diff --git a/AUTHORS.md b/AUTHORS.md index 4e8b3e3..f7ad78d 100644 --- a/AUTHORS.md +++ b/AUTHORS.md @@ -11,10 +11,10 @@ Gettext internationalization and Spanish translation is contributed by GDrooid, French translation by Hellekin, Russian translation by fsLeg, German translation by x3nu. -Testing, reviews and documentation are contributed by Dreamer, Shining -the Translucent, Mancausoft, Asbesto Molesto, Nignux, Vlax, The Grugq, -Reiven, GDrooid, Alphazo, Brian May, TheJH, fsLeg, JoelMon and the -Linux Action Show! +Testing, reviews and documentation contributed by Dreamer, Vlax, +Shining the Translucent, Mancausoft, Asbesto Molesto, Nignux, TheJH, +The Grugq, Reiven, GDrooid, Alphazo, Brian May, fsLeg, JoelMon, Jim +Turner, Maxime Arthaud and the Linux Action Show! Cryptsetup was developed by Christophe Saout and Clemens Fruhwirth. diff --git a/INSTALL.md b/INSTALL.md index 138f8cd..3b4ff09 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -37,18 +37,18 @@ After installation one can read the commandline help or read the manual: Once installed one can proceed creating a tomb, for instance: - tomb dig -s 10 secrets.tomb (dig a 10MB Tomb, be patient) - tomb forge -k secrets.tomb.key (be patient and follow instructions) - tomb lock -k secrets.tomb.key secrets.tomb + tomb dig -s 10 secrets.tomb (dig a 10MB Tomb) + tomb forge -k secrets.tomb.key (create a new key and set its password) + tomb lock -k secrets.tomb.key secrets.tomb (format the tomb, lock it with key) When this is done, the tomb can be opened with: - tomb open -k secrets.tomb.key secrets.tomb + tomb open -k secrets.tomb.key secrets.tomb (will ask for password) The key can also be hidden in an image, to be used as key later - tomb bury -k secrets.tomb.key nosferatu.jpg - tomb open -k nosferatu.jpg secrets.tomb + tomb bury -k secrets.tomb.key nosferatu.jpg (hide the key in a jpeg image) + tomb open -k nosferatu.jpg secrets.tomb (use the jpeg image to open the tomb) Or backupped to a QRCode that can be printed on paper and hidden in books. QRCodes can be scanned with any mobile application, resulting @@ -72,10 +72,11 @@ executable | function steghide | bury and exhume keys inside images resizefs | extend the size of existing tomb volumes qrencode | engrave keys into printable qrcode sheets - mlocate | have fast search of file names inside tombs - swish++ | have fast search of file contents inside tombs - unoconv | have fast search of contents in PDF and DOC files - haveged | have fast entropy generation for key forging + mlocate | fast search of file names inside tombs + swish++ | fast search of file contents inside tombs + unoconv | fast search of contents in PDF and DOC files + lesspipe | fast search of contents in compressed archives + haveged | fast entropy generation for key forging As for requirements, also optional tools may be easy to install using the packages provided by each distribution. @@ -184,4 +185,4 @@ let us know. Tomb is really meant to be maintained as a minimal tool for long-term compatibility when handling something so delicate as our secrets. For anything else we rely on your own initiative. -Happy hacking! :&^) +Happy hacking! ;^) diff --git a/README.md b/README.md index 64e6d55..d717b55 100644 --- a/README.md +++ b/README.md @@ -126,23 +126,21 @@ usage, etc. Death is the only sure thing in life. That said, Tomb is a pretty secure tool especially because it is kept minimal, its source is -always open, and its code is easy to review with a bit of shell script -knowledge. +always open to review (even when installed) and its code is easy to +read with a bit of shell script knowledge. All encryption tools being used in Tomb are included as default in many GNU/Linux operating systems and therefore are regularly peer reviewed: we don't add anything else to them really, just a layer of usability. -The code of Tomb is made to be read in literate programming style. - The file [KNOWN_BUGS.md](KNOWN_BUGS.md) contains some notes on known vulnerabilities and threat model analysis. -In absence of the Tomb script it is always possible to access the -contents of a Tomb using a dm-crypt enabled Linux kernel, cryptsetup -and GnuPG issuing the following commands as root: - +In absence or malfunction of the Tomb script it is always possible to +access the contents of a Tomb only using a dm-crypt enabled Linux +kernel, cryptsetup, GnuPG and any shell interpreter issuing the +following commands as root: ``` lo=$(losetup -f) losetup -f secret.tomb @@ -150,7 +148,12 @@ pass="$(gpg -d secret.key)" echo -n -e "$pass" | cryptsetup --key-file - luksOpen $lo secret mount /dev/mapper/secret /mnt ``` - +One can change the last argument `/mnt` to where the Tomb has to be +mounted and made accessible. To close the tomb then use: +``` +umount /mnt +cryptsetup luksClose /dev/mapper/secret +``` # Stage of development diff --git a/doc/tomb.1 b/doc/tomb.1 index a4babc4..e73cfac 100644 --- a/doc/tomb.1 +++ b/doc/tomb.1 @@ -79,18 +79,21 @@ open tomb mountpoint paths. .B .IP "index" -Creates or updates the search indexes of all tombs currently -open: enables use of the \fIsearch\fR command using simple word -patterns on file names. Indexes are created using mlocate updatedb(8) and -stored in a file inside the tomb's root. To avoid indexing -a specific tomb simply touch a \fI.noindex\fR file in its root. +Creates or updates the search indexes of all tombs currently open: +enables use of the \fIsearch\fR command using simple word patterns on +file names. Indexes are created using mlocate's updatedb(8) and +swish-e(1) if they are found on the system. Indexes allow to search +very fast for filenames and contents inside a tomb, they are stored +inside it and are not accessible if the Tomb is closed. To avoid +indexing a specific tomb simply touch a \fI.noindex\fR file in it. .B .IP "search" -Searches through all tombs currently open for filenames matching one -or more text patterns given as arguments. Search returns a list of -files found in all open tombs on which the \fIindex\fR command was run -at least once. +Takes any string as argument and searches for them through all tombs +currently open and previously indexed using the \fIindex\fR command. +The search matches filenames if mlocate is installed and then also +file contents if swish++ is present on the system, results are listed +on the console. .B .IP "close" diff --git a/tomb b/tomb index a168454..6e2a6ee 100755 --- a/tomb +++ b/tomb @@ -44,8 +44,8 @@ # {{{ Global variables -typeset VERSION="2.0.1" -typeset DATE="Dec/2014" +typeset VERSION="2.1" +typeset DATE="Jul/2015" typeset TOMBEXEC=$0 typeset TMPPREFIX=${TMPPREFIX:-/tmp} # TODO: configure which tmp dir to use from a cli flag @@ -2149,9 +2149,9 @@ index_tombs() { # here we use swish to index file contents [[ $SWISH == 1 ]] && { _message "Indexing ::1 tomb name:: contents..." $tombname - [[ -r ${tombmount}/.swishrc ]] || { - _message "Generating a new swish-e configuration file: ::1 swish conf::" ${tombmount}/.swishrc - cat < ${tombmount}/.swishrc + rm -f ${tombmount}/.swishrc + _message "Generating a new swish-e configuration file: ::1 swish conf::" ${tombmount}/.swishrc + cat < ${tombmount}/.swishrc # index directives DefaultContents TXT* IndexDir $tombmount @@ -2190,7 +2190,6 @@ FileRules filename is sys FileRules filename is supervise FileRules filename regex /\.asc$/i FileRules filename regex /\.gpg$/i - # pdf and postscript FileFilter .pdf pdftotext "'%p' -" FileFilter .ps ps2txt "'%p' -" @@ -2218,15 +2217,13 @@ FileFilterMatch unoconv "-d document -f txt --stdout %P" /\.tex$/i IndexContents HTML* .htm .html .shtml IndexContents XML* .xml EOF - } swish-e -c ${tombmount}/.swishrc -S fs -v3 - } - _message "Search index updated." done } + search_tombs() { { command -v locate 1>/dev/null 2>/dev/null } || { _failure "Cannot index tombs on this system: updatedb (mlocate) not installed." }