Llewellyn/Tomb
1
1
Fork 0
mirror of https://github.com/Llewellynvdm/Tomb.git synced 2024-06-19 10:32:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

documentation updates and reorganisation

Browse Source 
Added two new sections to the manpage: deniability and password.
Small actualisation of the install instructions.
This commit is contained in:
Jaromil 2017-01-02 12:02:23 +01:00
parent 843b7fdfc4
commit fa145074f8
4 changed files with 59 additions and 78 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
AUTHORS.md
View File

@ -21,8 +21,8 @@ Augello and Swedish translation by PLJ / Kosovoper.
Testing, reviews and documentation contributed by Dreamer, Vlax,
Shining the Translucent, Mancausoft, Asbesto Molesto, Nignux, TheJH,
The Grugq, Reiven, GDrooid, Alphazo, Brian May, fsLeg, JoelMon,
Narrat, x3nu, Jim Turner, Maxime Arthaud, RobertMX, and...
the Linux Action Show!
Narrat, x3nu, Jim Turner, Maxime Arthaud, RobertMX, mhogomchungu
and... the Linux Action Show!
Tomb includes an implementation of the "Password-Based Key Derivation
Function v2" based on GCrypt and written by Anthony Thyssen.

2
ChangeLog.md
View File

@ -1,7 +1,7 @@
# Tomb ChangeLog
## 2.3
### December 2016
### January 2017
Fix to bug occurring when using ZSh version 5.3 or higher. Fix to
inclusion of final newline in keys generated with 2.2. Enhanced

63
INSTALL.md
View File

@ -20,12 +20,12 @@ To install Tomb simply download the source distribution (the tar.gz file)
from https://files.dyne.org/tomb and decompress it. From a terminal:
cd Downloads
tar xvfz Tomb-2.0.1.tar.gz (correct with actual file name)
tar xvfz Tomb-2.3.tar.gz (correct with actual file name)
Then enter its directory and run 'make install' as root, this will install
Tomb into /usr/local:
cd Tomb-2.0.1 (correct with actual directory name)
cd Tomb-2.3 (correct with actual directory name)
sudo make install
After installation one can read the commandline help or read the manual:
@ -60,36 +60,7 @@ There are some more things that tomb can do for you, make sure you
have a look at the manpage and at the commandline help to find out
more.
## Basic usage notes
Here we collect notes on common issues users may or may not experience
and the commonly working solutions found.
### Pinentry issues
If pinentry has problems dealing with the password because of language
or tty settings on your system, try running `gpg-agent` by launching it
from the session initialization (~/.xsession or ~/.xinitrc) with this
command:
```
eval $(gpg-agent --daemon --write-env-file "${HOME}/.gpg-agent-info")
```
### Deleting history
To improve deniability one has to avoid that tomb commands are
recorded in the shell history. In order to do so the
`HISTIGNORESPACE=1` environment setting of Zsh comes handy. Anywhere
in the `.zshrc` put:
```
export HISTIGNORESPACE=1
alias tomb=' tomb'
```
# Advanced usage
## Install optional tools
# Optional tools
Tomb can use some optional tools to extend its functionalities:
@ -110,12 +81,12 @@ the packages provided by each distribution.
Once any of the above is installed Tomb will find the tool automatically.
## Install Tomb Extras
# Extras
Tomb comes with a bunch of extra tools that contribute to enhance its
functionality or integrate it into particular system environments.
### extras/gtk-tray
## extras/gtk-tray
The Gtk tray adds a nifty tomb skull into the desktop toolbar: one can
use it to close, slam and explore the open tomb represented by it.
@ -132,13 +103,13 @@ To have it change directory `extras/gtk-tray` then
Of cource one can include the launch of tomb-gtk-tray scripts.
### extras/qt-tray
## extras/qt-tray
The QT tray adds a tomb tray in a QT desktop toolbar. It requires at
least QT libraries of version 5.4 or above.
Build with 'qmake' and then 'make'.
### extras/kdf-keys
## extras/kdf-keys
The KDF wrapper programs allows one to use KDF rounds on passwords in
order to obstruct dictionary based and similar brute-forcing attacks.
@ -165,7 +136,7 @@ Please note that it doesn't makes much sense to use KDF keys and
steganography, since the latter will invalidate the brute-forcing
protection. For details on the issue see [KNOWN_BUGS.md](KNOWN_BUGS).
### extras/translations/
## extras/translations/
There are translations available for Tomb and they are installed by
default. If you wish to update them manually navigate to extras/po
@ -174,7 +145,7 @@ and run 'make install' as root:
cd extras/translations
sudo make install
### extras/gtomb/
## extras/gtomb/
This is a minimalistic graphical user interface scripted in ZSh
depending from Zenity to display dialog boxes. It covers all basic
@ -204,6 +175,14 @@ other people logged on the same system can easily log your passwords
while such commands are executing.
We only recommend using the pinentry to input your passwords.
At the time of writing another free software graphical application
supports opening and closing Tombs via a plugin installed by
default: [zuluCrypt](https://mhogomchungu.github.io/zuluCrypt/). One
needs to activate the Tomb plugin included in the zuluCrypt source to
be able to create, open and close tombs. Beware zuluCrypt may miss
advanced Tomb functionalities that are only available from the
command-line.
## Python
![](extras/images/python_for_tomb.png)
@ -212,14 +191,6 @@ A Python wrapper is under development and already usable, but it
introduces some vulnerabilities mentioned above. Find it in
`extras/tomber`. For more information see [PYTHON](extras/PYTHON.md).
## Graphical applications
So far the only graphical application supporting Tomb volumes is
[ZuluCrypt](https://github.com/mhogomchungu/zuluCrypt). One needs to
activate the Tomb plugin included in its source and will be able to
create, open and close tombs. It might still miss advanced Tomb
functionalities that are only available from the command-line.
## Let us know!
If you plan to develop any kind of wrapper for Tomb you are welcome to

68
doc/tomb.1
View File

@ -327,6 +327,36 @@ If you don't need swap, execute \fI swapoff -a\fR. If you really need
it, you could make an encrypted swap partition. Tomb doesn't detect if
your swap is encrypted, and will complain anyway.
.SH DENIABILITY
The possibility to have an encrypted volume which is invisible and
cannot be detected is called "deniability". The cryptographic layer of
the device mapper in Linux (dm-crypt) does not implement
deniability. Tomb is just a wrapper on top of that and it doesn't add
cryptographic deniability. However a certain way of using tomb can
facilitate a weak sort of deniability outside of the scenario of
seized devices and forensic analysis of files and blocks on disc.
For instance to eliminate any trace of tomb usage from the shell
history ZSh users can activate the "HISTIGNORESPACE" feature and
prefix all invokations of tomb with a blank space, including two lines
in ".zshrc":
.EX
export HISTIGNORESPACE=1
alias tomb=' tomb'
.EE
.SH PASSWORD INPUT
Tomb uses the external program "pinentry" to let users type the key password into a terminal or a graphical window. This program works in conjunction with "gpg-agent", a daemon running in background to facilitate secret key management with gpg. It is recommended one runs "gpg-agent" launching it from the X session initialization ("~/.xsession" or "~/.xinitrc" files) with this command:
.EX
eval $(gpg-agent --daemon --write-env-file "${HOME}/.gpg-agent-info")
.EE
In the future it may become mandatory to run gpg-agent when using tomb.
.SH EXAMPLES
.IP \(bu
@ -410,26 +440,8 @@ Please report bugs on the Github issue tracker at
.UR https://github.com/dyne/Tomb/issues
.UE
One can also try to get in touch with developers via the #dyne chat channel on \fIhttps://irc.dyne.org\fR.
.SH AUTHORS
Tomb is designed, written and maintained by Denis Roio aka Jaromil.
Tomb includes code by Anathema, Boyska, Hellekin O. Wolf and GDrooid.
Tomb's artwork is contributed by Jordi aka Mon Mort and Logan VanCuren.
Gettext internationalization and Spanish translation is contributed by
GDrooid, French translation by Hellekin, Russian translation by fsLeg,
German translation by x3nu.
Testing, reviews and documentation are contributed by Dreamer, Shining
the Translucent, Mancausoft, Asbesto Molesto, Nignux, Vlax, The Grugq,
Reiven, GDrooid, Alphazo, Brian May, TheJH, fsLeg, JoelMon and the
Linux Action Show!
Cryptsetup was developed by Christophe Saout and Clemens Fruhwirth.
One can also try to get in touch with developers via the #dyne chat
channel on \fIhttps://irc.dyne.org\fR.
.SH COPYING
@ -454,15 +466,13 @@ documentation is available for download from its website on
.B
.IP cryptsetup(8)
.B
.IP pinentry(1)
.B
.IP gpg-agent(1)
GnuPG website:
.br
https://www.gnupg.org
GnuPG website: https://www.gnupg.org
DM-Crypt website:
.br
https://gitlab.com/cryptsetup/cryptsetup/wikis/DMCrypt
DM-Crypt website: https://gitlab.com/cryptsetup/cryptsetup/wikis/DMCrypt
LUKS website:
.br
https://gitlab.com/cryptsetup/cryptsetup/wikis/home
LUKS website: https://gitlab.com/cryptsetup/cryptsetup/wikis/home