mirror of
https://github.com/Llewellynvdm/Tomb.git
synced 2024-12-22 10:08:58 +00:00
documentation updates for release
known bugs, changelog and manual for sphinx
This commit is contained in:
parent
0af46fe3c1
commit
e45c005c88
14
ChangeLog.md
14
ChangeLog.md
@ -1,5 +1,19 @@
|
||||
# Tomb ChangeLog
|
||||
|
||||
## 2.6
|
||||
### May 2019
|
||||
|
||||
This release adds new features and provides an important fix for usage
|
||||
of Tomb with cryptsetup 2.1 and future versions; it also fixes a
|
||||
whitespace bug in KDF passwords, all fixes are documented in
|
||||
KNOWN_BUGS. A notable new feature is the libsphinx integration for
|
||||
password-authenticated key agreement (PAKE). Another feature is the
|
||||
integration of cloakify to support new cloak/uncloak commands that
|
||||
hide keys inside long text files. Also support for gpg sub-keys has
|
||||
been added and overall gpg asymmetric key protection is improved.
|
||||
|
||||
|
||||
|
||||
## 2.5
|
||||
### January 2018
|
||||
|
||||
|
@ -1,3 +1,14 @@
|
||||
# Cryptsetup change of default to luks2
|
||||
## Issue opening tombs with cryptsetup >2.0
|
||||
|
||||
Tomb uses the cryptsetup LUKS volume header default to type luks1
|
||||
which has been for long the default in cryptsetup. But starting from
|
||||
cryptsetup v2.1 a new default has been introduced (luks2) and the
|
||||
--type option added to specify the old luks1.
|
||||
|
||||
Using Tomb version 2.6 (and future releases) the problem opening tombs
|
||||
using recent GNU/Linux distributions is fixed.
|
||||
|
||||
# Whitespaces in KDF passwords
|
||||
## Issue affecting passwords used with PBKDF2 keys (<2.6)
|
||||
|
||||
|
@ -289,7 +289,7 @@ IRC on https://irc.dyne.org channel **#dyne** (or direct port 9999 SSL)
|
||||
|
||||
# Licensing
|
||||
|
||||
Tomb is Copyright (C) 2007-2018 by the Dyne.org Foundation and
|
||||
Tomb is Copyright (C) 2007-2019 by the Dyne.org Foundation and
|
||||
maintained by Denis Roio <jaromil@dyne.org>. More information on all
|
||||
the developers involved is found in the [AUTHORS](AUTHORS.md) file.
|
||||
|
||||
|
30
doc/tomb.1
30
doc/tomb.1
@ -268,6 +268,18 @@ key: forces a delay of \fI<itertime>\fR times every time this key is
|
||||
used. The actual time to wait depends on the CPU speed of the
|
||||
computer where the key is used. Using 5 or 10 is a sane amount for
|
||||
modern computers, the value is multiplied by 1 million.
|
||||
.B
|
||||
.IP "--sphx-user \fI<username>\fR"
|
||||
Activate the SPHINX feature for password-authenticated key agreement.
|
||||
This option indicates the \fI<username>\fR used to retrieve the
|
||||
password from a sphinx oracle key reachable via TCP/IP.
|
||||
|
||||
.IP "--sphx-host \fI<domain>\fR"
|
||||
Activate the SPHINX feature for password-authenticated key agreement.
|
||||
This option indicates the \fI<domain>\fR used to retrieve the password
|
||||
from a sphinx oracle daemon reachable via TCP/IP. This is not the
|
||||
network address of the daemon, which is configured in /etc/sphinx
|
||||
|
||||
.B
|
||||
.IP "-h"
|
||||
Display a help text and quit.
|
||||
@ -444,6 +456,24 @@ its copies are destroyed. The \fI-r\fR option can be used in the tomb
|
||||
commands: \fIopen\fR, \fIforge\fR \fIsetkey\fR, \fIpasswd\fR,
|
||||
\fIbury\fR, \fIexhume\fR and \fIresize\fR.
|
||||
|
||||
.SH SPHINX (PAKE)
|
||||
|
||||
Using the package libsphinx
|
||||
.UR https://github.com/stef/libsphinx
|
||||
.UE
|
||||
and its python client/daemon implementation pwdsphinx
|
||||
.UR https://github.com/stef/pwdsphinx
|
||||
.UE
|
||||
is possible to store and retrieve safely the password that locks the
|
||||
tomb. Using this feature will make it impossible to retrieve the
|
||||
password without the oracle sphinx server running and reachable. Each
|
||||
key entry needs a username and a domain specified on creation and
|
||||
a password that locks it.
|
||||
|
||||
SPHINX makes it impossible to mailiciously retrieve the password
|
||||
locking the tomb key without an attacker accessing both the
|
||||
server, the sphinx password and the tomb key file.
|
||||
|
||||
.SH EXAMPLES
|
||||
|
||||
.IP \(bu
|
||||
|
6
tomb
6
tomb
@ -7,7 +7,7 @@
|
||||
|
||||
# {{{ License
|
||||
|
||||
# Copyright (C) 2007-2018 Dyne.org Foundation
|
||||
# Copyright (C) 2007-2019 Dyne.org Foundation
|
||||
#
|
||||
# Tomb is designed, written and maintained by Denis Roio <jaromil@dyne.org>
|
||||
#
|
||||
@ -44,8 +44,8 @@
|
||||
|
||||
# {{{ Global variables
|
||||
|
||||
typeset VERSION="2.5"
|
||||
typeset DATE="Jan/2018"
|
||||
typeset VERSION="2.6"
|
||||
typeset DATE="May/2019"
|
||||
typeset TOMBEXEC=$0
|
||||
typeset TMPPREFIX=${TMPPREFIX:-/tmp}
|
||||
# TODO: configure which tmp dir to use from a cli flag
|
||||
|
Loading…
Reference in New Issue
Block a user