documentation updates for release

This commit is contained in:
Jaromil 2014-06-09 12:22:33 +02:00
parent 9bc0bd762b
commit f6885729ac
7 changed files with 82 additions and 27 deletions

View File

@ -5,8 +5,9 @@ Tomb includes code by Anathema, Boyska and Hellekin O. Wolf.
Tomb's artwork is contributed by Jordi aka Mon Mort Tomb's artwork is contributed by Jordi aka Mon Mort
Testing and reviews are contributed by Dreamer, Shining, Mancausoft, Testing, reviews and documentation are contributed by Dreamer,
Asbesto Molesto and Nignux. Shining, Mancausoft, Asbesto Molesto, Nignux, Vlax, Reiven and
GDrooid.
Cryptsetup was developed by Christophe Saout and Clemens Fruhwirth Cryptsetup was developed by Christophe Saout and Clemens Fruhwirth

View File

@ -1,5 +1,13 @@
# Tomb ChangeLog # Tomb ChangeLog
## 1.5.3
### June 2014
Various usability fixes and documentation updates. Password changing
and key changing procedures have been refactored and dev-mode
operation from scripts has been tested against a few new wrappers
being developed. A strings file is made available for translators.
## 1.5.2 ## 1.5.2
### February 2014 ### February 2014

View File

@ -1,11 +1,14 @@
* Versioning and stdin key piping in 1.5 # Versioning and stdin key
## 1.5
Due to distraction tomb version 1.5 displays its version as 1.4. Due to distraction tomb version 1.5 displays its version as 1.4.
Also version 1.5 did not work when using -k - to pipe keys from Also version 1.5 did not work when using -k - to pipe keys from
stdin, plus left the encrypted keys laying around in RAM (tmpfs). stdin, plus left the encrypted keys laying around in RAM (tmpfs).
This was a minor vulnerability fixed in 1.5.1. This was a minor vulnerability fixed in 1.5.1.
* Compatibility broken in old Tomb 1.3 and 1.3.1 # Key compatibility broken
## 1.3 and 1.3.1
Due to an error in the creation and decoding of key files, release Due to an error in the creation and decoding of key files, release
versions 1.3 and 1.3.1 cannot open older tombs, plus the tombs created versions 1.3 and 1.3.1 cannot open older tombs, plus the tombs created

View File

@ -16,7 +16,7 @@
Latest version: **1.5.3** Latest version: **1.5.3**
http://dyne.org/software/tomb Updates on website: http://dyne.org/software/tomb
# What is Tomb, the crypto undertaker # What is Tomb, the crypto undertaker
@ -29,6 +29,16 @@ standard filesystem tools (GNU) and the cryptographic API of the Linux
kernel (cryptsetup and LUKS). Tomb can also produce machine parsable kernel (cryptsetup and LUKS). Tomb can also produce machine parsable
output to facilitate its use inside graphical applications. output to facilitate its use inside graphical applications.
# Plea for support
If you like to support the development of this project, please rate it
and endorse it on the CHEST funding platform:
http://ideas.chest-project.eu/?q=node/3433
We are seeking funding to continue this free and open source development.
It does not require much, just a registration and rating. Thanks.
# How does it works # How does it works
For the instructions on how to get started using Tomb, see [INSTALL](INSTALL.md). For the instructions on how to get started using Tomb, see [INSTALL](INSTALL.md).

View File

@ -132,11 +132,13 @@ Later on we've felt the urgency to publishing this mechanism for other
operating systems than dyne:bolic since the current situation in operating systems than dyne:bolic since the current situation in
personal desktop encryption is far from optimal. Let's have a look. personal desktop encryption is far from optimal. Let's have a look.
\index{truecrypt} \index{truecrypt} [[http://en.wikipedia.org/wiki/TrueCrypt][TrueCrypt]] makes use of statically linked libraries
[[http://en.wikipedia.org/wiki/TrueCrypt][TrueCrypt]] makes use of statically linked libraries so that its code is so that its code is hard to audit, plus is [[http://lists.freedesktop.org/archives/distributions/2008-October/000276.html][not considered free]] by free
hard to audit, plus is [[http://lists.freedesktop.org/archives/distributions/2008-October/000276.html][not considered free]] by free operating system operating system distributors because of liability reasons, see
distributors because of liability reasons, see [[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=364034][Debian]], [[https://bugs.edge.launchpad.net/ubuntu/+bug/109701][Ubuntu]], [[http://lists.opensuse.org/opensuse-buildservice/2008-10/msg00055.html][Suse]], [[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=364034][Debian]], [[https://bugs.edge.launchpad.net/ubuntu/+bug/109701][Ubuntu]], [[http://lists.opensuse.org/opensuse-buildservice/2008-10/msg00055.html][Suse]], [[http://bugs.gentoo.org/show_bug.cgi?id=241650][Gentoo]] and [[https://fedoraproject.org/wiki/ForbiddenItems#TrueCrypt][Fedora]]. For these and other reasons -
[[http://bugs.gentoo.org/show_bug.cgi?id=241650][Gentoo]] and [[https://fedoraproject.org/wiki/ForbiddenItems#TrueCrypt][Fedora]]. presumably very sad ones for its users - Truecrypt has also been
discontinued.
\index{cryptkeeper} \index{cryptkeeper}
[[http://tom.noflag.org.uk/cryptkeeper.html][Cryptkeeper]] is the best alternative to Tomb out there and its main [[http://tom.noflag.org.uk/cryptkeeper.html][Cryptkeeper]] is the best alternative to Tomb out there and its main

View File

@ -73,7 +73,9 @@ mount(8) options (default: rw,noatime,nodev).
List all the tombs found open, including information about the time List all the tombs found open, including information about the time
they were opened and the hooks that they mounted. If the first they were opened and the hooks that they mounted. If the first
argument is present, then shows only the tomb named that way or argument is present, then shows only the tomb named that way or
returns an error if its not found. returns an error if its not found. If the option
\fI--get-mountpoint\fR is used then print a simple list of currently
open tomb mountpoint paths.
.B .B
.IP "index" .IP "index"
@ -174,11 +176,10 @@ adding a '.key' suffix, but can be later renamed and transported on
other media. If \fI<keyfile>\fR is "-" (dash), it will read it from other media. If \fI<keyfile>\fR is "-" (dash), it will read it from
stdin. stdin.
.B .B
.IP "--kdf \fI<seconds>\fR" .IP "--kdf \fI<iterations>\fR"
Activate the KDF feature against dictionary attacks when creating a Activate the KDF feature against dictionary attacks when creating a
key: forces a delay of \fI<seconds>\fR every time this key is key: forces a delay of \fI<iterations>\fR (integer multiplied by 10k)
used. This feature is still \fIexperimental\fR and not recommended in every time this key is used.
production environments.
.B .B
.IP "-n" .IP "-n"
Skip processing of post-hooks and bind-hooks if found inside the tomb. Skip processing of post-hooks and bind-hooks if found inside the tomb.
@ -186,32 +187,62 @@ See the \fIHOOKS\fR section in this manual for more information.
.B .B
.IP "-o" .IP "-o"
Manually specify mount options to be used when opening a tomb instead Manually specify mount options to be used when opening a tomb instead
of the default \fIrw,noatime,nodev\fR. This option can be used to of the default \fIrw,noatime,nodev\fR, i.e. to mount a tomb read-only
mount a tomb read-only (ro) to prevent any modification of its data, (ro) to prevent any modification of its data. Can also be used to
or to experiment with other settings (if you really know what you are change the symmetric encryption algorithm for keys during \fIforge\fR
doing) see the mount(8) man page. operations (default \fIAES256\fR) or the LUKS encryption method during
\fIlock\fR operations (default \fIaes-xts-plain64:sha256\fR).
.B .B
.IP "-f" .IP "-f"
Force flag, currently used to override swap checks, might be Force flag, currently used to override swap checks, might be
overriding more wimpy behaviours in future, but make sure you know overriding more wimpy behaviours in future, but make sure you know
what you are doing if you force an operation... what you are doing if you force an operation.
.B .B
.IP "-h" .IP "-h"
Display a help text and quit Display a help text and quit.
.B .B
.IP "-v" .IP "-v"
Display version and quit Display version and quit.
.B .B
.IP "-q" .IP "-q"
Run more quietly Run more quietly
.B .B
.IP "-D" .IP "-D"
Print more information while running, for debugging purposes Print more information while running, for debugging purposes
.SH DEV MODE
.B .B
.IP "--no-color" .IP "--no-color"
Don't use colors; useful for old terminals or integration in other Suppress colors in console output (needed for string parsing by
scripts parsers wrappers).
.B
.IP "--unsecure-dev-mode"
Enable using dev-mode arguments, i.e. to pass passwords from
commandline options. This is mostly used needed for execution by
wrappers and testing suite.
.B
.IP "--use-urandom"
Use an inferior quality random source to improve the speed of key
generation at the cost of security (neede for the testing suite).
.B
.IP "--sudo-pwd <string>"
Use string as password when needed for privilege escalation via sudo.
.B
.IP "--tomb-pwd <string>"
Use string as password when needed on tomb.
.B
.IP "--tomb-old-pwd <string>"
Use string as old password when needed in tomb commands requiring
multiple keys, like \fIpasswd\fR or \fIsetkey\fR.
.B
.IP "-U --uid"
Switch to this user ID when dropping privileges.
.B
.IP "-G --gid"
Switch to this group ID when dropping privileges.
.B
.IP "-T --tty"
Switch to this TTY terminal when dropping privileges.
.SH HOOKS .SH HOOKS

4
tomb
View File

@ -40,8 +40,8 @@
# {{{ Global variables # {{{ Global variables
VERSION=1.5.2 VERSION=1.5.3
DATE="Feb/2014" DATE="Jun/2014"
TOMBEXEC=$0 TOMBEXEC=$0
typeset -a OLDARGS typeset -a OLDARGS
for arg in ${argv}; do OLDARGS+=($arg); done for arg in ${argv}; do OLDARGS+=($arg); done