mirror of
https://github.com/Llewellynvdm/Tomb.git
synced 2024-09-23 02:09:02 +00:00
documentation updates for release
known bugs, changelog and manual for sphinx
This commit is contained in:
parent
0af46fe3c1
commit
e45c005c88
14
ChangeLog.md
14
ChangeLog.md
@ -1,5 +1,19 @@
|
|||||||
# Tomb ChangeLog
|
# Tomb ChangeLog
|
||||||
|
|
||||||
|
## 2.6
|
||||||
|
### May 2019
|
||||||
|
|
||||||
|
This release adds new features and provides an important fix for usage
|
||||||
|
of Tomb with cryptsetup 2.1 and future versions; it also fixes a
|
||||||
|
whitespace bug in KDF passwords, all fixes are documented in
|
||||||
|
KNOWN_BUGS. A notable new feature is the libsphinx integration for
|
||||||
|
password-authenticated key agreement (PAKE). Another feature is the
|
||||||
|
integration of cloakify to support new cloak/uncloak commands that
|
||||||
|
hide keys inside long text files. Also support for gpg sub-keys has
|
||||||
|
been added and overall gpg asymmetric key protection is improved.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
## 2.5
|
## 2.5
|
||||||
### January 2018
|
### January 2018
|
||||||
|
|
||||||
|
@ -1,3 +1,14 @@
|
|||||||
|
# Cryptsetup change of default to luks2
|
||||||
|
## Issue opening tombs with cryptsetup >2.0
|
||||||
|
|
||||||
|
Tomb uses the cryptsetup LUKS volume header default to type luks1
|
||||||
|
which has been for long the default in cryptsetup. But starting from
|
||||||
|
cryptsetup v2.1 a new default has been introduced (luks2) and the
|
||||||
|
--type option added to specify the old luks1.
|
||||||
|
|
||||||
|
Using Tomb version 2.6 (and future releases) the problem opening tombs
|
||||||
|
using recent GNU/Linux distributions is fixed.
|
||||||
|
|
||||||
# Whitespaces in KDF passwords
|
# Whitespaces in KDF passwords
|
||||||
## Issue affecting passwords used with PBKDF2 keys (<2.6)
|
## Issue affecting passwords used with PBKDF2 keys (<2.6)
|
||||||
|
|
||||||
|
@ -289,7 +289,7 @@ IRC on https://irc.dyne.org channel **#dyne** (or direct port 9999 SSL)
|
|||||||
|
|
||||||
# Licensing
|
# Licensing
|
||||||
|
|
||||||
Tomb is Copyright (C) 2007-2018 by the Dyne.org Foundation and
|
Tomb is Copyright (C) 2007-2019 by the Dyne.org Foundation and
|
||||||
maintained by Denis Roio <jaromil@dyne.org>. More information on all
|
maintained by Denis Roio <jaromil@dyne.org>. More information on all
|
||||||
the developers involved is found in the [AUTHORS](AUTHORS.md) file.
|
the developers involved is found in the [AUTHORS](AUTHORS.md) file.
|
||||||
|
|
||||||
|
30
doc/tomb.1
30
doc/tomb.1
@ -268,6 +268,18 @@ key: forces a delay of \fI<itertime>\fR times every time this key is
|
|||||||
used. The actual time to wait depends on the CPU speed of the
|
used. The actual time to wait depends on the CPU speed of the
|
||||||
computer where the key is used. Using 5 or 10 is a sane amount for
|
computer where the key is used. Using 5 or 10 is a sane amount for
|
||||||
modern computers, the value is multiplied by 1 million.
|
modern computers, the value is multiplied by 1 million.
|
||||||
|
.B
|
||||||
|
.IP "--sphx-user \fI<username>\fR"
|
||||||
|
Activate the SPHINX feature for password-authenticated key agreement.
|
||||||
|
This option indicates the \fI<username>\fR used to retrieve the
|
||||||
|
password from a sphinx oracle key reachable via TCP/IP.
|
||||||
|
|
||||||
|
.IP "--sphx-host \fI<domain>\fR"
|
||||||
|
Activate the SPHINX feature for password-authenticated key agreement.
|
||||||
|
This option indicates the \fI<domain>\fR used to retrieve the password
|
||||||
|
from a sphinx oracle daemon reachable via TCP/IP. This is not the
|
||||||
|
network address of the daemon, which is configured in /etc/sphinx
|
||||||
|
|
||||||
.B
|
.B
|
||||||
.IP "-h"
|
.IP "-h"
|
||||||
Display a help text and quit.
|
Display a help text and quit.
|
||||||
@ -444,6 +456,24 @@ its copies are destroyed. The \fI-r\fR option can be used in the tomb
|
|||||||
commands: \fIopen\fR, \fIforge\fR \fIsetkey\fR, \fIpasswd\fR,
|
commands: \fIopen\fR, \fIforge\fR \fIsetkey\fR, \fIpasswd\fR,
|
||||||
\fIbury\fR, \fIexhume\fR and \fIresize\fR.
|
\fIbury\fR, \fIexhume\fR and \fIresize\fR.
|
||||||
|
|
||||||
|
.SH SPHINX (PAKE)
|
||||||
|
|
||||||
|
Using the package libsphinx
|
||||||
|
.UR https://github.com/stef/libsphinx
|
||||||
|
.UE
|
||||||
|
and its python client/daemon implementation pwdsphinx
|
||||||
|
.UR https://github.com/stef/pwdsphinx
|
||||||
|
.UE
|
||||||
|
is possible to store and retrieve safely the password that locks the
|
||||||
|
tomb. Using this feature will make it impossible to retrieve the
|
||||||
|
password without the oracle sphinx server running and reachable. Each
|
||||||
|
key entry needs a username and a domain specified on creation and
|
||||||
|
a password that locks it.
|
||||||
|
|
||||||
|
SPHINX makes it impossible to mailiciously retrieve the password
|
||||||
|
locking the tomb key without an attacker accessing both the
|
||||||
|
server, the sphinx password and the tomb key file.
|
||||||
|
|
||||||
.SH EXAMPLES
|
.SH EXAMPLES
|
||||||
|
|
||||||
.IP \(bu
|
.IP \(bu
|
||||||
|
6
tomb
6
tomb
@ -7,7 +7,7 @@
|
|||||||
|
|
||||||
# {{{ License
|
# {{{ License
|
||||||
|
|
||||||
# Copyright (C) 2007-2018 Dyne.org Foundation
|
# Copyright (C) 2007-2019 Dyne.org Foundation
|
||||||
#
|
#
|
||||||
# Tomb is designed, written and maintained by Denis Roio <jaromil@dyne.org>
|
# Tomb is designed, written and maintained by Denis Roio <jaromil@dyne.org>
|
||||||
#
|
#
|
||||||
@ -44,8 +44,8 @@
|
|||||||
|
|
||||||
# {{{ Global variables
|
# {{{ Global variables
|
||||||
|
|
||||||
typeset VERSION="2.5"
|
typeset VERSION="2.6"
|
||||||
typeset DATE="Jan/2018"
|
typeset DATE="May/2019"
|
||||||
typeset TOMBEXEC=$0
|
typeset TOMBEXEC=$0
|
||||||
typeset TMPPREFIX=${TMPPREFIX:-/tmp}
|
typeset TMPPREFIX=${TMPPREFIX:-/tmp}
|
||||||
# TODO: configure which tmp dir to use from a cli flag
|
# TODO: configure which tmp dir to use from a cli flag
|
||||||
|
Loading…
Reference in New Issue
Block a user