mirror of
https://github.com/Llewellynvdm/Tomb.git
synced 2024-12-30 20:59:16 +00:00
208 lines
7.8 KiB
Plaintext
208 lines
7.8 KiB
Plaintext
#title Tomb - The Crypto Undertaker
|
|
#author Jaromil
|
|
|
|
<contents>
|
|
|
|
* Tomb - Crypto Undertaker
|
|
|
|
<class name="logo">
|
|
[[images/tomb_n_bats.png]]
|
|
</class>
|
|
|
|
Tomb is a simple tool to manage **encrypted storage** on GNU/Linux, from
|
|
the hashes of the [[http://dynebolic.org][dyne:bolic]] nesting mechanism.
|
|
|
|
Tomb aims to be an **100% free** and open source system for easy
|
|
encryption and backup of personal files, written in code that is easy
|
|
to review and links commonly shared components.
|
|
|
|
Tomb generates encrypted storage files to be opened and closed using
|
|
their associated keyfiles, which are also protected with a password
|
|
chosen by the user.
|
|
|
|
A tomb is like a locked folder that can be safely transported and
|
|
hidden in a filesystem; its keys can be kept separate, for instance
|
|
keeping the tomb file on your computer harddisk and the key files on a
|
|
USB stick.
|
|
|
|
** Documentation
|
|
|
|
First of all the usual info you'd expect a software to provide:
|
|
|
|
- [[README]]
|
|
- [[ChangeLog]]
|
|
- [[TODO]]
|
|
- [[AUTHORS]]
|
|
|
|
And more below, read on...
|
|
|
|
*** Who needs Tomb
|
|
|
|
Our target community are desktop users with no time to click around,
|
|
sometimes using old or borrowed computers, operating in places
|
|
endangered by conflict where a leak of personal data can be a threat.
|
|
|
|
If you don't own a laptop then it's possible to go around with a USB
|
|
stick and borrow computers, still leaving no trace and keeping your
|
|
data safe during transports. Tomb aims to facilitate all this and to
|
|
be interoperable across popular GNU/Linux operating systems.
|
|
|
|
*** Aren't there enough encryption tools already?
|
|
|
|
We've felt the urgency of publishing Tomb for other operating systems
|
|
than dyne:bolic since the current situation in personal desktop
|
|
encryption is far from optimal.
|
|
|
|
[[http://en.wikipedia.org/wiki/TrueCrypt][TrueCrypt]] makes use of statically linked libraries so that its code is
|
|
hard to audit, plus is [[http://lists.freedesktop.org/archives/distributions/2008-October/000276.html][not considered free]] by free operating system
|
|
distributors because of liability reasons, see [[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=364034][Debian]], [[https://bugs.edge.launchpad.net/ubuntu/+bug/109701][Ubuntu]], [[http://lists.opensuse.org/opensuse-buildservice/2008-10/msg00055.html][Suse]],
|
|
[[http://bugs.gentoo.org/show_bug.cgi?id=241650][Gentoo]] and [[https://fedoraproject.org/wiki/ForbiddenItems#TrueCrypt][Fedora]].
|
|
|
|
[[http://tom.noflag.org.uk/cryptkeeper.html][Cryptkeeper]] is the best alternative to Tomb out there and its main
|
|
advantage consists in not needing root access on the machine it's
|
|
being used. But Cryptkeeper still has drawbacks: it uses [[http://www.arg0.net/encfs][EncFS]] which
|
|
implements weaker encryption than dm-crypt and it doesn't promotes the
|
|
separated storage of keys.
|
|
|
|
At last, the [[https://we.riseup.net/debian/automatically-mount-encrypted-home][Encrypted home]] mechanisms on operating systems as Debian
|
|
and Ubuntu adopt encryption algorithms as strong as Tomb does, but
|
|
they need to be configured when the machine is installed, they cannot
|
|
be easily transported and again they don't promote separated storage
|
|
of keys.
|
|
|
|
With Tomb we try to overcome all these limitations providing strong
|
|
encryption, encouraging users to separate keys from data and letting
|
|
them transport tombs around easily. Also to facilitate auditing and
|
|
customization we intend to:
|
|
|
|
- write short and readable code, linking shared libs
|
|
- provide easy to use graphical interfaces and desktop integration
|
|
- keep the development process open and distributed using GIT
|
|
- distribute Tomb under the GNU General Public License v3
|
|
|
|
If you believe this is a worthy effort, you are welcome to [[http://dyne.org/donate][support it]].
|
|
|
|
|
|
*** How does it works
|
|
|
|
[[images/monmort.png]]
|
|
|
|
Tombs are operated from a normal file browser or from the commandline.
|
|
|
|
To open a tomb is sufficient to click on it, or use the command **tomb-open**
|
|
|
|
When a tomb is open your panel will have a little icon in the tray
|
|
reminding you that a tomb is open, offering to explore it or close it.
|
|
|
|
[[images/awesome-shot.png]]
|
|
|
|
See the [[manual][manpage]] for more information on how to operate Tomb from the
|
|
text terminal.
|
|
<example>
|
|
. version 0.9.2 (Feb/2011) by Jaromil @ dyne.org
|
|
.
|
|
[*] Syntax: tomb [options] command [file] [mountpoint]
|
|
.
|
|
[*] Commands:
|
|
. create create a new encrypted storage FILE and keys
|
|
. open open an existing tomb FILE on MOUNTPOINT
|
|
. close closes the tomb on MOUNTPOINT
|
|
.
|
|
[*] Options:
|
|
. -s size of the storage file when creating one (MB)
|
|
. -k path to the key to use for decryption
|
|
.
|
|
. -h print this help
|
|
. -v version information for this tool
|
|
. -q run quietly without printing information
|
|
. -D print debugging information while running
|
|
</example>
|
|
|
|
*** Where do we learn more from
|
|
|
|
Here below some articles that are useful to understand Tomb more in
|
|
detail and to get in touch with the difficult job of a Crypto
|
|
Undertaker:
|
|
|
|
- [[TKS1-draft.pdf][TKS1 - An anti-forensic, two level, and iterated key setup scheme]]
|
|
- [[New_methods_in_HD_encryption.pdf][New Methods in Hard Disk Encryption]]
|
|
- [[Luks_on_disk_format.pdf][LUKS On-Disk Format Specification]]
|
|
- [[LinuxHDEncSettings.txt][Linux hard disk encryption settings]]
|
|
|
|
|
|
** Downloads
|
|
|
|
For licensing information see the [[http://www.gnu.org/copyleft/gpl.html][GNU General Public License]]
|
|
|
|
Below a list of formats you can download this application: ready to be
|
|
run with some of the interfaces developed, as a library you can use to
|
|
build your own application and as source code you can study.
|
|
|
|
*** Code repository
|
|
|
|
Latest stable release is 0.9.2 (10 February 2011) more about it in the
|
|
[[ftp://ftp.dyne.org/tomb/NEWS][NEWS]] and [[ftp://ftp.dyne.org/tomb/ChangeLog][ChangeLog]]
|
|
|
|
Source releases are checked and signed by [[http://jaromil.dyne.org][Jaromil]] using [[http://www.gnupg.org][GnuPG]].
|
|
|
|
On [[ftp://ftp.dyne.org/tomb][ftp.dyne.org/tomb]] you find all present and past Tomb releases,
|
|
source code for extra plugins and more binaries that we occasionally
|
|
build for various architectures.
|
|
|
|
The bleeding edge version is developed on our [[http://code.dyne.org][code repository]] using
|
|
**GIT**, you can clone the repository free and anonymously
|
|
|
|
<example>
|
|
git clone git://code.dyne.org/tomb.git
|
|
</example>
|
|
|
|
|
|
** Development
|
|
|
|
|
|
*** Stage of development
|
|
|
|
Tomb is an evolution of the 'mknest' tool developed for the [[http://dynebolic.org][dyne:bolic]]
|
|
GNU/Linux distribution, which is used by its 'nesting' mechanism to
|
|
encrypt the Home directory of users.
|
|
|
|
As such, it uses well tested and reviewed routines and its shell code
|
|
is pretty readable. The name transition from 'mknest' to 'tomb' is
|
|
marked by the adaptation of mknest to work on Debian based operating
|
|
systems.
|
|
|
|
At present time Tomb is easy to install and use, it mainly consists of
|
|
a Shell script and some auxiliary C code for desktop integration
|
|
(GTK), making use of GNU tools and the cryptographic API of the Linux
|
|
kernel.
|
|
|
|
*** People involved
|
|
|
|
Tomb is designed and written by [[http://jaromil.dyne.org][Jaromil]].
|
|
|
|
Tomb's artwork is contributed by [[http://monmort.blogspot.com][Món Mort]].
|
|
|
|
Testing and fixes are contributed by Dreamer and Hellekin O. Wolf.
|
|
|
|
Most research we refer to is documented by Clemens Fruhwirth.
|
|
|
|
Tomb relies on Cryptsetup(8) and LUKS, big up to the developers involved \o/
|
|
|
|
|
|
*** How can you help
|
|
|
|
Code is pretty short and readable: start looking around it and the
|
|
materials found in doc/ which are good pointers at security measures
|
|
to be further implemented.
|
|
|
|
Have a look in the TODO file to see what our plans are.
|
|
|
|
At the moment we can use some good help in porting this tool on
|
|
M$/Windows and Apple/OSX, still keeping the minimal approach we all
|
|
love.
|
|
|
|
Please report bugs on the tracker at http://bugs.dyne.org
|
|
|
|
Get in touch with developers via mail using this web page
|
|
http://dyne.org/contact or via chat on http://irc.dyne.org
|