mirror of
https://github.com/Llewellynvdm/Tomb.git
synced 2024-11-25 06:07:38 +00:00
imported python tomber into extras
more documentation updates
This commit is contained in:
parent
ced2e5fcb8
commit
a568cdf546
@ -3,7 +3,9 @@ Tomb is designed and written by Denis Roio aka Jaromil.
|
||||
|
||||
Tomb includes code by Anathema, Boyska, Hellekin O. Wolf and GDrooid.
|
||||
|
||||
Tomb's artwork is contributed by Jordi aka Mon Mort.
|
||||
Tomber, the Python Tomb wrapper, is written by Reiven.
|
||||
|
||||
Tomb's artwork is contributed by Jordi aka Mon Mort and Logan VanCuren.
|
||||
|
||||
Gettext internationalization and Spanish translation is contributed by
|
||||
GDrooid, French translation by Hellekin, Russian translation by fsLeg,
|
||||
|
@ -1,4 +1,3 @@
|
||||
|
||||
# TOMB INSTALLATION INSTRUCTIONS
|
||||
|
||||
## Install required tools
|
||||
@ -6,6 +5,7 @@
|
||||
Tomb needs a few programs to be installed on a system in order to work:
|
||||
|
||||
* zsh
|
||||
* sudo
|
||||
* gnupg
|
||||
* cryptsetup
|
||||
* pinentry-curses (or -gtk or -qt as you prefer)
|
||||
@ -52,6 +52,7 @@ executable | function
|
||||
mlocate | have fast search of file names inside tombs
|
||||
swish++ | have fast search of file contents inside tombs
|
||||
unoconv | have fast search of contents in PDF and DOC files
|
||||
haveged | have fast entropy generation for key forging
|
||||
|
||||
As for requirements, also optional tools may be easy to install using
|
||||
the packages provided by each distribution.
|
||||
@ -98,4 +99,3 @@ navigate to extras/po and run 'make install' as root:
|
||||
|
||||
cd extras/po
|
||||
sudo make install
|
||||
|
||||
|
120
README.md
120
README.md
@ -1,4 +1,3 @@
|
||||
|
||||
..... ..
|
||||
.H8888888h. ~-. . uW8"
|
||||
888888888888x `> u. .. . : `t888
|
||||
@ -14,6 +13,8 @@
|
||||
|
||||
*A minimalistic commandline tool to manage encrypted volumes* aka **The Crypto Undertaker**
|
||||
|
||||
![](https://github.com/dyne/Tomb/blob/master/extras/images/monmort.png)
|
||||
|
||||
Latest stable version: **2.0**
|
||||
|
||||
Updates on website: https://www.dyne.org/software/tomb
|
||||
@ -34,8 +35,74 @@ output to facilitate its use inside graphical applications.
|
||||
|
||||
# How does it work?
|
||||
|
||||
To create a Tomb, do:
|
||||
```
|
||||
$ tomb dig -s 100 secret.tomb
|
||||
$ tomb forge secret.tomb.key
|
||||
$ tomb lock secret.tomb -k secret.tomb.key
|
||||
```
|
||||
To open it, do
|
||||
```
|
||||
$ tomb open secret.tomb -k secret.tomb.key
|
||||
```
|
||||
and after you are done
|
||||
```
|
||||
$ tomb close
|
||||
```
|
||||
or if you are in a hurry
|
||||
```
|
||||
$ tomb slam all
|
||||
```
|
||||
|
||||
For the instructions on how to get started using Tomb, see [INSTALL](INSTALL.md).
|
||||
|
||||
```
|
||||
Syntax: tomb [options] command [arguments]
|
||||
|
||||
Commands:
|
||||
|
||||
// Creation:
|
||||
dig create a new empty TOMB file of size -s in MB
|
||||
forge create a new KEY file and set its password
|
||||
lock installs a lock on a TOMB to use it with KEY
|
||||
|
||||
// Operations on tombs:
|
||||
open open an existing TOMB
|
||||
index update the search indexes of tombs
|
||||
search looks for filenames matching text patterns
|
||||
list list of open TOMBs and information on them
|
||||
close close a specific TOMB (or 'all')
|
||||
slam slam a TOMB killing all programs using it
|
||||
resize resize a TOMB to a new size -s (can only grow)
|
||||
|
||||
// Operations on keys:
|
||||
passwd change the password of a KEY (needs old pass)
|
||||
setkey change the KEY locking a TOMB (needs old key and pass)
|
||||
|
||||
// Backup on paper:
|
||||
engrave makes a QR code of a KEY to be saved on paper
|
||||
|
||||
// Steganography:
|
||||
bury hide a KEY inside a JPEG image (for use with -k)
|
||||
exhume extract a KEY from a JPEG image (prints to stout)
|
||||
|
||||
Options:
|
||||
|
||||
-s size of the tomb file when creating/resizing one (in MB)
|
||||
-k path to the key to be used ('-k -' to read from stdin)
|
||||
-n don't process the hooks found in tomb
|
||||
-o mount options used to open (default: rw,noatime,nodev)
|
||||
-f force operation (i.e. even if swap is active)
|
||||
--kdf generate passwords armored against dictionary attacks
|
||||
|
||||
-h print this help
|
||||
-v print version, license and list of available ciphers
|
||||
-q run quietly without printing informations
|
||||
-D print debugging information at runtime
|
||||
```
|
||||
|
||||
# What is it for, exactly?
|
||||
|
||||
This tool can be used to dig .tomb files (LUKS volumes), forge keys
|
||||
protected by a password (GnuPG symmetric encryption) and use the keys
|
||||
to lock the tombs. Tombs are like single files whose contents are
|
||||
@ -81,11 +148,11 @@ encrypt the Home directory of users, a system implemented already in
|
||||
As of today, Tomb is a very stable tool also used in mission critical
|
||||
situations by a number of activists in dangerous zones. It has been
|
||||
reviewed by forensics analysts and it can be considered to be safe for
|
||||
military grade use where the integrity of information stored depends on
|
||||
the user's behaviour and the strength of a standard AES-256
|
||||
(XTS plain) encryption algorithm.
|
||||
military grade use where the integrity of information stored depends
|
||||
on the user's behaviour and the strength of a standard AES-256 (XTS
|
||||
plain) encryption algorithm.
|
||||
|
||||
# Use stable releases in production
|
||||
# Use stable releases in production!
|
||||
|
||||
Anyone planning to use Tomb to store and access secrets should not use
|
||||
the latest development version in Git, but use instead the .tar.gz
|
||||
@ -121,3 +188,46 @@ IRC on https://irc.dyne.org channel **#dyne**
|
||||
Some enthusiastic ideas are in the [TODO](doc/TODO.org) file.
|
||||
|
||||
Information on developers involved is found in the [AUTHORS](AUTHORS.md) file.
|
||||
|
||||
# Can Tomb be used inside other applications?
|
||||
|
||||
Sure as Hell it can! Licensing issues aside ([GNU GPLv3+](COPYING)
|
||||
terms) Tomb provides machine-readable output and interaction via some flags:
|
||||
|
||||
flag | function
|
||||
-------------------- | ------------------------------------------------
|
||||
--no-color | avoids coloring output to allow parsing
|
||||
--unsecure-dev-mode | allows giving passwords as argument
|
||||
--tomb-pwd | specify the key password as argument
|
||||
--tomb-old-pwd | specify the old key password as argument
|
||||
--sudo-pwd | specify the sudo password as argument
|
||||
|
||||
Yet please consider that these flags may introduce vulnerabilities as
|
||||
process table scanning can reveal passwords while such commands are
|
||||
executing. For passwords in particular the best is always let Tomb
|
||||
gather them via pinentry.
|
||||
|
||||
## Python
|
||||
|
||||
![](extras/images/python_for_tomb.png)
|
||||
|
||||
A Python wrapper is under developed and already usable, but it
|
||||
introduces the vulnerabilities mentioned above. Find it in
|
||||
`extras/tomber`. For more information see [PYTHON](extras/PYTHON.md).
|
||||
|
||||
## Graphical applications
|
||||
|
||||
So far the only graphical application supporting Tomb volumes is
|
||||
[ZuluCrypt](https://github.com/mhogomchungu/zuluCrypt). One needs to
|
||||
activate the Tomb plugin included in its source and will be able to
|
||||
create, open and close tombs. It might still miss advanced Tomb
|
||||
functionalities that are only available from the command-line.
|
||||
|
||||
## Let us know!
|
||||
|
||||
If you plan to develop any kind of wrapper for Tomb you are welcome to
|
||||
let us know. Tomb is really meant to be maintained as a minimal tool
|
||||
for long-term compatibility when handling something so delicate as our
|
||||
secrets. For anything else we rely on your own initiative.
|
||||
|
||||
Happy hacking! :&^)
|
||||
|
73
extras/PYTHON.md
Normal file
73
extras/PYTHON.md
Normal file
@ -0,0 +1,73 @@
|
||||
Tomber: a Python wrapper for Tomb
|
||||
=================================
|
||||
|
||||
Found in [extras/tomber](/extras/tomber)
|
||||
|
||||
Description
|
||||
-----------
|
||||
|
||||
Tomber is a python wrapper for [Tomb](https://github.com/dyne/Tomb).
|
||||
It relies on Python's subprocess module for Tomb command execution.
|
||||
|
||||
Please note that for future compatibility with Tomb, using subprocess
|
||||
execution of the tomb script is the recommended way to wrap its
|
||||
functionalities in other languages.
|
||||
|
||||
Tomber is still under development. Any contributions are greatly
|
||||
welcomed here or on its original repository
|
||||
https://github.com/reiven/Tomb
|
||||
|
||||
|
||||
Installation
|
||||
----------
|
||||
|
||||
First of all Tomb must be installed. Refer to [INSTALL](/INSTALL.md)
|
||||
|
||||
Then Tomber can be installed from
|
||||
[PyPi](https://pypi.python.org/pypi) using
|
||||
[pip](https://pypi.python.org/pypi/pip).
|
||||
|
||||
Enter the following command in a terminal:
|
||||
|
||||
pip install tomber
|
||||
|
||||
Alternatively you can install it from this source repository
|
||||
|
||||
|
||||
Example usage
|
||||
-------------
|
||||
```python
|
||||
from tomber import *
|
||||
|
||||
# dig a tomb of 20mb
|
||||
tdig('test.tomb',20)
|
||||
|
||||
# forge a key
|
||||
tforge('test.key', 'this is the passphrase for the key')
|
||||
|
||||
# lock the tomb
|
||||
tlock('test.tomb', 'test.key', 'this is the passphrase for the key')
|
||||
|
||||
# open the tomb
|
||||
topen('test.tomb', 'test.key', 'this is the passphrase for the key', '/tmp/tomb')
|
||||
|
||||
# close the tomb
|
||||
tclose('test')
|
||||
```
|
||||
|
||||
Running tests
|
||||
-------------
|
||||
|
||||
Keep in mind that the included *test.py* file execute the
|
||||
`Tomb.slam()` command which will likely close any tombs, encrypted
|
||||
volumes, you may have open.
|
||||
|
||||
|
||||
License
|
||||
-------
|
||||
|
||||
Tomber is Copyright (c) 2014 by Federico Cardoso <reiven@gmail.com>
|
||||
|
||||
This package is distributed under BSD License.
|
||||
|
||||
See [LICENSE](https://github.com/reiven/pynientos/blob/master/LICENSE)
|
8
extras/desktop/README
Normal file
8
extras/desktop/README
Normal file
@ -0,0 +1,8 @@
|
||||
This is unfinished and very boring to do.
|
||||
|
||||
Freedesktop standards are gnarly.
|
||||
|
||||
Hoping someone in need finishes this sometime.
|
||||
|
||||
For contact: https://irc.dyne.org #dyne (IRC SSL port 9999)
|
||||
|
24
extras/gtk-tray/README.md
Normal file
24
extras/gtk-tray/README.md
Normal file
@ -0,0 +1,24 @@
|
||||
# Gtk2 tray icon for Tomb
|
||||
## by Jaromil
|
||||
|
||||
If you like to see our nifty little skull on the upper right corner of
|
||||
your desktop, then compile and install this little auxiliary program.
|
||||
|
||||
Use by launching `tomb-gtk-tray` followed by the name of your tomb as
|
||||
reported by `tomb list`. For instance if your tomb is `secrets.tomb`:
|
||||
|
||||
```
|
||||
$ tomb-gtk-tray secrets
|
||||
```
|
||||
|
||||
The tray offers a drop-down menu with three options:
|
||||
+ `explore` will launch your desktop configured filemanager
|
||||
+ `close` will try to close the tomb (fails if in use)
|
||||
+ `slam` will slam the tomb killing all applications using it
|
||||
|
||||
Please note you need to launch this program for each tomb you want it
|
||||
to administer, then you will have a skull visible for each tomb open.
|
||||
|
||||
By mouse-over the skull tells the name of the tomb it is open for.
|
||||
|
||||
Enjoy!
|
BIN
extras/images/python_for_tomb.png
Normal file
BIN
extras/images/python_for_tomb.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 929 B |
@ -5,14 +5,14 @@ all:
|
||||
gcc -O2 -o tomb-kdb-pbkdf2 pbkdf2.c -lgcrypt
|
||||
gcc -O2 -o tomb-kdb-pbkdf2-getiter benchmark.c -lgcrypt
|
||||
gcc -O2 -o tomb-kdb-pbkdf2-gensalt gen_salt.c -lgcrypt
|
||||
gcc -O2 -o hexencode hexencode.c
|
||||
gcc -O2 -o tomb-kdb-hexencode hexencode.c
|
||||
|
||||
clean:
|
||||
rm -f tomb-kdb-pbkdf2 tomb-kdb-pbkdf2-getiter tomb-kdb-pbkdf2-gensalt hexencode
|
||||
rm -f tomb-kdb-pbkdf2 tomb-kdb-pbkdf2-getiter tomb-kdb-pbkdf2-gensalt tomb-kdb-hexencode
|
||||
|
||||
install:
|
||||
install -Dm755 tomb-kdb-pbkdf2 ${DESTDIR}${PREFIX}/bin/tomb-kdb-pbkdf2
|
||||
install -Dm755 tomb-kdb-pbkdf2-getiter ${DESTDIR}${PREFIX}/bin/tomb-kdb-pbkdf2-getiter
|
||||
install -Dm755 tomb-kdb-pbkdf2-gensalt ${DESTDIR}${PREFIX}/bin/tomb-kdb-pbkdf2-gensalt
|
||||
install -Dm755 hexencode ${DESTDIR}${PREFIX}/bin/hexencode
|
||||
@echo "Tomb-kdb auxiliary binaries installed in ${PREFIX}"
|
||||
install -Dm755 hexencode ${DESTDIR}${PREFIX}/bin/tomb-kdb-hexencode
|
||||
@echo "Tomb-kdb auxiliary binaries installed in ${DESTDIR}${PREFIX}/bin"
|
||||
|
@ -13,12 +13,10 @@ PLANS
|
||||
While this can be useful for general purpose, it specially fits tomb, and it's designed for easy integration and compilation.
|
||||
|
||||
Binary name will then be:
|
||||
tomb-kdf-${algo}
|
||||
tomb-kdf-${algo}-gensalt
|
||||
tomb-kdf-${algo}-getiter
|
||||
|
||||
hexencode (or similar utils, should they be developed), go with:
|
||||
tomb-utils-hexencode
|
||||
tomb-kdb-${algo}
|
||||
tomb-kdb-${algo}-gensalt
|
||||
tomb-kdb-${algo}-getiter
|
||||
tomb-kdb-hexencode
|
||||
|
||||
Base64 vs hexencode
|
||||
-------------------
|
||||
|
Loading…
Reference in New Issue
Block a user