Commit Graph

370 Commits

Author SHA1 Message Date
Steve Divskinsy
522ad3abad
Update suggested command with missing flag
`tomb lock` suggested command was missing "-k" flag
2019-04-18 20:54:30 +09:30
heat-wave
f2eb1fd242 Expanded steganographic functionality with cloakify integration 2019-02-21 09:28:21 +00:00
James Reed
46286047f6
Align usage message lines (fix #335)
Print newlines only when necessary

Correct coma to comma in usage message
2018-11-26 10:48:19 -07:00
James Reed
477ab20443
Overhaul message printing 2018-11-24 15:48:25 -07:00
James Reed
1ba3c55241
Check for KDF header in is_valid_key 2018-11-03 15:15:48 -06:00
Alexandre Pujol
2f3826d88d
Fix modification time restoration. 2018-09-24 12:58:51 +01:00
Alexandre Pujol
aaa4637ed0
Track access/modification time of sensitive files
Collects the stats of tomb keys and tomb files then restore them when
Tomb exits. Can be extended to any file opened by Tomb. See #266
2018-09-23 22:21:05 +01:00
bjonnh
18b7541a98
subkey_id for display must be out of _fingerprint
I did a typo, the ($gpg_id) should have been out of the _fingerprint call.
2018-08-18 17:41:37 -05:00
bjonnh
b49a36a07b
Add support for multiple keys especially subkeys
Correcting issue #316
2018-08-17 14:03:33 -05:00
Jaromil
68a9589925 set ownership after dig and forge 2018-02-11 21:41:58 +01:00
Jaromil
f5ceddc0b7 put assuan commands to pinentry into a single function 2018-01-29 09:47:42 +01:00
SargoDevel
66ade86441 Added pinentry-qt5 support 2018-01-28 21:49:21 +01:00
Narrat
08ca0a8eef list_gnupg_ciphers: Remove check on gpg
This function is called after _ensure_dependencies(), which would bail out if gpg is not found
2018-01-07 21:56:19 +01:00
Narrat
5e3b0dec84 list_gnupg_ciphers: be language agnostic
The old awk implementation always worked on lines beginning with 'Ciphers:' until it found 'Hash:'.
This fails for locales where a respective gnupg2.mo entry exists (Example: Ciphers in german is translated as Verschlü.:).
This is replaced by pointing awk on a specific line, which is for gpg1 and gpg2 the same. Work is done until awk stumbles up on a line which marks a new section (marked by keyword and :)

This closes #299
2018-01-07 21:40:32 +01:00
Narrat
e15c58dfd7 list_gnupg_ciphers: Pipe everything into /dev/null
Firstly the printed binary path is in the wrong place. Reading the text, one assumes Ciphers coming next.
Secondly it doesn't make sense to check there for a missing gnupg installation. Before calling list_gnupg_ciphers(), there is a direct call for gpg --version. If that fails the whole text is scrambled and no error reported

Dropping the output from which allows to remove the space from printing the ciphers. The text is correctly aligned now
2018-01-07 21:03:21 +01:00
Narrat
61fdab85be Show only version of pinentry
pinentry --version invocation includes License information.
As the same applies for gpg, and the information is not displayed there, we should the same with pinentry.
And tomb doesn't deal with the gpg sourcecode in any way.

This closes #300
2018-01-07 20:03:04 +01:00
Jaromil
74689ea484 tagging the release 2018-01-03 20:34:18 +01:00
Jaromil
7951645db5 switch code indentation to hard tabs
also update code guidelines.
2018-01-03 20:27:14 +01:00
Jaromil
ae78659efb
Merge pull request #297 from dyne/restore-chown
restored change of ownership on tomb's contents
2018-01-03 19:42:52 +01:00
Jaromil
ab3044c6f5 restored change of ownership on tomb's contents
this reverts commit 843b7fdfc4
and refers to various issues, among them #268

on the long term its easy to realise how this is a usability feature for most
users, so we just provide a new '-p' flag to preserve ownership on open.
2018-01-03 18:34:50 +01:00
Alexandre Pujol
b20daeea6f
Fix: use is-at-least function to check program version 2018-01-03 14:46:23 +00:00
Jaromil
bc963cd1ae fix for correct execution of exec-hooks
this was broken in the latest release and fixes #271
2018-01-03 14:37:15 +01:00
Jaromil
3b1759b2b3 fix for hidden files without an extension as tombs
fix #147 introducing an extra check on TOMBNAME that, if returned
empty by the first transormation that removes the last .extension,
then is filled with the full TOMBFILE name without any transformation
2018-01-03 13:43:05 +01:00
Jaromil
60b72ad91f documentation and version updates
findmnt version shown
2018-01-03 10:44:27 +01:00
Jaromil
cf93551efa
Merge pull request #296 from dyne/use-findmnt
Replace 'mount -l' with 'findmnt'
2018-01-03 10:38:48 +01:00
Jaromil
9b1d1891cc
Merge pull request #290 from parazyd/use-shred-instead-wipe-patch
use shred instead of wipe
2018-01-03 10:03:50 +01:00
Jaromil
b72d67618b restore square parens detection in list_tomb_mounts() 2018-01-02 15:35:32 +01:00
Jaromil
3f107f9d31 small fix for usage of findmnt --raw flag 2018-01-02 14:04:53 +01:00
Jaromil
3593721967 drop zsh/regex module in favor of =~
As debated in issue #282 Zsh introduced a bug in v5.3.1 which briefly affected
our mechanism for closing tombs. The bug is fixed, but while investigating the
issue @aude realised there can be a better way to apply this regex for the
detection of mounted volumes on distro dependent /run/media/$USER paths.

This change drops usage of the regex optional module in Zsh to use the built-in
=~ comparison and improves the match using round parenthesis. It may fix the
close command on some distributions.
2018-01-02 14:04:53 +01:00
Victor Calvert
09ff889c1d Replace mount with findmnt
this fixes a mount-related functionality (finding the volume label) in new
versions of util-linux, that since v2.30 does not list anymore volume labels
with its mount -l command. Since findmnt needs sudo to list labels, this also
introduces the need for sudo in more commands: is_valid_tomb(), list, index and
search. The issue was examined in PR #283 and this is a rebase of it.
2018-01-02 13:39:35 +01:00
Jaromil
a7190eb2e2 drop zsh/regex module in favor of =~
As debated in issue #282 Zsh introduced a bug in v5.3.1 which briefly affected
our mechanism for closing tombs. The bug is fixed, but while investigating the
issue @aude realised there can be a better way to apply this regex for the
detection of mounted volumes on distro dependent /run/media/$USER paths.

This change drops usage of the regex optional module in Zsh to use the built-in
=~ comparison and improves the match using round parenthesis. It may fix the
close command on some distributions.
2018-01-02 12:35:11 +01:00
Jaromil
c537676e92 wrap the cats 2017-12-12 11:29:53 +01:00
Jaromil
f6457090af documentation of the new 'ps' command 2017-12-11 17:55:02 +01:00
Jaromil
121a64bc80 improvements to the new ps and slam implementations 2017-12-11 17:55:02 +01:00
Jaromil
8e33be0472 new slam and list_processes 2017-12-11 17:55:02 +01:00
Jaromil
85ac179cc8 cleanup of umount_tomb and removed slam from inside 2017-12-11 17:55:02 +01:00
Jaromil
21347f3657 square parens detection in list_mounted_tombs 2017-12-11 17:53:38 +01:00
Jaromil
6182a56fb6 fix bug in message rendering: stop overriding $i if existing
this small bug caused rewriting the $i variable (often used as
iterator in loops) whenever a log message was produced. Fix also
includes an acceleration of log printing by substituting seq with
native zsh notation.
2017-12-11 17:53:17 +01:00
parazyd
c8be1c22dd
use shred instead of wipe 2017-12-07 11:36:59 +01:00
Florian Brandes
8d2cb2d852
Double check after umounting bind directories
Checking if a tomb is still present in the
output of mount after umounting binded directories.
Addresses issue #265
2017-07-23 10:28:06 +02:00
Amin Mesbah
04ec0189a6 Fix 3 grammatical errors. 2017-06-24 12:24:50 -07:00
Jaromil
127a8ed7ee exit code check on close
also removed pre-open and post-close as they don't really make sense
since all hooks are contained inside the Tomb. The post-close may be
implemented using a temp file, if a use case turns up for it.
2017-06-06 16:30:48 +02:00
Jaromil
056d0174f4 refactoring of exec-hooks
Renamed file from "post-hooks" to more appropriate "exec-hooks".
Implemented and documented a more consistent call system made of 4
different stages: pre-open, post-open, pre-close, post-close.
Addresses issue #265
2017-06-06 12:45:29 +02:00
Narrat
c658d33187 --version includes lsof as optional dep 2017-05-10 21:50:48 +02:00
Jaromil
18067a1c2e version bump 2017-04-16 17:18:16 +02:00
Jaromil
66aa7fdac7 minor corrections to new gpg related message formatting 2017-04-16 12:07:41 +02:00
Jaromil
3e0dd1e111 add debug message of loop device in umount_tomb 2017-04-16 12:00:47 +02:00
Alexandre Pujol
1050d43c59
Support for gpg encrypted tomb key loaded from stdin. See #255 2017-04-05 14:52:47 +01:00
Alexandre Pujol
c303513be4
Fix issues with GPG default key.
- Remove --no-options gpg option when using GPG key.
- Improve gpg default key tests

To use the default key, ~/.gnupg/gpg.conf needs:
  default-key <keyid>
  default-recipient-self
Or
  default-recipient <keyid>

Otherwise the first key in the keyring is used.
2017-04-03 13:24:25 +01:00
Alexandre Pujol
d720e4b2ce
Remove --shared flag when sharing a tomb key. See #252 2017-03-24 20:08:33 +00:00
Alexandre Pujol
bb77de0815
Fix compatibility with GnuPG 2.2.19
GnuPG 2.2.19 added a warning when no command was given. Some invocations
do not specify a command, added --decrypt in this these cases.
2017-03-20 19:14:47 +00:00
Alexandre Pujol
29a177aa05
Fix issue #251 2017-03-20 19:07:04 +00:00
Alexandre Pujol
c793e0b132
Add support for non hidden and hidden recipient
Use -r to provide non-hidden recipient,
Use -R to provide hidden recipient.
2017-03-03 21:19:04 +00:00
Alexandre Pujol
6352a1d417
Add GPG default key support for key encryption
If the option -r is not set, use the gpg default key to encrypt
a tomb key
2017-03-03 20:36:50 +00:00
Jaromil
3f06bce8eb failed bind-hooks (missing target) no more abort the mount operation
a warning is printed and the mounting goes forward without the hooks
2017-02-20 22:13:43 +01:00
Jaromil
bea7fe3f7c Merge branch 'master' into gnupg-key-support 2017-02-20 20:47:06 +01:00
Jaromil
1f022d10f1 Merge pull request #248 from mesbahamin/open_read_only
Open non-writable Tomb files with "read only " mount option
2017-02-18 20:30:33 +01:00
Jaromil
2bc7e43198 Merge pull request #245 from Arusekk/master
Totally fixed spaces handling in tomb and tomber
2017-02-14 10:58:35 +01:00
Amin Mesbah
70334f58fb Skip writable check when mounting with "ro" option.
When opening a tomb file with "ro" passed through the -o option, the
writability check in is-valid-tomb() is skipped. This allows tomb files
to be opened without write permission.

test-open-read-only() now succeeds.
2017-02-12 17:44:55 -08:00
Arusekk
f4cdc1a0c5 Fixed spaces handling in Tomb 2017-02-10 21:05:04 +01:00
Alexandre Pujol
4a7019715f Use --hidden-recipient by default instead of --recipient.
Due to the hidden-recipient, GPG will try all the available keys. User
can speed up this process providing the recipent using the -r
option. Therefore, 'tomb open' optionaly support the -r option.
2017-02-09 20:59:10 +00:00
Alexandre Pujol
c63fcf2730 Fix is_valid_recipients private key detection 2017-02-09 19:18:02 +00:00
Alexandre Pujol
528140738a Add -g/--gpgkey option to tell tomb to use GPG key to encrypt a tomb key
Option -r is now only used to provide the recipient
Option -R removed, the new recipient can be given by the -r option.
2017-02-09 18:57:34 +00:00
Narrat
e69795fe71 lsof should be correctly detected now
LSOF would be set everytime otherwise
2017-02-07 03:30:25 +01:00
Narrat
b2ee2114cf Make lsof an optional dep
tomb doesn't need lsof for anything else, and can work regulary without it.
So make it an optional feature, which allows to slam a tomb if lsof is installed

Updates additionally the man page and generates a new pdf from it
2017-02-05 20:03:29 +01:00
Alexandre Pujol
f27130053d Add new options description in tomb -h 2017-02-03 23:57:52 +00:00
Alexandre Pujol
6cfffef137 Update function comments & description with GPG recipient support. 2017-02-03 23:57:52 +00:00
Alexandre Pujol
dfc593f9d6 Add support for GPG key in the tomb outputs. 2017-02-03 23:57:52 +00:00
Alexandre Pujol
e8384ec7ac Allow opening a tomb without giving a valid recipient.
The -r option always requires an arguments. However GPG does not need
any recipient when decrypting a key. In order to be able to open a tomb
without writing (the long) recipient, the user can use the -f option to
short-cut the valid recipient checking. A dummy recipient is still required.
2017-02-03 23:57:52 +00:00
Alexandre Pujol
6f89dbd2fe Add '--shared' in order to activate sharing support.
Sharing feature is a very sensitive action, the user needs to trust the
GPG public key it is going to share its tomb. This is why this feature
needs to be explicitly activated using in more the flag --shared
on the key encryption commands.
2017-02-03 23:57:52 +00:00
Alexandre Pujol
15164f5578 Add sharing support for tomb key.
A tomb key can be encrypted with more than one recipient. Therefore, a
tomb can be shared between different user. The multiple recipients are
given using the -r (or/and -R) option and must be separated by ','.

Multiple recipients can be given for the commands: forge, setket and passwd
2017-02-03 23:57:52 +00:00
Alexandre Pujol
53b7460274 Add tomb setkey support for GPG key 2017-02-03 23:57:52 +00:00
Alexandre Pujol
a200448de2 Add tomb resize support for GPG key 2017-02-03 23:57:52 +00:00
Alexandre Pujol
47ddeebbc4 Add support to change the GPG key used to encrypt a tomb key. (tomb passwd) 2017-02-03 23:57:52 +00:00
Alexandre Pujol
5a35ab9668 Improve key encryption/decryption using GPG key.
Decryption/Encryption works without these improvment, however, there
are needed in order to have clean key (without empty line).

Moreover, tests showed not doing cause troubles when changing the GPG key
used to encrypt a tomb key.
2017-02-03 23:57:52 +00:00
Alexandre Pujol
8f8dc0a0d4 Improve exhumation of key when opening a tomb 2017-02-03 23:57:52 +00:00
Alexandre Pujol
b23e9aa028 Add --tomb-pwd support for GPG key on steganography functions 2017-02-03 23:57:52 +00:00
Alexandre Pujol
d1b016b3c1 Add GPG recipient support for steganography function (bury and exhume)
The tomb policy is to use the same password to encrypt
the key and to bury it. However, steganography cannot be
done with GPG key. Therefore, we check the user can
decrypt the tomb with its GPG key and we ask for a
steganography password. Having different method is a
technical requirement and should enhance security.
2017-02-03 23:57:52 +00:00
Alexandre Pujol
2d516cbaed Check if the GPG key given is a valid.
Add the function 'is_valid_recipients'
A key is valid if both public and private keys are present
in the GPG database
2017-02-03 23:57:52 +00:00
Alexandre Pujol
902860fd9f Add GPG recipient support when generating a new tomb key 2017-02-03 23:57:52 +00:00
Alexandre Pujol
6c0d89cab1 Use -r option to shortcut interactive tomb password popup 2017-02-03 23:57:52 +00:00
Alexandre Pujol
9ee0a1550e Add -r option to enable GPG key integration.
The flag -r (for recipient like in GPG itself) takes a mandatory
argument, the GPG key ID.
2017-02-03 23:57:52 +00:00
Narrat
537bb6aaeb Use of lsof to fix slam for specific mountpoint
Apparantly fuser didn't report back, if the tomb was mounted in a subdir of /run (whereas /run itself is often a tmpfs mount).
With no list of process ids those couldn't be killed, so slamming the tomb failed.
lsof is capable to report back the sought information.

Fixes #220

Additionally fixing the debug output, where a hardcoded mountpoint was used
2017-02-03 17:46:16 +01:00
Jaromil
9110ccd9d1 really use key-size 512 on luksFormat 2017-01-29 21:54:46 +01:00
Jaromil
7a98ee8ba6 change forged key lenght to 512 bits
Addresses issue #238: as 512 bit key length triggers use of AES256.
Apparently so far tombs used AES128 due to key length 256.
Change passes all tests and has no regression implications.
2017-01-21 23:50:57 +01:00
Daniel Rodriguez
42ae73d727 Sync translations with POEditor 2017-01-03 12:00:29 +01:00
Jaromil
843b7fdfc4 remove change of ownership when mounting tombs
The chmod/chown launched on the mounted volume is not really effective
for security, plus the UID is not correctly guessed when tomb is
launched using sudo. It is now up to the user to correctly set
ownership and permission on mounted volumes. There is also one less
check on the ownership of the tomb file which was failing with a
warning in the same case.
2017-01-02 11:04:08 +01:00
Jaromil
cb699189e7 small linting fixes 2017-01-02 06:13:52 +01:00
Jaromil
18743c82a5 code linting
small cleanup using shellcheck, also available as 'make lint'
2017-01-02 06:03:29 +01:00
Jaromil
6f4cfd626c prefer ascii single-quotes to utf8 2017-01-02 06:02:50 +01:00
Jaromil
d41347fe22 documentation updates for release 2016-12-29 19:20:48 +01:00
Jaromil
7b72f07f96 switch shebang to use /usr/bin/env
this is a more generic approach to shebang which supports interpreters
when installed anywhere in the current path.
2016-12-29 13:49:03 +01:00
Jaromil
14cba81f6e fix is_valid_tomb check for already mounted tombs
also added some more verbosity on debug
2016-12-26 20:40:23 +01:00
Jaromil
db976a5210 improve wrapping of key generation
gen_key now avoids adding a final newline to file (addressing #226)
and provides more debugging information from the gpg  process.
2016-12-26 20:19:01 +01:00
Jaromil
f5375c61fe improvement over previous gpg_decrypt fix
now also avoiding the use of `read` shell built-in
2016-12-26 19:04:54 +01:00
Jaromil
df75c39a58 new parsing for gpg_decrypt function
this new parser works with all ZSh versions and brings overall
improvement by eliminating the invocation of exernal binary `grep`
over the secret data.
2016-12-26 12:12:34 +01:00
Jaromil
844a886da1 fix sudo execution (patch by robertmx in #223)
tested also in #228, this stops overwriting the $USERNAME
variable which is not really useful (it was used in the previous
privilege escalation model)
2016-11-18 19:00:47 +01:00
Jaromil
101b89f0be use head directly without cat in post-hooks
less is more...
2016-11-18 13:56:44 +01:00
Jaromil
fa44f46eba better documentation for kdf
also correctly use _failure on fatal error using --kdf
2016-11-18 13:56:44 +01:00
mandeepbhutani
50719fb06f Changed message when encrypted swap found to something more informative
Changed message to detail all swap partitions
2016-10-16 11:40:26 -05:00