Llewellyn/Tomb
1
0
Fork 0
mirror of https://github.com/Llewellynvdm/Tomb.git synced 2024-09-27 20:29:01 +00:00
Code Issues Packages Projects Releases Wiki Activity

documentation updates and reorganisation

Browse Source 
Added two new sections to the manpage: deniability and password.
Small actualisation of the install instructions.
This commit is contained in:
Jaromil 2017-01-02 12:02:23 +01:00
parent 843b7fdfc4
commit fa145074f8
4 changed files with 59 additions and 78 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
AUTHORS.md
View File

@ -21,8 +21,8 @@ Augello and Swedish translation by PLJ / Kosovoper.
Testing, reviews and documentation contributed by Dreamer, Vlax, Testing, reviews and documentation contributed by Dreamer, Vlax,
Shining the Translucent, Mancausoft, Asbesto Molesto, Nignux, TheJH, Shining the Translucent, Mancausoft, Asbesto Molesto, Nignux, TheJH,
The Grugq, Reiven, GDrooid, Alphazo, Brian May, fsLeg, JoelMon, The Grugq, Reiven, GDrooid, Alphazo, Brian May, fsLeg, JoelMon,
Narrat, x3nu, Jim Turner, Maxime Arthaud, RobertMX, and... Narrat, x3nu, Jim Turner, Maxime Arthaud, RobertMX, mhogomchungu
the Linux Action Show! and... the Linux Action Show!
Tomb includes an implementation of the "Password-Based Key Derivation Tomb includes an implementation of the "Password-Based Key Derivation
Function v2" based on GCrypt and written by Anthony Thyssen. Function v2" based on GCrypt and written by Anthony Thyssen.

2
ChangeLog.md
View File

@ -1,7 +1,7 @@
# Tomb ChangeLog # Tomb ChangeLog
## 2.3 ## 2.3
### December 2016 ### January 2017
Fix to bug occurring when using ZSh version 5.3 or higher. Fix to Fix to bug occurring when using ZSh version 5.3 or higher. Fix to
inclusion of final newline in keys generated with 2.2. Enhanced inclusion of final newline in keys generated with 2.2. Enhanced

63
INSTALL.md
View File

@ -20,12 +20,12 @@ To install Tomb simply download the source distribution (the tar.gz file)
from https://files.dyne.org/tomb and decompress it. From a terminal: from https://files.dyne.org/tomb and decompress it. From a terminal:
cd Downloads cd Downloads
tar xvfz Tomb-2.0.1.tar.gz (correct with actual file name) tar xvfz Tomb-2.3.tar.gz (correct with actual file name)
Then enter its directory and run 'make install' as root, this will install Then enter its directory and run 'make install' as root, this will install
Tomb into /usr/local: Tomb into /usr/local:
cd Tomb-2.0.1 (correct with actual directory name) cd Tomb-2.3 (correct with actual directory name)
sudo make install sudo make install
After installation one can read the commandline help or read the manual: After installation one can read the commandline help or read the manual:
@ -60,36 +60,7 @@ There are some more things that tomb can do for you, make sure you
have a look at the manpage and at the commandline help to find out have a look at the manpage and at the commandline help to find out
more. more.
## Basic usage notes # Optional tools
Here we collect notes on common issues users may or may not experience
and the commonly working solutions found.
### Pinentry issues
If pinentry has problems dealing with the password because of language
or tty settings on your system, try running `gpg-agent` by launching it
from the session initialization (~/.xsession or ~/.xinitrc) with this
command:
```
eval $(gpg-agent --daemon --write-env-file "${HOME}/.gpg-agent-info")
```
### Deleting history
To improve deniability one has to avoid that tomb commands are
recorded in the shell history. In order to do so the
`HISTIGNORESPACE=1` environment setting of Zsh comes handy. Anywhere
in the `.zshrc` put:
```
export HISTIGNORESPACE=1
alias tomb=' tomb'
```
# Advanced usage
## Install optional tools
Tomb can use some optional tools to extend its functionalities: Tomb can use some optional tools to extend its functionalities:
@ -110,12 +81,12 @@ the packages provided by each distribution.
Once any of the above is installed Tomb will find the tool automatically. Once any of the above is installed Tomb will find the tool automatically.
## Install Tomb Extras # Extras
Tomb comes with a bunch of extra tools that contribute to enhance its Tomb comes with a bunch of extra tools that contribute to enhance its
functionality or integrate it into particular system environments. functionality or integrate it into particular system environments.
### extras/gtk-tray ## extras/gtk-tray
The Gtk tray adds a nifty tomb skull into the desktop toolbar: one can The Gtk tray adds a nifty tomb skull into the desktop toolbar: one can
use it to close, slam and explore the open tomb represented by it. use it to close, slam and explore the open tomb represented by it.
@ -132,13 +103,13 @@ To have it change directory `extras/gtk-tray` then
Of cource one can include the launch of tomb-gtk-tray scripts. Of cource one can include the launch of tomb-gtk-tray scripts.
### extras/qt-tray ## extras/qt-tray
The QT tray adds a tomb tray in a QT desktop toolbar. It requires at The QT tray adds a tomb tray in a QT desktop toolbar. It requires at
least QT libraries of version 5.4 or above. least QT libraries of version 5.4 or above.
Build with 'qmake' and then 'make'. Build with 'qmake' and then 'make'.
### extras/kdf-keys ## extras/kdf-keys
The KDF wrapper programs allows one to use KDF rounds on passwords in The KDF wrapper programs allows one to use KDF rounds on passwords in
order to obstruct dictionary based and similar brute-forcing attacks. order to obstruct dictionary based and similar brute-forcing attacks.
@ -165,7 +136,7 @@ Please note that it doesn't makes much sense to use KDF keys and
steganography, since the latter will invalidate the brute-forcing steganography, since the latter will invalidate the brute-forcing
protection. For details on the issue see [KNOWN_BUGS.md](KNOWN_BUGS). protection. For details on the issue see [KNOWN_BUGS.md](KNOWN_BUGS).
### extras/translations/ ## extras/translations/
There are translations available for Tomb and they are installed by There are translations available for Tomb and they are installed by
default. If you wish to update them manually navigate to extras/po default. If you wish to update them manually navigate to extras/po
@ -174,7 +145,7 @@ and run 'make install' as root:
cd extras/translations cd extras/translations
sudo make install sudo make install
### extras/gtomb/ ## extras/gtomb/
This is a minimalistic graphical user interface scripted in ZSh This is a minimalistic graphical user interface scripted in ZSh
depending from Zenity to display dialog boxes. It covers all basic depending from Zenity to display dialog boxes. It covers all basic
@ -204,6 +175,14 @@ other people logged on the same system can easily log your passwords
while such commands are executing. while such commands are executing.
We only recommend using the pinentry to input your passwords. We only recommend using the pinentry to input your passwords.
At the time of writing another free software graphical application
supports opening and closing Tombs via a plugin installed by
default: [zuluCrypt](https://mhogomchungu.github.io/zuluCrypt/). One
needs to activate the Tomb plugin included in the zuluCrypt source to
be able to create, open and close tombs. Beware zuluCrypt may miss
advanced Tomb functionalities that are only available from the
command-line.
## Python ## Python
![](extras/images/python_for_tomb.png) ![](extras/images/python_for_tomb.png)
@ -212,14 +191,6 @@ A Python wrapper is under development and already usable, but it
introduces some vulnerabilities mentioned above. Find it in introduces some vulnerabilities mentioned above. Find it in
`extras/tomber`. For more information see [PYTHON](extras/PYTHON.md). `extras/tomber`. For more information see [PYTHON](extras/PYTHON.md).
## Graphical applications
So far the only graphical application supporting Tomb volumes is
[ZuluCrypt](https://github.com/mhogomchungu/zuluCrypt). One needs to
activate the Tomb plugin included in its source and will be able to
create, open and close tombs. It might still miss advanced Tomb
functionalities that are only available from the command-line.
## Let us know! ## Let us know!
If you plan to develop any kind of wrapper for Tomb you are welcome to If you plan to develop any kind of wrapper for Tomb you are welcome to

68
doc/tomb.1
View File

@ -327,6 +327,36 @@ If you don't need swap, execute \fI swapoff -a\fR. If you really need
it, you could make an encrypted swap partition. Tomb doesn't detect if it, you could make an encrypted swap partition. Tomb doesn't detect if
your swap is encrypted, and will complain anyway. your swap is encrypted, and will complain anyway.
.SH DENIABILITY
The possibility to have an encrypted volume which is invisible and
cannot be detected is called "deniability". The cryptographic layer of
the device mapper in Linux (dm-crypt) does not implement
deniability. Tomb is just a wrapper on top of that and it doesn't add
cryptographic deniability. However a certain way of using tomb can
facilitate a weak sort of deniability outside of the scenario of
seized devices and forensic analysis of files and blocks on disc.
For instance to eliminate any trace of tomb usage from the shell
history ZSh users can activate the "HISTIGNORESPACE" feature and
prefix all invokations of tomb with a blank space, including two lines
in ".zshrc":
.EX
export HISTIGNORESPACE=1
alias tomb=' tomb'
.EE
.SH PASSWORD INPUT
Tomb uses the external program "pinentry" to let users type the key password into a terminal or a graphical window. This program works in conjunction with "gpg-agent", a daemon running in background to facilitate secret key management with gpg. It is recommended one runs "gpg-agent" launching it from the X session initialization ("~/.xsession" or "~/.xinitrc" files) with this command:
.EX
eval $(gpg-agent --daemon --write-env-file "${HOME}/.gpg-agent-info")
.EE
In the future it may become mandatory to run gpg-agent when using tomb.
.SH EXAMPLES .SH EXAMPLES
.IP \(bu .IP \(bu
@ -410,26 +440,8 @@ Please report bugs on the Github issue tracker at
.UR https://github.com/dyne/Tomb/issues .UR https://github.com/dyne/Tomb/issues
.UE .UE
One can also try to get in touch with developers via the #dyne chat channel on \fIhttps://irc.dyne.org\fR. One can also try to get in touch with developers via the #dyne chat
channel on \fIhttps://irc.dyne.org\fR.
.SH AUTHORS
Tomb is designed, written and maintained by Denis Roio aka Jaromil.
Tomb includes code by Anathema, Boyska, Hellekin O. Wolf and GDrooid.
Tomb's artwork is contributed by Jordi aka Mon Mort and Logan VanCuren.
Gettext internationalization and Spanish translation is contributed by
GDrooid, French translation by Hellekin, Russian translation by fsLeg,
German translation by x3nu.
Testing, reviews and documentation are contributed by Dreamer, Shining
the Translucent, Mancausoft, Asbesto Molesto, Nignux, Vlax, The Grugq,
Reiven, GDrooid, Alphazo, Brian May, TheJH, fsLeg, JoelMon and the
Linux Action Show!
Cryptsetup was developed by Christophe Saout and Clemens Fruhwirth.
.SH COPYING .SH COPYING
@ -454,15 +466,13 @@ documentation is available for download from its website on
.B .B
.IP cryptsetup(8) .IP cryptsetup(8)
.B
.IP pinentry(1)
.B
.IP gpg-agent(1)
GnuPG website: GnuPG website: https://www.gnupg.org
.br
https://www.gnupg.org
DM-Crypt website: DM-Crypt website: https://gitlab.com/cryptsetup/cryptsetup/wikis/DMCrypt
.br
https://gitlab.com/cryptsetup/cryptsetup/wikis/DMCrypt
LUKS website: LUKS website: https://gitlab.com/cryptsetup/cryptsetup/wikis/home
.br
https://gitlab.com/cryptsetup/cryptsetup/wikis/home