Alexandre Pujol
5a35ab9668
Improve key encryption/decryption using GPG key.
...
Decryption/Encryption works without these improvment, however, there
are needed in order to have clean key (without empty line).
Moreover, tests showed not doing cause troubles when changing the GPG key
used to encrypt a tomb key.
2017-02-03 23:57:52 +00:00
Alexandre Pujol
8f8dc0a0d4
Improve exhumation of key when opening a tomb
2017-02-03 23:57:52 +00:00
Alexandre Pujol
b23e9aa028
Add --tomb-pwd support for GPG key on steganography functions
2017-02-03 23:57:52 +00:00
Alexandre Pujol
e2fe8e508e
Add unit tests for steganography feature using GPG key
2017-02-03 23:57:52 +00:00
Alexandre Pujol
d1b016b3c1
Add GPG recipient support for steganography function (bury and exhume)
...
The tomb policy is to use the same password to encrypt
the key and to bury it. However, steganography cannot be
done with GPG key. Therefore, we check the user can
decrypt the tomb with its GPG key and we ask for a
steganography password. Having different method is a
technical requirement and should enhance security.
2017-02-03 23:57:52 +00:00
Alexandre Pujol
2d516cbaed
Check if the GPG key given is a valid.
...
Add the function 'is_valid_recipients'
A key is valid if both public and private keys are present
in the GPG database
2017-02-03 23:57:52 +00:00
Alexandre Pujol
902860fd9f
Add GPG recipient support when generating a new tomb key
2017-02-03 23:57:52 +00:00
Alexandre Pujol
db7109da4a
Add tests for GPG recipient support in tomb
2017-02-03 23:57:52 +00:00
Alexandre Pujol
f72534790a
Fix test suite error in the return code: GLOBAL_RESULT were always true.
2017-02-03 23:57:52 +00:00
Alexandre Pujol
e78af47c56
Add a GPG database in 'extras/test/gnupg' for test suite purpose
...
The GPG Key are unencrypted. Do not use them for an other purpose
than a test suite.
2017-02-03 23:57:52 +00:00
Alexandre Pujol
6c0d89cab1
Use -r option to shortcut interactive tomb password popup
2017-02-03 23:57:52 +00:00
Alexandre Pujol
9ee0a1550e
Add -r option to enable GPG key integration.
...
The flag -r (for recipient like in GPG itself) takes a mandatory
argument, the GPG key ID.
2017-02-03 23:57:52 +00:00
Narrat
537bb6aaeb
Use of lsof to fix slam for specific mountpoint
...
Apparantly fuser didn't report back, if the tomb was mounted in a subdir of /run (whereas /run itself is often a tmpfs mount).
With no list of process ids those couldn't be killed, so slamming the tomb failed.
lsof is capable to report back the sought information.
Fixes #220
Additionally fixing the debug output, where a hardcoded mountpoint was used
2017-02-03 17:46:16 +01:00
Jaromil
1f852908ae
improved readme, section on compliancy
2017-02-01 09:19:09 +01:00
Jaromil
9110ccd9d1
really use key-size 512 on luksFormat
2017-01-29 21:54:46 +01:00
Jaromil
7a98ee8ba6
change forged key lenght to 512 bits
...
Addresses issue #238 : as 512 bit key length triggers use of AES256.
Apparently so far tombs used AES128 due to key length 256.
Change passes all tests and has no regression implications.
2017-01-21 23:50:57 +01:00
Jaromil
4439a6a327
minor fixes to regression tests
2017-01-21 23:50:57 +01:00
Daniel Rodriguez
e7e21243db
Automatically remove conflicting quotes on pot generation
2017-01-21 18:48:09 +01:00
Daniel Rodriguez
26e549292f
Remove extra char quotes in translation files
2017-01-21 18:38:07 +01:00
Jaromil
5e8db49701
Merge pull request #239 from reiven/master
...
Update tomber in extras for v2.2+
2017-01-11 14:36:40 +01:00
Federico Reiven
a808d4aef8
Update tomber in extras for v2.2+
2017-01-10 12:11:32 -03:00
Daniel Rodriguez
42ae73d727
Sync translations with POEditor
2017-01-03 12:00:29 +01:00
Jaromil
ed37b4e1fa
integrated latest changes in changelog
2017-01-02 12:54:55 +01:00
Jaromil
fa145074f8
documentation updates and reorganisation
...
Added two new sections to the manpage: deniability and password.
Small actualisation of the install instructions.
2017-01-02 12:02:23 +01:00
Jaromil
843b7fdfc4
remove change of ownership when mounting tombs
...
The chmod/chown launched on the mounted volume is not really effective
for security, plus the UID is not correctly guessed when tomb is
launched using sudo. It is now up to the user to correctly set
ownership and permission on mounted volumes. There is also one less
check on the ownership of the tomb file which was failing with a
warning in the same case.
2017-01-02 11:04:08 +01:00
Jaromil
5996beab0e
small fixes to run clean tests
2017-01-02 07:03:54 +01:00
Jaromil
cb699189e7
small linting fixes
2017-01-02 06:13:52 +01:00
Jaromil
0fa4a07f8c
make lint check on travis using shellcheck
2017-01-02 06:04:58 +01:00
Jaromil
18743c82a5
code linting
...
small cleanup using shellcheck, also available as 'make lint'
2017-01-02 06:03:29 +01:00
Jaromil
6f4cfd626c
prefer ascii single-quotes to utf8
2017-01-02 06:02:50 +01:00
Jaromil
d41347fe22
documentation updates for release
2016-12-29 19:20:48 +01:00
Jaromil
88f5a926f0
updated extras/gtomb to latest by parazyd
2016-12-29 17:29:15 +01:00
Jaromil
7b72f07f96
switch shebang to use /usr/bin/env
...
this is a more generic approach to shebang which supports interpreters
when installed anywhere in the current path.
2016-12-29 13:49:03 +01:00
Jaromil
14cba81f6e
fix is_valid_tomb check for already mounted tombs
...
also added some more verbosity on debug
2016-12-26 20:40:23 +01:00
Jaromil
db976a5210
improve wrapping of key generation
...
gen_key now avoids adding a final newline to file (addressing #226 )
and provides more debugging information from the gpg process.
2016-12-26 20:19:01 +01:00
Jaromil
e59518befa
included regression tests against old Tomb versions
2016-12-26 20:03:14 +01:00
Jaromil
f5375c61fe
improvement over previous gpg_decrypt fix
...
now also avoiding the use of `read` shell built-in
2016-12-26 19:04:54 +01:00
Jaromil
df75c39a58
new parsing for gpg_decrypt function
...
this new parser works with all ZSh versions and brings overall
improvement by eliminating the invocation of exernal binary `grep`
over the secret data.
2016-12-26 12:12:34 +01:00
Jaromil
4b1afb4fab
documentation on direct use of images as keys
...
as mentioned in #225 now the manual mentions using jpeg images
directly as arguments to -k on open commands.
2016-12-22 20:46:40 +01:00
Jaromil
b9f555b5fe
temporary advice for zsh 5.3 users
2016-12-19 09:40:10 +01:00
Jaromil
844a886da1
fix sudo execution (patch by robertmx in #223 )
...
tested also in #228 , this stops overwriting the $USERNAME
variable which is not really useful (it was used in the previous
privilege escalation model)
2016-11-18 19:00:47 +01:00
Jaromil
7e88c5d07b
travis fix to force apt to overwrite new conf files
2016-11-18 14:27:04 +01:00
Jaromil
99bb7fd067
fix travis for non-interactive apt
2016-11-18 14:21:57 +01:00
Jaromil
101b89f0be
use head directly without cat in post-hooks
...
less is more...
2016-11-18 13:56:44 +01:00
Jaromil
fa44f46eba
better documentation for kdf
...
also correctly use _failure on fatal error using --kdf
2016-11-18 13:56:44 +01:00
D.J.R
c502ef3d92
Merge pull request #230 from mandeep/change_swap_success_message
...
Changed message when encrypted swap found to something more informative
2016-10-17 22:00:46 +02:00
mandeepbhutani
50719fb06f
Changed message when encrypted swap found to something more informative
...
Changed message to detail all swap partitions
2016-10-16 11:40:26 -05:00
Jaromil
c80ebd6d6e
travis CI: removed kdf tests
...
kdf computation seems to not work on travis, it times out
2016-06-13 10:34:31 +02:00
Jaromil
6855127c15
added extras to CI tests (kdf etc.)
2016-06-12 17:28:09 +02:00
Jaromil
feb35205c8
setup continuous integration tests on Travis
2016-06-12 17:18:21 +02:00