb-kdb-pbkdf2 tomb-kdb-pbkdf2-getiter tomb-kdb-pbkdf2-gensalt tomb-kdb-hexencode
 
 install:
 	install -Dm755 tomb-kdb-pbkdf2 ${DESTDIR}${PREFIX}/bin/tomb-kdb-pbkdf2
 	install -Dm755 tomb-kdb-pbkdf2-getiter ${DESTDIR}${PREFIX}/bin/tomb-kdb-pbkdf2-getiter
 	install -Dm755 tomb-kdb-pbkdf2-gensalt ${DESTDIR}${PREFIX}/bin/tomb-kdb-pbkdf2-gensalt
-	install -Dm755 hexencode ${DESTDIR}${PREFIX}/bin/hexencode
+	install -Dm755 hexencode ${DESTDIR}${PREFIX}/bin/tomb-kdb-hexencode
-	@echo "Tomb-kdb auxiliary binaries installed in ${PREFIX}"
+	@echo "Tomb-kdb auxiliary binaries installed in ${DESTDIR}${PREFIX}/bin"

extras/kdf-keys/README

@@ -13,12 +13,10 @@ PLANS
 While this can be useful for general purpose, it specially fits tomb, and it's designed for easy integration and compilation.
 
 Binary name will then be:
-tomb-kdf-${algo}
+tomb-kdb-${algo}
-tomb-kdf-${algo}-gensalt
+tomb-kdb-${algo}-gensalt
-tomb-kdf-${algo}-getiter
+tomb-kdb-${algo}-getiter
-
+tomb-kdb-hexencode
-hexencode (or similar utils, should they be developed), go with:
-tomb-utils-hexencode
 
 Base64 vs hexencode
 -------------------

tomb

@@ -2279,8 +2279,6 @@ umount_tomb() {
         _warning "or issue the command 'tomb close all' to close them all."
 	    _failure "Operation aborted." }
 
-    _message "Tomb close ::1::" $1
-
     for t in ${mounted_tombs}; do
         mapper=`basename ${t[(ws:;:)1]}`
         tombname=${t[(ws:;:)5]}