documentation updates for release

known bugs, changelog and manual for sphinx
This commit is contained in:
Jaromil 2019-05-30 18:48:30 +02:00
parent 0af46fe3c1
commit e45c005c88
5 changed files with 59 additions and 4 deletions

View File

@ -1,5 +1,19 @@
# Tomb ChangeLog
## 2.6
### May 2019
This release adds new features and provides an important fix for usage
of Tomb with cryptsetup 2.1 and future versions; it also fixes a
whitespace bug in KDF passwords, all fixes are documented in
KNOWN_BUGS. A notable new feature is the libsphinx integration for
password-authenticated key agreement (PAKE). Another feature is the
integration of cloakify to support new cloak/uncloak commands that
hide keys inside long text files. Also support for gpg sub-keys has
been added and overall gpg asymmetric key protection is improved.
## 2.5
### January 2018

View File

@ -1,3 +1,14 @@
# Cryptsetup change of default to luks2
## Issue opening tombs with cryptsetup >2.0
Tomb uses the cryptsetup LUKS volume header default to type luks1
which has been for long the default in cryptsetup. But starting from
cryptsetup v2.1 a new default has been introduced (luks2) and the
--type option added to specify the old luks1.
Using Tomb version 2.6 (and future releases) the problem opening tombs
using recent GNU/Linux distributions is fixed.
# Whitespaces in KDF passwords
## Issue affecting passwords used with PBKDF2 keys (<2.6)

View File

@ -289,7 +289,7 @@ IRC on https://irc.dyne.org channel **#dyne** (or direct port 9999 SSL)
# Licensing
Tomb is Copyright (C) 2007-2018 by the Dyne.org Foundation and
Tomb is Copyright (C) 2007-2019 by the Dyne.org Foundation and
maintained by Denis Roio <jaromil@dyne.org>. More information on all
the developers involved is found in the [AUTHORS](AUTHORS.md) file.

View File

@ -268,6 +268,18 @@ key: forces a delay of \fI<itertime>\fR times every time this key is
used. The actual time to wait depends on the CPU speed of the
computer where the key is used. Using 5 or 10 is a sane amount for
modern computers, the value is multiplied by 1 million.
.B
.IP "--sphx-user \fI<username>\fR"
Activate the SPHINX feature for password-authenticated key agreement.
This option indicates the \fI<username>\fR used to retrieve the
password from a sphinx oracle key reachable via TCP/IP.
.IP "--sphx-host \fI<domain>\fR"
Activate the SPHINX feature for password-authenticated key agreement.
This option indicates the \fI<domain>\fR used to retrieve the password
from a sphinx oracle daemon reachable via TCP/IP. This is not the
network address of the daemon, which is configured in /etc/sphinx
.B
.IP "-h"
Display a help text and quit.
@ -444,6 +456,24 @@ its copies are destroyed. The \fI-r\fR option can be used in the tomb
commands: \fIopen\fR, \fIforge\fR \fIsetkey\fR, \fIpasswd\fR,
\fIbury\fR, \fIexhume\fR and \fIresize\fR.
.SH SPHINX (PAKE)
Using the package libsphinx
.UR https://github.com/stef/libsphinx
.UE
and its python client/daemon implementation pwdsphinx
.UR https://github.com/stef/pwdsphinx
.UE
is possible to store and retrieve safely the password that locks the
tomb. Using this feature will make it impossible to retrieve the
password without the oracle sphinx server running and reachable. Each
key entry needs a username and a domain specified on creation and
a password that locks it.
SPHINX makes it impossible to mailiciously retrieve the password
locking the tomb key without an attacker accessing both the
server, the sphinx password and the tomb key file.
.SH EXAMPLES
.IP \(bu

6
tomb
View File

@ -7,7 +7,7 @@
# {{{ License
# Copyright (C) 2007-2018 Dyne.org Foundation
# Copyright (C) 2007-2019 Dyne.org Foundation
#
# Tomb is designed, written and maintained by Denis Roio <jaromil@dyne.org>
#
@ -44,8 +44,8 @@
# {{{ Global variables
typeset VERSION="2.5"
typeset DATE="Jan/2018"
typeset VERSION="2.6"
typeset DATE="May/2019"
typeset TOMBEXEC=$0
typeset TMPPREFIX=${TMPPREFIX:-/tmp}
# TODO: configure which tmp dir to use from a cli flag