diff --git a/TODO.org b/TODO.org index 9b464df..9f90d25 100644 --- a/TODO.org +++ b/TODO.org @@ -3,7 +3,7 @@ TODO and Roadmap for Tomb you are welcome to send patches to jaromil@dyne.org -* TODO Release 1.0 :85%: +* TODO Release 1.0 :90%: ** [#A] fix operation without DISPLAY (over SSH) :hellekin: ** TODO [#A] SLAM tomb and kill all applications using it @@ -13,13 +13,7 @@ you are welcome to send patches to jaromil@dyne.org now tomb-dialog or something like that would be useful it askpass and dialog might melt together into one binary later. - -** TODO [#A] steganography to store tomb key - - steghide can hide keys in JPG, BMP, WAV or AU files it also takes - care of compressing end encrypting the key file so we don't - necessarily need gpg... it has Serpent and AES256 (CBC) -** [#B] incremental backup system using bup :jaromil: +** [#A] incremental backup system using bup :jaromil: tombs are modifed only where needed so file changes are local to the file segment where data is stored. i've tested this idea and it @@ -29,6 +23,12 @@ you are welcome to send patches to jaromil@dyne.org ** TODO [#C] make one single status handle more tombs ** TODO [#C] decorate creation wizard with ASCII art +** DONE [#A] steganography to store tomb key :jaromil: + + steghide can hide keys in JPG, BMP, WAV or AU files it also takes + care of compressing end encrypting the key file so we don't + necessarily need gpg... it has Serpent and AES256 (CBC) + ** DONE [#A] use a posix thread instead of fork for status close :jaromil: ** DONE [#A] use a config file to map bind mounts :jaromil: diff --git a/doc/tomb.1 b/doc/tomb.1 index d4234da..6a3df2a 100644 --- a/doc/tomb.1 +++ b/doc/tomb.1 @@ -1,11 +1,11 @@ -.TH tomb 1 "February 6, 2011" "tomb" +.TH tomb 1 "February 12, 2011" "tomb" .SH NAME Tomb \- the Crypto Undertaker .SH SYNOPSIS .B -.IP "tomb [options] command [file] [mountpoint]" +.IP "tomb [options] command [arguments]" .B .IP "tomb-open [file]" .B @@ -29,14 +29,11 @@ hidden in a filesystem; it encourages users to keep their keys separate from tombs, for instance keeping a tomb file on your computer harddisk and its key file on a USB stick. -When used from commandline, \fIfile\fR is the name of the tomb to be -created or opened, while \fImountpoint\fR is an existing directory -where its contents should be made accessible. - -For simplified use, the command \fItomb-open\fR can be used to start a -wizard that guides users in the creation of a new tomb or, if the -\fIfile\fR argument is specified, to open a tomb and make it -accessible in a default location under the /media folder. +For simplified use, the command \fItomb-open\fR starts a wizard that +guides users in the creation of a new tomb or, if an \fIargument\fR is +specified, opens a the tomb file pointed by it and makes it accessible +in a default location under the /media folder, starting the status +tray icon if a desktop is present. The other commands \fItomb-status\fR and \fItomb-askpass\fR are for internal use (they are called by tomb with the right arguments) and @@ -45,20 +42,41 @@ interface. .SH COMMANDS + .B .IP "create" -Create a new encrypted storage \fIfile\fR and its keys +Creates a new encrypted storage tomb and its key, named as specified +by the given \fIargument\fR. + .B .IP "open" -Opens an existing tomb \fIfile\fR. The \fImountpoint\fR where the tomb -will be made accessible can be specified, if not the default is to -create a directory named like the tomb inside /media. +Opens an existing tomb file specified in the \fIfirst argument\fR. If +a \fIsecond argument\fR is given it will indicate the \fImountpoint\fR +where the tomb should be made accessible, if not then the tomb is +mounted in a directory named after the filename and inside /media. + .B .IP "close" -Closes a currently open tomb. When \fIfile\fR is specified, it should -point to the /dev/mapper name used to mount the tomb; if \fIfile\fR is -not specified and only one tomb is open, then it will be closed; if -multiple tombs are open, the command will list them on the terminal. +Closes a currently open tomb. When \fIan argument\fR is specified, it +should point to the tomb mount on /dev/mapper; if not specified and +only one tomb is open then it will be closed; if multiple tombs are +open, the command will list them on the terminal. The special +\fIargument\fR 'all' will close all currently open tombs. + +.B +.IP "bury" +Hides a tomb key (\fIfirst argument\fR) inside a jpeg image (\fIsecond +argument\fR) using steganography: the image will change in a way that +cannot be noticed by human eyes and the presence of the key inside it +isn't detectable without the right password. This option is useful to +backup tomb keys in unsuspected places; it uses steghide and the +serpent encryption algorithm. + +.B +.IP "exhume" +Extracts a named tomb key (\fIfirst argument\fR) from a (jpeg) image file +(\fIsecond argument\fR) known to be containing it, if the right password is +given. This is used to recoved buried keys from unsuspected places. .SH OPTIONS .B diff --git a/src/tomb b/src/tomb index b0a5dbc..b212e4b 100755 --- a/src/tomb +++ b/src/tomb @@ -283,8 +283,9 @@ while true; do act "create create a new encrypted storage FILE and keys" act "open open an existing tomb FILE on MOUNTPOINT" act "close closes the tomb on MOUNTPOINT" - act "decode read a hidden tomb key from a JPEG image" - act "encode hide the tomb key inside a JPEG image" + act "bury hide a tomb key inside an jpeg image" + act "exhume extract an hidden tomb key from a jpeg image" + act "" notice "Options:" act "-s size of the storage file when creating one (MB)" @@ -1016,8 +1017,8 @@ case "$CMD" in unmount) check_priv ; umount_tomb ${CMD2} ;; close) check_priv ; umount_tomb ${CMD2} ;; - encode) encode_key ${CMD2} ${CMD3} ;; - decode) decode_key ${CMD2} ;; + bury) encode_key ${CMD2} ${CMD3} ;; + exhume) decode_key ${CMD2} ;; install) check_priv ; install_tomb ;;