documentation updates for release

This commit is contained in:
Jaromil 2014-06-09 12:22:33 +02:00
parent 9bc0bd762b
commit f6885729ac
7 changed files with 82 additions and 27 deletions

View File

@ -5,8 +5,9 @@ Tomb includes code by Anathema, Boyska and Hellekin O. Wolf.
Tomb's artwork is contributed by Jordi aka Mon Mort
Testing and reviews are contributed by Dreamer, Shining, Mancausoft,
Asbesto Molesto and Nignux.
Testing, reviews and documentation are contributed by Dreamer,
Shining, Mancausoft, Asbesto Molesto, Nignux, Vlax, Reiven and
GDrooid.
Cryptsetup was developed by Christophe Saout and Clemens Fruhwirth

View File

@ -1,5 +1,13 @@
# Tomb ChangeLog
## 1.5.3
### June 2014
Various usability fixes and documentation updates. Password changing
and key changing procedures have been refactored and dev-mode
operation from scripts has been tested against a few new wrappers
being developed. A strings file is made available for translators.
## 1.5.2
### February 2014

View File

@ -1,11 +1,14 @@
* Versioning and stdin key piping in 1.5
# Versioning and stdin key
## 1.5
Due to distraction tomb version 1.5 displays its version as 1.4.
Also version 1.5 did not work when using -k - to pipe keys from
stdin, plus left the encrypted keys laying around in RAM (tmpfs).
This was a minor vulnerability fixed in 1.5.1.
* Compatibility broken in old Tomb 1.3 and 1.3.1
# Key compatibility broken
## 1.3 and 1.3.1
Due to an error in the creation and decoding of key files, release
versions 1.3 and 1.3.1 cannot open older tombs, plus the tombs created

View File

@ -16,7 +16,7 @@
Latest version: **1.5.3**
http://dyne.org/software/tomb
Updates on website: http://dyne.org/software/tomb
# What is Tomb, the crypto undertaker
@ -29,6 +29,16 @@ standard filesystem tools (GNU) and the cryptographic API of the Linux
kernel (cryptsetup and LUKS). Tomb can also produce machine parsable
output to facilitate its use inside graphical applications.
# Plea for support
If you like to support the development of this project, please rate it
and endorse it on the CHEST funding platform:
http://ideas.chest-project.eu/?q=node/3433
We are seeking funding to continue this free and open source development.
It does not require much, just a registration and rating. Thanks.
# How does it works
For the instructions on how to get started using Tomb, see [INSTALL](INSTALL.md).

View File

@ -132,11 +132,13 @@ Later on we've felt the urgency to publishing this mechanism for other
operating systems than dyne:bolic since the current situation in
personal desktop encryption is far from optimal. Let's have a look.
\index{truecrypt}
[[http://en.wikipedia.org/wiki/TrueCrypt][TrueCrypt]] makes use of statically linked libraries so that its code is
hard to audit, plus is [[http://lists.freedesktop.org/archives/distributions/2008-October/000276.html][not considered free]] by free operating system
distributors because of liability reasons, see [[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=364034][Debian]], [[https://bugs.edge.launchpad.net/ubuntu/+bug/109701][Ubuntu]], [[http://lists.opensuse.org/opensuse-buildservice/2008-10/msg00055.html][Suse]],
[[http://bugs.gentoo.org/show_bug.cgi?id=241650][Gentoo]] and [[https://fedoraproject.org/wiki/ForbiddenItems#TrueCrypt][Fedora]].
\index{truecrypt} [[http://en.wikipedia.org/wiki/TrueCrypt][TrueCrypt]] makes use of statically linked libraries
so that its code is hard to audit, plus is [[http://lists.freedesktop.org/archives/distributions/2008-October/000276.html][not considered free]] by free
operating system distributors because of liability reasons, see
[[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=364034][Debian]], [[https://bugs.edge.launchpad.net/ubuntu/+bug/109701][Ubuntu]], [[http://lists.opensuse.org/opensuse-buildservice/2008-10/msg00055.html][Suse]], [[http://bugs.gentoo.org/show_bug.cgi?id=241650][Gentoo]] and [[https://fedoraproject.org/wiki/ForbiddenItems#TrueCrypt][Fedora]]. For these and other reasons -
presumably very sad ones for its users - Truecrypt has also been
discontinued.
\index{cryptkeeper}
[[http://tom.noflag.org.uk/cryptkeeper.html][Cryptkeeper]] is the best alternative to Tomb out there and its main

View File

@ -73,7 +73,9 @@ mount(8) options (default: rw,noatime,nodev).
List all the tombs found open, including information about the time
they were opened and the hooks that they mounted. If the first
argument is present, then shows only the tomb named that way or
returns an error if its not found.
returns an error if its not found. If the option
\fI--get-mountpoint\fR is used then print a simple list of currently
open tomb mountpoint paths.
.B
.IP "index"
@ -174,11 +176,10 @@ adding a '.key' suffix, but can be later renamed and transported on
other media. If \fI<keyfile>\fR is "-" (dash), it will read it from
stdin.
.B
.IP "--kdf \fI<seconds>\fR"
.IP "--kdf \fI<iterations>\fR"
Activate the KDF feature against dictionary attacks when creating a
key: forces a delay of \fI<seconds>\fR every time this key is
used. This feature is still \fIexperimental\fR and not recommended in
production environments.
key: forces a delay of \fI<iterations>\fR (integer multiplied by 10k)
every time this key is used.
.B
.IP "-n"
Skip processing of post-hooks and bind-hooks if found inside the tomb.
@ -186,32 +187,62 @@ See the \fIHOOKS\fR section in this manual for more information.
.B
.IP "-o"
Manually specify mount options to be used when opening a tomb instead
of the default \fIrw,noatime,nodev\fR. This option can be used to
mount a tomb read-only (ro) to prevent any modification of its data,
or to experiment with other settings (if you really know what you are
doing) see the mount(8) man page.
of the default \fIrw,noatime,nodev\fR, i.e. to mount a tomb read-only
(ro) to prevent any modification of its data. Can also be used to
change the symmetric encryption algorithm for keys during \fIforge\fR
operations (default \fIAES256\fR) or the LUKS encryption method during
\fIlock\fR operations (default \fIaes-xts-plain64:sha256\fR).
.B
.IP "-f"
Force flag, currently used to override swap checks, might be
overriding more wimpy behaviours in future, but make sure you know
what you are doing if you force an operation...
what you are doing if you force an operation.
.B
.IP "-h"
Display a help text and quit
Display a help text and quit.
.B
.IP "-v"
Display version and quit
Display version and quit.
.B
.IP "-q"
Run more quietly
.B
.IP "-D"
Print more information while running, for debugging purposes
.SH DEV MODE
.B
.IP "--no-color"
Don't use colors; useful for old terminals or integration in other
scripts parsers
Suppress colors in console output (needed for string parsing by
wrappers).
.B
.IP "--unsecure-dev-mode"
Enable using dev-mode arguments, i.e. to pass passwords from
commandline options. This is mostly used needed for execution by
wrappers and testing suite.
.B
.IP "--use-urandom"
Use an inferior quality random source to improve the speed of key
generation at the cost of security (neede for the testing suite).
.B
.IP "--sudo-pwd <string>"
Use string as password when needed for privilege escalation via sudo.
.B
.IP "--tomb-pwd <string>"
Use string as password when needed on tomb.
.B
.IP "--tomb-old-pwd <string>"
Use string as old password when needed in tomb commands requiring
multiple keys, like \fIpasswd\fR or \fIsetkey\fR.
.B
.IP "-U --uid"
Switch to this user ID when dropping privileges.
.B
.IP "-G --gid"
Switch to this group ID when dropping privileges.
.B
.IP "-T --tty"
Switch to this TTY terminal when dropping privileges.
.SH HOOKS

4
tomb
View File

@ -40,8 +40,8 @@
# {{{ Global variables
VERSION=1.5.2
DATE="Feb/2014"
VERSION=1.5.3
DATE="Jun/2014"
TOMBEXEC=$0
typeset -a OLDARGS
for arg in ${argv}; do OLDARGS+=($arg); done