mirror of
https://github.com/Llewellynvdm/Tomb.git
synced 2024-11-20 03:30:59 +00:00
294 lines
11 KiB
Plaintext
294 lines
11 KiB
Plaintext
#title Tomb - The Crypto Undertaker
|
|
#author Jaromil
|
|
|
|
<contents>
|
|
|
|
* Tomb - Crypto Undertaker
|
|
|
|
<class name="logo">
|
|
[[images/tomb_n_bats.png]]
|
|
</class>
|
|
|
|
Tomb is a simple tool to manage **encrypted storage** on GNU/Linux, from
|
|
the hashes of the [[http://dynebolic.org][dyne:bolic]] nesting mechanism.
|
|
|
|
Tomb aims to be an **100% free** and open source system for easy
|
|
encryption and backup of personal files, written in code that is easy
|
|
to review and links commonly shared components.
|
|
|
|
Tomb generates encrypted storage files to be opened and closed using
|
|
their associated keyfiles, which are also protected with a password
|
|
chosen by the user.
|
|
|
|
A tomb is like a locked folder that can be safely transported and
|
|
hidden in a filesystem; its keys can be kept separate, for instance
|
|
keeping the tomb file on your computer harddisk and the key files on a
|
|
USB stick.
|
|
|
|
** Documentation
|
|
|
|
"*All I know is what the words know, and dead things, and that makes
|
|
a handsome little sum, with a beginning and a middle and an end, as
|
|
in the well-built phrase and the long sonata of the dead.*"
|
|
Samuel Beckett
|
|
|
|
First of all the usual info you'd expect a software to provide:
|
|
|
|
- [[README]]
|
|
- [[ChangeLog]]
|
|
- [[TODO]]
|
|
- [[AUTHORS]]
|
|
|
|
And more below, read on...
|
|
|
|
*** How does it works
|
|
|
|
[[images/monmort.png]]
|
|
|
|
Tombs are operated from a normal file browser or from the commandline.
|
|
|
|
To open a tomb is sufficient to click on it, or use the command **tomb-open**
|
|
|
|
When a tomb is open your panel will have a little icon in the tray
|
|
reminding you that a tomb is open, offering to explore it or close it.
|
|
|
|
|
|
To make safety copies of your keys, tomb lets you "bury a key" inside
|
|
an image (using steganography techniques) and of course "exhume"
|
|
buried keys from pictures where they are hidden. Actually it is very
|
|
hard to guess when something is hidden inside a picture without
|
|
knowing the password used in steganography.
|
|
|
|
[[images/awesome-shot.png]]
|
|
|
|
See the [[manual.html][manpage]] for more information on how to operate Tomb from the
|
|
text terminal.
|
|
<example>
|
|
Tomb 1.0 - a strong and gentle undertaker for your secrets
|
|
|
|
Syntax: tomb [options] command [file] [place]
|
|
|
|
Commands:
|
|
|
|
create create a new tomb FILE and its keys
|
|
open open an existing tomb FILE on PLACE
|
|
close closes the tomb open on PLACE
|
|
bury hide a tomb key FILE inside a jpeg PLACE
|
|
exhume extract a tomb key FILE from a jpeg PLACE
|
|
|
|
Options:
|
|
|
|
-s size of the tomb file when creating one (in MB)
|
|
-k path to the key to use for opening a tomb
|
|
-n don't process the hooks found in tomb
|
|
|
|
-h print this help
|
|
-v version information for this tool
|
|
-q run quietly without printing informations
|
|
-D print debugging information at runtime
|
|
|
|
For more informations on Tomb read the manual: man tomb
|
|
Please report bugs on <http://bugs.dyne.org>.
|
|
</example>
|
|
|
|
*** Who needs Tomb
|
|
|
|
"*Democracy requires Privacy as much as Freedom of Expression.*" Anonymous
|
|
|
|
Our target community are desktop users with no time to click around,
|
|
sometimes using old or borrowed computers, operating in places
|
|
endangered by conflict where a leak of personal data can be a threat.
|
|
|
|
If you can't own a laptop then it's possible to go around with a USB
|
|
stick and borrow computers, still leaving no trace and keeping your
|
|
data safe during transports. Tomb aims to facilitate all this and to
|
|
be interoperable across popular GNU/Linux operating systems.
|
|
|
|
|
|
The internet offers plenty of free services, on the wave of the Web2.0
|
|
fuzz and the community boom, while all private informations are hosted
|
|
on servers owned by global corporations and monopolies.
|
|
|
|
It is important to keep in mind that no-one else better than *you* can
|
|
ensure the privacy of your personal data. Server hosted services and
|
|
web integrated technologies gather all data into huge information
|
|
pools that are made available to established economical and cultural
|
|
regimes.
|
|
|
|
|
|
|
|
**This software urges you to reflect on the importance of your
|
|
privacy**. World is full of prevarication and political imprisonments,
|
|
war rages in several places and media is mainly used for propaganda by
|
|
the powers in charge. Some of us face the dangers of being tracked by
|
|
oppressors opposing our self definition, independent thinking and
|
|
resistance to omologation.
|
|
|
|
<verse>
|
|
|
|
"The distinction between what is public and what is private is
|
|
becoming more and more blurred with the increasing intrusiveness of
|
|
the media and advances in electronic technology. While this
|
|
distinction is always the outcome of continuous cultural
|
|
negotiation, it continues to be critical, for where nothing is
|
|
private, democracy becomes impossible."
|
|
|
|
(from [[http://www.newschool.edu/centers/socres/privacy/Home.html][Privacy Conference, Social Research, New School University]])
|
|
</verse>
|
|
|
|
|
|
|
|
|
|
|
|
*** Aren't there enough encryption tools already?
|
|
|
|
[[images/foster_privacy.png]]
|
|
|
|
We've felt the urgency of publishing Tomb for other operating systems
|
|
than dyne:bolic since the current situation in personal desktop
|
|
encryption is far from optimal.
|
|
|
|
[[http://en.wikipedia.org/wiki/TrueCrypt][TrueCrypt]] makes use of statically linked libraries so that its code is
|
|
hard to audit, plus is [[http://lists.freedesktop.org/archives/distributions/2008-October/000276.html][not considered free]] by free operating system
|
|
distributors because of liability reasons, see [[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=364034][Debian]], [[https://bugs.edge.launchpad.net/ubuntu/+bug/109701][Ubuntu]], [[http://lists.opensuse.org/opensuse-buildservice/2008-10/msg00055.html][Suse]],
|
|
[[http://bugs.gentoo.org/show_bug.cgi?id=241650][Gentoo]] and [[https://fedoraproject.org/wiki/ForbiddenItems#TrueCrypt][Fedora]].
|
|
|
|
[[http://tom.noflag.org.uk/cryptkeeper.html][Cryptkeeper]] is the best alternative to Tomb out there and its main
|
|
advantage consists in not needing root access on the machine it's
|
|
being used. But Cryptkeeper still has drawbacks: it uses [[http://www.arg0.net/encfs][EncFS]] which
|
|
implements weaker encryption than dm-crypt and it doesn't promotes the
|
|
separated storage of keys.
|
|
|
|
At last, the [[https://we.riseup.net/debian/automatically-mount-encrypted-home][Encrypted home]] mechanisms on operating systems as Debian
|
|
and Ubuntu adopt encryption algorithms as strong as Tomb does, but
|
|
they need to be configured when the machine is installed, they cannot
|
|
be easily transported and again they don't promote separated storage
|
|
of keys.
|
|
|
|
With Tomb we try to overcome all these limitations providing strong
|
|
encryption, encouraging users to separate keys from data and letting
|
|
them transport tombs around easily. Also to facilitate auditing and
|
|
customization we intend to:
|
|
|
|
- write short and readable code, linking shared libs
|
|
- provide easy to use graphical interfaces and desktop integration
|
|
- keep the development process open and distributed using GIT
|
|
- distribute Tomb under the GNU General Public License v3
|
|
|
|
If you believe this is a worthy effort, you are welcome to [[http://dyne.org/donate][support it]].
|
|
|
|
*** Where do we learn more from
|
|
|
|
Here below some articles that are useful to understand Tomb more in
|
|
detail and to get in touch with the difficult job of a Crypto
|
|
Undertaker:
|
|
|
|
- [[TKS1-draft.pdf][TKS1 - An anti-forensic, two level, and iterated key setup scheme]]
|
|
- [[New_methods_in_HD_encryption.pdf][New Methods in Hard Disk Encryption]]
|
|
- [[Luks_on_disk_format.pdf][LUKS On-Disk Format Specification]]
|
|
- [[LinuxHDEncSettings.txt][Linux hard disk encryption settings]]
|
|
|
|
|
|
** Downloads
|
|
|
|
For licensing information see the [[http://www.gnu.org/copyleft/gpl.html][GNU General Public License]]
|
|
|
|
Below a list of formats you can download this application: ready to be
|
|
run with some of the interfaces developed, as a library you can use to
|
|
build your own application and as source code you can study.
|
|
|
|
*** Debian
|
|
|
|
To install the tomb and tomb-gtk package using apt, add this line to
|
|
your software sources (/etc/apt/source/list)
|
|
|
|
<example>
|
|
deb http://apt.dyne.org/debian stable main
|
|
</example>
|
|
|
|
|
|
*** Ubuntu
|
|
|
|
If you use Lucid (10.04) add to your software sources this PPA
|
|
|
|
<example>
|
|
ppa:jaromil/rastasoft
|
|
</example>
|
|
|
|
else if you are using Maverick or other older versions, you can still
|
|
try to install the packages, as they should work well, by adding these
|
|
two sources to /etc/apt/source.list
|
|
|
|
<example>
|
|
deb http://ppa.launchpad.net/jaromil/rastasoft/ubuntu lucid main
|
|
deb-src http://ppa.launchpad.net/jaromil/rastasoft/ubuntu lucid main
|
|
</example>
|
|
|
|
|
|
*** Code repository
|
|
|
|
Latest stable release is 1.0 (11 March 2011) more about it in the
|
|
[[ftp://ftp.dyne.org/tomb/NEWS][NEWS]] and [[ftp://ftp.dyne.org/tomb/ChangeLog][ChangeLog]]
|
|
|
|
Source releases are checked and signed by [[http://jaromil.dyne.org][Jaromil]] using [[http://www.gnupg.org][GnuPG]].
|
|
|
|
On [[ftp://ftp.dyne.org/tomb][ftp.dyne.org/tomb]] you find all present and past Tomb releases,
|
|
source code for extra plugins and more binaries that we occasionally
|
|
build for various architectures.
|
|
|
|
The bleeding edge version is developed on our [[http://code.dyne.org][code repository]] using
|
|
**GIT**, you can clone the repository free and anonymously
|
|
|
|
<example>
|
|
git clone git://code.dyne.org/tomb.git
|
|
</example>
|
|
|
|
|
|
** Development
|
|
|
|
|
|
*** Stage of development
|
|
|
|
Tomb is an evolution of the 'mknest' tool developed for the [[http://dynebolic.org][dyne:bolic]]
|
|
GNU/Linux distribution, which is used by its 'nesting' mechanism to
|
|
encrypt the Home directory of users.
|
|
|
|
As such, it uses well tested and reviewed routines and its shell code
|
|
is pretty readable. The name transition from 'mknest' to 'tomb' is
|
|
marked by the adaptation of mknest to work on Debian based operating
|
|
systems.
|
|
|
|
At present time Tomb is easy to install and use, it mainly consists of
|
|
a Shell script and some auxiliary C code for desktop integration
|
|
(GTK), making use of GNU tools and the cryptographic API of the Linux
|
|
kernel.
|
|
|
|
*** People involved
|
|
|
|
Tomb is designed and written by [[http://jaromil.dyne.org][Jaromil]].
|
|
|
|
Tomb's artwork is contributed by [[http://monmort.blogspot.com][Món Mort]].
|
|
|
|
Testing and fixes are contributed by Dreamer, Hellekin O. Wolf,
|
|
Shining and Mancausoft.
|
|
|
|
Most research we refer to is documented by Clemens Fruhwirth who also
|
|
developed Cryptsetup together with Christophe Saout.
|
|
|
|
*** How can you help
|
|
|
|
Code is pretty short and readable: start looking around it and the
|
|
materials found in doc/ which are good pointers at security measures
|
|
to be further implemented.
|
|
|
|
Have a look in the TODO file to see what our plans are.
|
|
|
|
At the moment we can use some good help in porting this tool on
|
|
M$/Windows and Apple/OSX, still keeping the minimal approach we all
|
|
love.
|
|
|
|
Please report bugs on the tracker at http://bugs.dyne.org
|
|
|
|
Get in touch with developers via mail using this web page
|
|
http://dyne.org/contact or via chat on http://irc.dyne.org
|