mirror of
https://github.com/Llewellynvdm/Tomb.git
synced 2024-12-23 02:28:58 +00:00
more user manual documentation
This commit is contained in:
parent
266319eee8
commit
b042824263
@ -14,6 +14,8 @@
|
||||
#+LATEX_HEADER: \usepackage{lmodern}
|
||||
#+LATEX_HEADER: \usepackage[hang,small]{caption}
|
||||
#+LATEX_HEADER: \usepackage{float}
|
||||
#+LATEX_HEADER: \usepackage{makeidx}
|
||||
#+LATEX_HEADER: \makeindex
|
||||
|
||||
*Abstract*: Tomb is a cryptographic application that helps you store
|
||||
private and confidential data into volumes secured by keys and
|
||||
@ -28,6 +30,7 @@
|
||||
#+EXCLUDE_KEYWORD: noexport
|
||||
|
||||
|
||||
|
||||
[TABLE-OF-CONTENTS]
|
||||
|
||||
#+LATEX: \newpage
|
||||
@ -64,8 +67,14 @@ resistance to omologation.
|
||||
(from [[http://www.newschool.edu/centers/socres/privacy/Home.html][Privacy Conference, Social Research, New School University]])
|
||||
#+END_QUOTE
|
||||
|
||||
|
||||
** Who needs Tomb
|
||||
|
||||
Tomb improves the usability patterns of every-day cryptography and
|
||||
relies on military-grade algorithms to grant a level of secrecy for
|
||||
stored data that is very hard to break by most military organisations
|
||||
and law enforcement agencies.
|
||||
|
||||
Our target community are GNU/Linux users with no time to click around,
|
||||
sometimes using old or borrowed computers, operating in places
|
||||
endangered by conflict where a leak of personal data can be a threat.
|
||||
@ -81,12 +90,13 @@ personal directories in place using /bind hooks/.
|
||||
|
||||
** Under the Hood
|
||||
|
||||
Tomb provides military-grade encryption on your fingertips, fostering
|
||||
best practices and saving users the time to look into the details of
|
||||
/LUKS/ volumes and /cryptsetup/. Rather than reinventing the wheel,
|
||||
Tomb relies only on peer-reviewed, free and open source software
|
||||
components: at its core is DM-Crypt[fn:dm-crypt] which is part of the
|
||||
Linux kernel architecture.
|
||||
Tomb provides military-grade encryption at the reach of your
|
||||
fingertips, fostering best practices and saving users the time to look
|
||||
into the details of /LUKS/ volumes and /cryptsetup/. Rather than
|
||||
reinventing the wheel, Tomb relies only on peer-reviewed, free and
|
||||
open source software components: at its core is DM-Crypt[fn:dm-crypt]
|
||||
which is part of the Linux kernel architecture.
|
||||
|
||||
|
||||
For better clarity, Tomb is written in shell script and its code can
|
||||
be reviewed any time. More specifically, Tomb is written in ZSh, but
|
||||
@ -106,7 +116,7 @@ storage.
|
||||
|
||||
** Yet another tool?
|
||||
|
||||
\indexentry{dyne:bolic}
|
||||
\index{dyne:bolic}
|
||||
|
||||
Tomb is an evolution of the /Nesting/ tool developed in 2001 for the
|
||||
[[http://www.dynebolic.org][Dyne:bolic GNU/Linux distribution]]: a /nomadic system/ to encrypt the
|
||||
@ -120,13 +130,13 @@ Later on we've felt the urgency to publishing this mechanism for other
|
||||
operating systems than dyne:bolic since the current situation in
|
||||
personal desktop encryption is far from optimal. Let's have a look.
|
||||
|
||||
\indexentry{truecrypt}
|
||||
\index{truecrypt}
|
||||
[[http://en.wikipedia.org/wiki/TrueCrypt][TrueCrypt]] makes use of statically linked libraries so that its code is
|
||||
hard to audit, plus is [[http://lists.freedesktop.org/archives/distributions/2008-October/000276.html][not considered free]] by free operating system
|
||||
distributors because of liability reasons, see [[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=364034][Debian]], [[https://bugs.edge.launchpad.net/ubuntu/+bug/109701][Ubuntu]], [[http://lists.opensuse.org/opensuse-buildservice/2008-10/msg00055.html][Suse]],
|
||||
[[http://bugs.gentoo.org/show_bug.cgi?id=241650][Gentoo]] and [[https://fedoraproject.org/wiki/ForbiddenItems#TrueCrypt][Fedora]].
|
||||
|
||||
\indexentry{cryptkeeper}
|
||||
\index{cryptkeeper}
|
||||
[[http://tom.noflag.org.uk/cryptkeeper.html][Cryptkeeper]] is the best alternative to Tomb out there and its main
|
||||
advantage consists in not needing root access on the machine it's
|
||||
being used. But Cryptkeeper still has drawbacks: it uses [[http://www.arg0.net/encfs][EncFS]] which
|
||||
@ -154,7 +164,70 @@ If you believe this is a worthy effort, you are welcome to [[http://dyne.org/don
|
||||
|
||||
* TODO Getting Started
|
||||
|
||||
/work on contents in the crunchbang howto/
|
||||
** Build
|
||||
|
||||
Tomb at its core consists of a single Z-Shell script which has to be run as root, plus a few common dependencies that must be present on the system:
|
||||
|
||||
- *Zsh* http://www.zsh.org
|
||||
- *Cryptsetup*
|
||||
- *Sudo*
|
||||
- *GnuPG* http://www.gnupg.org
|
||||
- *Pinentry*
|
||||
|
||||
Provided the programs above are installed and root access is available on the system, *the impatient user can just skip the rest of this section, download the bare Tomb script and use it*. The nitpickers out there are right to wonder about running a script as root, so please be welcome to [[http://tomb.dyne.org/codedoc][review Tomb's code]]. Those running on [[http://www.dynebolic.org][Dyne:bolic GNU/Linux]] can simply skip this step since our operating system already contains a fully featured version of Tomb.
|
||||
|
||||
In addition to the core script there are a number of optional packages that, if present on the system, will be used by Tomb to enhance the user experience, add features and improve security.
|
||||
|
||||
To start a full build make sure you know some command-line basics, then [[http://files.dyne.org/tomb/releases][download the full stable source distribution of Tomb]], unpack it and read on.
|
||||
|
||||
: tar xvfz Tomb-1.3.tar.gz
|
||||
: cd Tomb
|
||||
|
||||
Be welcome to the making of your tomb.
|
||||
|
||||
*** Security extras
|
||||
|
||||
To make the steganography feature available, that is the possibility to hide keys inside images, one needs to install the *steghide* software on your system.
|
||||
|
||||
To insure secure deletion of all Tomb traces temporary written in memory or on storage by Tomb, one should install *wipe*.
|
||||
|
||||
To enable the anti-bruteforce feature, KDF libs should be installed and they often require a recent version of GLib-2[fn:debglib]
|
||||
|
||||
[fn:debglib] On Debian 6.0 for instance the version of GLib-2 is too old and should be installed from source or from backports
|
||||
|
||||
*** Usability extras
|
||||
|
||||
To have a progress bar that informs about the status of tomb creation steps, one should install *dcfldd* which is an enhanced version of the simple /dd/ UNIX tool.
|
||||
|
||||
If Tomb is used locally on a graphical desktop, one might prefer to use a graphical dialog to input the password, then install *pinentry-gtk* or *pinentry-qt*.
|
||||
|
||||
To compile the *gtk-tray* component that shows the open tomb in your desktop tray, make sure the following packages are installed (this list matches package names for Debian/Ubuntu distributions:
|
||||
|
||||
: build-essential autoconf libtool gtk2.0-dev libnotify-dev zsh pinentry-curses pinentry-gtk2
|
||||
|
||||
*** Binary builds
|
||||
|
||||
Once all the extra dependencies are in place on your system, to build the gtk-tray or the KDF components, one should run the usual commands:
|
||||
|
||||
: ./configure
|
||||
: make
|
||||
|
||||
This will autodetect the capabilities of the system and build binary helper applications needed for those two extra functions. Any other feature in Tomb does not require compiling anything.
|
||||
|
||||
** Installation
|
||||
|
||||
After running the configure-make combo to compile binaries it is possible to simply use *make install* to copy several files in place, including the main tomb script, image resources for the gtk pinentry and manuals.
|
||||
|
||||
Assuming the prefix is /usr/local paths for installation are:
|
||||
|
||||
- /usr/local/bin/tomb
|
||||
- /usr/local/share/tomb
|
||||
|
||||
When installed on a multi-user system, Tomb can be made available to all users even without granting them root access. Simply add this line to */etc/sudoers* (using the visudo command as root) for each user you like to enable to build and use tombs:
|
||||
|
||||
: username ALL=NOPASSWD: /usr/local/bin/tomb
|
||||
|
||||
Tomb is built with this possibility in mind and its code is reviewed to make this setup safe, so that a user cannot escalate to the privilege of a full root shell on the system, but just handle Tombs.
|
||||
|
||||
* Tombs in your pockets
|
||||
|
||||
@ -199,5 +272,7 @@ community]] and the mestizo community of southern Mexico, Chapas and
|
||||
Oaxaca.
|
||||
|
||||
* Remote tombs
|
||||
* Alphabetic Index
|
||||
|
||||
|
||||
\printindex
|
||||
|
Loading…
Reference in New Issue
Block a user