mirror of
https://github.com/Llewellynvdm/Tomb.git
synced 2024-11-05 12:57:56 +00:00
9b6a716672
usage: tomb passwd /path/to/keyfile.key documented in man page adds feature #46 adds internal func safe_file() adds parameters for askpass() function messaging
264 lines
8.5 KiB
Groff
264 lines
8.5 KiB
Groff
.TH tomb 1 "Sept 26, 2011" "tomb"
|
|
|
|
.SH NAME
|
|
Tomb \- the Crypto Undertaker
|
|
|
|
.SH SYNOPSIS
|
|
.B
|
|
.IP "tomb [options] command [arguments]"
|
|
.B
|
|
.IP "tomb-open [file]"
|
|
.B
|
|
.IP "tomb-status mountpoint"
|
|
|
|
.SH DESCRIPTION
|
|
|
|
Tomb is an application to manage the creation and access of encrypted
|
|
storage files: it can be operated from commandline and it can
|
|
integrate with a user's graphical desktop.
|
|
|
|
Tomb generates encrypted storage files to be opened and closed using
|
|
their associated keys, which are also protected with a password chosen
|
|
by the user. To create, open and close tombs a user will need super
|
|
user rights to execute the tomb commandline utility.
|
|
|
|
A tomb is like a locked folder that can be safely transported and
|
|
hidden in a filesystem; it encourages users to keep their keys
|
|
separate from tombs, for instance keeping a tomb file on your computer
|
|
harddisk and its key file on a USB stick.
|
|
|
|
For simplified use, the command \fItomb-open\fR starts a wizard that
|
|
guides users in the creation of a new tomb or, if a tomb file is
|
|
specified as \fIargument\fR, it opens it and makes it accessible in a
|
|
default location under the /media folder, starting the status tray
|
|
applet (\fItomb-status\fR) if a desktop is present.
|
|
|
|
|
|
.SH COMMANDS
|
|
|
|
.B
|
|
.IP "create"
|
|
Creates a new encrypted storage tomb and its key, named as specified
|
|
by the given \fIargument\fR.
|
|
|
|
.B
|
|
.IP "open"
|
|
Opens an existing tomb file specified in the \fIfirst argument\fR. If
|
|
a \fIsecond argument\fR is given it will indicate the \fImountpoint\fR
|
|
where the tomb should be made accessible, if not then the tomb is
|
|
mounted in a directory named after the filename and inside /media.
|
|
|
|
.B
|
|
.IP "list"
|
|
|
|
List all the tombs found open, including information about the time
|
|
they were opened and the hooks that they mounted. If the \fIfirst
|
|
argument\fR is present, then shows only the tomb named that way or
|
|
returns an error if its not found.
|
|
|
|
.B
|
|
.IP "close"
|
|
Closes a currently open tomb. When \fIan argument\fR is specified, it
|
|
should be the name of a mounted tomb; if not specified and only one
|
|
tomb is open then it will be closed; if multiple tombs are open, the
|
|
command will list them on the terminal. The special
|
|
\fIargument\fR 'all' will close all currently open tombs. This command
|
|
fails if the tomb is in use by running processes, the command
|
|
\fIslam\fR can be used to force close.
|
|
|
|
.B
|
|
.IP "passwd"
|
|
Changes the password of a tomb key file specified in the \fIfirst
|
|
argument\fR. It will need the old password to decode the key file, it
|
|
will then reencode it using the new password.
|
|
|
|
.B
|
|
.IP "slam"
|
|
Closes a tomb like the command \fIclose\fR does, but in case it is in
|
|
use looks for all the processes accessing its files and violently
|
|
kills them using \-9.
|
|
|
|
.B
|
|
.IP "bury"
|
|
Hides a tomb key (\fIfirst argument\fR) inside a jpeg image (\fIsecond
|
|
argument\fR) using steganography: the image will change in a way that
|
|
cannot be noticed by human eyes and the presence of the key inside it
|
|
isn't detectable without the right password. This option is useful to
|
|
backup tomb keys in unsuspected places; it uses steghide and the
|
|
serpent encryption algorithm.
|
|
|
|
.B
|
|
.IP "exhume"
|
|
Extracts a named tomb key (\fIfirst argument\fR) from a (jpeg) image file
|
|
(\fIsecond argument\fR) known to be containing it, if the right password is
|
|
given. This is used to recoved buried keys from unsuspected places.
|
|
|
|
.SH OPTIONS
|
|
.B
|
|
.B
|
|
.IP "-s \fI<MBytes>\fR"
|
|
When creating a tomb, this option MUST be used to specify the size of
|
|
the new \fIfile\fR to be created, in megabytes.
|
|
.B
|
|
.IP "-k \fI<keyfile>\fR"
|
|
When opening a tomb, this option can be used to specify the location
|
|
of the key to use. Keys are created with the same name of the tomb
|
|
file adding a '.gpg' suffix, but can be later renamed and transported
|
|
on other media. When a key is not found, the program asks to insert a
|
|
USB storage device and it will look for the key file inside it.
|
|
If \fI<keyfile>\fR is "-" (dash), it will read stdin
|
|
.IP
|
|
When creating a tomb, this option can be used to specify the name (and
|
|
location) of the key you are creating. For example, you could use
|
|
.EX
|
|
tomb create -s 100 tombname -k /media/usb/tombname
|
|
.EE
|
|
to put the key on a usb pendrive
|
|
|
|
.B
|
|
.IP "-n"
|
|
Skip processing of post-hooks and bind-hooks if found inside the tomb.
|
|
See the \fIHOOKS\fR section in this manual for more information.
|
|
.B
|
|
.IP "-o"
|
|
Manually specify mount options to be used when opening a tomb instead
|
|
of the default \fIrw,noatime,nodev\fR. This option can be used to
|
|
mount a tomb read-only (ro) to prevent any modification of its data,
|
|
or to experiment with other settings (if you really know what you are
|
|
doing) see the mount(8) man page.
|
|
.B
|
|
.IP "--ignore-swap"
|
|
By default, Tomb will abort any create and open operation if swap is used (see
|
|
SWAP section for details). This flag will disable this behaviour. NOTE: it is
|
|
not secure to do so, unless you know that your swap is encrypted
|
|
|
|
.B
|
|
.IP "-h"
|
|
Display a help text and quit
|
|
.B
|
|
.IP "-v"
|
|
Display version and quit
|
|
.B
|
|
.IP "-q"
|
|
Run more quietly
|
|
.B
|
|
.IP "-D"
|
|
Print more information while running, for debugging purposes
|
|
.B
|
|
.IP "--no-color"
|
|
Don't use colors; useful for old terminals or integration in other scripts
|
|
|
|
|
|
.SH HOOKS
|
|
|
|
Hooks are special files that can be placed inside the tomb and trigger
|
|
actions when it is opened and closed; there are two kinds of such
|
|
files: \fIbind-hooks\fR and \fIpost-hooks\fR can be placed in the
|
|
base root of the tomb.
|
|
|
|
.B
|
|
.IP "bind-hooks"
|
|
This hook file consists of a simple two column list of files or
|
|
directories inside the tomb to be made directly accessible inside the
|
|
current user's home directory. Tomb will use the "mount \-o bind"
|
|
command to bind locations inside the tomb to locations found in $HOME
|
|
so in the first column are indicated paths relative to the tomb and in
|
|
the second column are indicated paths relative to $HOME contents, for
|
|
example:
|
|
|
|
mail mail
|
|
.gnupg .gnupg
|
|
.fmrc .fetchmailrc
|
|
.mozilla .mozilla
|
|
|
|
.B
|
|
.IP "post-hooks"
|
|
This hook file gets executed as user by tomb right after opening it;
|
|
it can consist of a shell script of a binary executable that performs
|
|
batch operations every time a tomb is opened.
|
|
|
|
.SH PRIVILEGE ESCALATION
|
|
|
|
The tomb commandline tool needs to acquire super user rights to
|
|
execute most of its operations: to do so it uses sudo(8), while
|
|
pinentry(1) is adopted to collect passwords from the user.
|
|
|
|
Tomb executes as super user only those commands requiring it, while it
|
|
executes desktop applications as processes owned by the user.
|
|
|
|
.SH SWAP
|
|
|
|
During "create" and "open" operation, swap will complain and \fIabort\fR if
|
|
your system has swap activated. This can be annoying, and you can disable this
|
|
behaviour using \fI--ignore-swap\fR. Before doing that, however, you may be
|
|
interested in knowing the risks of doing so:
|
|
.IP \(bu
|
|
During both creation and opening it could write your secret key on the disk
|
|
.IP \(bu
|
|
After having opened the tomb, an application you're using could swap file
|
|
contents. So you'll put file contents in clear on your disk
|
|
.P
|
|
|
|
If you don't need swap, execute \fI swapoff -a\fR. If you really need it, you
|
|
could encrypt it. Tomb doesn't detect if your swap is encrypted, and will
|
|
complain anyway. In that case, using --ignore-swap is safe. Otherwise, use
|
|
--ignore-swap at your own risk
|
|
|
|
|
|
|
|
.SH BUGS
|
|
Please report bugs on the tracker at
|
|
.UR http://bugs.dyne.org
|
|
.UE
|
|
|
|
Get in touch with developers via mail using this
|
|
.UR http://dyne.org/contact
|
|
web page
|
|
.UE
|
|
or via chat on
|
|
.UR http://irc.dyne.org
|
|
.UE
|
|
|
|
.SH AUTHORS
|
|
|
|
Tomb is designed and written by Denis Roio aka Jaromil.
|
|
|
|
Tomb includes code by Anathema and Boyska.
|
|
|
|
Tomb's artwork is contributed by Jordi aka Mon Mort
|
|
|
|
Testing and reviews are contributed by Hellekin O. Wolf, Dreamer,
|
|
Shining, Mancausoft, Asbesto Molesto.
|
|
|
|
Cryptsetup is developed by Christophe Saout and Clemens Fruhwirth
|
|
|
|
.SH COPYING
|
|
|
|
This manual is Copyleft (c) 2011 Denis Roio <\fIjaromil@dyne.org\fR>
|
|
|
|
It includes contributions by Boyska
|
|
|
|
Permission is granted to copy, distribute and/or modify this manual
|
|
under the terms of the GNU Free Documentation License, Version 1.1 or
|
|
any later version published by the Free Software Foundation.
|
|
Permission is granted to make and distribute verbatim copies of this
|
|
manual page provided the above copyright notice and this permission
|
|
notice are preserved on all copies.
|
|
|
|
.SH AVAILABILITY
|
|
|
|
The most recent version of Tomb sourcecode and up to date
|
|
documentation is available for download from its website on
|
|
\fIhttp://tomb.dyne.org\fR.
|
|
|
|
.SH SEE ALSO
|
|
|
|
.B
|
|
.IP cryptsetup(8)
|
|
|
|
GnuPG website on http://www.gnupg.org
|
|
|
|
DM-Crypt website on http://www.saout.de/misc/dm-crypt
|
|
|
|
LUKS website, http://code.google.com/p/cryptsetup
|