7456d4f4b7
Previously it wasn't possible to use argon2 as KDF function without the tomb tools from extras/kdf-keys being available. To change that behaviour introduce checks on the ARGON2 variable. Additionally add a fallback function to create a salt that is compatible to tomb-kdb-pbkdf2-gensalt. Options specific for the different supported KDF algorithm are reorganized. Some options align between the various KDF and some are unique to them. The output of -h is enhanced with the various --kdf options and depends on the available optional tools. argon2 specific cli arguments won't be displayed if argon2 is not available. Add case for results beside argon2 and pbkdf2. Key creation won't be stopped, just a warning is issued that the resulting key won't be protected via KDF. Regarding the cli options. The argument for the suboption --kdf is made optional. In that regard one needs to make sure, that --kdf is the last option before an argument. Or - to separate. Third option would be use -k to specify the keyname. Example: tomb forge --kdf - testkey.tomb Example: tomb forge --kdf -k testkey.tomb Example: tomb forge -k testkey.tomb --kdf Additonally the kdf options are reorganized, which is a possible breaking change for scripts or GUI helpers. * --kdftype is changed to --kdf * --kdfiter is introduced as replacement the for previous --kdf definition * --kdfpar is introduced to support the parallelism option of argon2 (nice to have if someone wants to adjust memory or iteration costs without increasing the time that much) Only --kdf is mandatory to get a key which is protected with KDF. For every other option safe defaults are set and can be optionally adjusted. KDF related subcommand options are removed where they don't come into play. gen_key() is only called in forge and passwd. Closes #526 |
||
|---|---|---|
| .github | ||
| doc | ||
| extras | ||
| .gitignore | ||
| .travis.yml | ||
| AUTHORS.md | ||
| ChangeLog.md | ||
| COPYING | ||
| INSTALL.md | ||
| KNOWN_BUGS.md | ||
| Makefile | ||
| README.md | ||
| tomb | ||
Tomb: The Linux Crypto Undertaker
Minimalistic command line tool based on Linux dm-crypt and LUKS, trusted by hackers since 2007.
You can keep your volumes secure and easily manageable with simple commands.
Create a new 120MiB secret.tomb folder and lock it with a new secret.tomb.key file.
$ tomb dig -s 120 secret.tomb
$ tomb forge -k secret.tomb.key
$ tomb lock -k secret.tomb.key secret.tomb
To open it, do
$ tomb open -k secret.tomb.key secret.tomb
And after you are done
$ tomb close
Or, if you are in a hurry, kill all processes with open files inside your tomb and close it.
$ tomb slam
📖 Get started on dyne.org/tomb
More information in man tomb and on dyne.org/docs/tomb.
💾 Download from files.dyne.org/tomb
Use only stable and signed releases in production!
Tomb's development is community-based!
🤏🏽 How can you help
Donations are very welcome on dyne.org/donate
Translations are also welcome: see our simple translation guide
Tomb's code is short and readable: don't be afraid to inspect it! If you plan to submit a PR, please remember that this is a minimalist tool, and the code should be short and readable. Also, first, read our small intro to Tomb's coding style.
We have a space for issues open for detailed bug reports. Always include the Tomb version being used when filing a case, please.
There is also a space for discussion of new features, desiderata and whatnot on github.
Licensing
Tomb is Copyright (C) 2007-2024 by the Dyne.org Foundation and maintained by Jaromil. The AUTHORS file contains more information on all the developers involved. The license is GNU Public License v3.