Tomb/doc/web/views/index.muse
2011-03-09 17:57:45 +01:00

261 lines
9.7 KiB
Plaintext

#title Tomb - The Crypto Undertaker
#author Jaromil
<contents>
* Tomb - Crypto Undertaker
<class name="logo">
[[images/tomb_n_bats.png]]
</class>
Tomb is a simple tool to manage **encrypted storage** on GNU/Linux, from
the hashes of the [[http://dynebolic.org][dyne:bolic]] nesting mechanism.
Tomb aims to be an **100% free** and open source system for easy
encryption and backup of personal files, written in code that is easy
to review and links commonly shared components.
Tomb generates encrypted storage files to be opened and closed using
their associated keyfiles, which are also protected with a password
chosen by the user.
A tomb is like a locked folder that can be safely transported and
hidden in a filesystem; its keys can be kept separate, for instance
keeping the tomb file on your computer harddisk and the key files on a
USB stick.
** Documentation
First of all the usual info you'd expect a software to provide:
- [[README]]
- [[ChangeLog]]
- [[TODO]]
- [[AUTHORS]]
And more below, read on...
*** How does it works
[[images/monmort.png]]
Tombs are operated from a normal file browser or from the commandline.
To open a tomb is sufficient to click on it, or use the command **tomb-open**
When a tomb is open your panel will have a little icon in the tray
reminding you that a tomb is open, offering to explore it or close it.
[[images/awesome-shot.png]]
To make safety copies of your keys, tomb lets you "bury a key" inside
an image (using steganography techniques) and of course "exhume"
buried keys from pictures where they are hidden. Actually it is very
hard to guess when something is hidden inside a picture without
knowing the password used in steganography.
See the [[manual.html][manpage]] for more information on how to operate Tomb from the
text terminal.
<example>
Tomb 1.0 - a strong and gentle undertaker for your secrets
Syntax: tomb [options] command [file] [place]
Commands:
create create a new tomb FILE and its keys
open open an existing tomb FILE on PLACE
close closes the tomb open on PLACE
bury hide a tomb key FILE inside a jpeg PLACE
exhume extract a tomb key FILE from a jpeg PLACE
Options:
-s size of the tomb file when creating one (in MB)
-k path to the key to use for opening a tomb
-n don't process the hooks found in tomb
-h print this help
-v version information for this tool
-q run quietly without printing informations
-D print debugging information at runtime
For more informations on Tomb read the manual: man tomb
Please report bugs on <http://bugs.dyne.org>.
</example>
*** Who needs Tomb
Democracy requires Privacy as much as Freedom of Expression.
Our target community are desktop users with no time to click around,
sometimes using old or borrowed computers, operating in places
endangered by conflict where a leak of personal data can be a threat.
If you can't own a laptop then it's possible to go around with a USB
stick and borrow computers, still leaving no trace and keeping your
data safe during transports. Tomb aims to facilitate all this and to
be interoperable across popular GNU/Linux operating systems.
The internet offers plenty of free services, on the wave of the Web2.0
fuzz and the community boom, while all private informations are hosted
on servers owned by global corporations and monopolies.
It is important to keep in mind that no-one else better than *you* can
ensure the privacy of your personal data. Server hosted services and
web integrated technologies gather all data into huge information
pools that are made available to established economical and cultural
regimes.
**This software urges you to reflect on the importance of your
privacy**. World is full of prevarication and political imprisonments,
war rages in several places and media is mainly used for propaganda by
the powers in charge. Some of us face the dangers of being tracked by
oppressors opposing our self definition, independent thinking and
resistance to omologation.
<verse>
"The distinction between what is public and what is private is
becoming more and more blurred with the increasing intrusiveness of
the media and advances in electronic technology. While this
distinction is always the outcome of continuous cultural
negotiation, it continues to be critical, for where nothing is
private, democracy becomes impossible."
(from [[http://www.newschool.edu/centers/socres/privacy/Home.html][Privacy Conference, Social Research, New School University]])
</verse>
*** Aren't there enough encryption tools already?
[[images/foster_privacy.png]]
We've felt the urgency of publishing Tomb for other operating systems
than dyne:bolic since the current situation in personal desktop
encryption is far from optimal.
[[http://en.wikipedia.org/wiki/TrueCrypt][TrueCrypt]] makes use of statically linked libraries so that its code is
hard to audit, plus is [[http://lists.freedesktop.org/archives/distributions/2008-October/000276.html][not considered free]] by free operating system
distributors because of liability reasons, see [[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=364034][Debian]], [[https://bugs.edge.launchpad.net/ubuntu/+bug/109701][Ubuntu]], [[http://lists.opensuse.org/opensuse-buildservice/2008-10/msg00055.html][Suse]],
[[http://bugs.gentoo.org/show_bug.cgi?id=241650][Gentoo]] and [[https://fedoraproject.org/wiki/ForbiddenItems#TrueCrypt][Fedora]].
[[http://tom.noflag.org.uk/cryptkeeper.html][Cryptkeeper]] is the best alternative to Tomb out there and its main
advantage consists in not needing root access on the machine it's
being used. But Cryptkeeper still has drawbacks: it uses [[http://www.arg0.net/encfs][EncFS]] which
implements weaker encryption than dm-crypt and it doesn't promotes the
separated storage of keys.
At last, the [[https://we.riseup.net/debian/automatically-mount-encrypted-home][Encrypted home]] mechanisms on operating systems as Debian
and Ubuntu adopt encryption algorithms as strong as Tomb does, but
they need to be configured when the machine is installed, they cannot
be easily transported and again they don't promote separated storage
of keys.
With Tomb we try to overcome all these limitations providing strong
encryption, encouraging users to separate keys from data and letting
them transport tombs around easily. Also to facilitate auditing and
customization we intend to:
- write short and readable code, linking shared libs
- provide easy to use graphical interfaces and desktop integration
- keep the development process open and distributed using GIT
- distribute Tomb under the GNU General Public License v3
If you believe this is a worthy effort, you are welcome to [[http://dyne.org/donate][support it]].
*** Where do we learn more from
Here below some articles that are useful to understand Tomb more in
detail and to get in touch with the difficult job of a Crypto
Undertaker:
- [[TKS1-draft.pdf][TKS1 - An anti-forensic, two level, and iterated key setup scheme]]
- [[New_methods_in_HD_encryption.pdf][New Methods in Hard Disk Encryption]]
- [[Luks_on_disk_format.pdf][LUKS On-Disk Format Specification]]
- [[LinuxHDEncSettings.txt][Linux hard disk encryption settings]]
** Downloads
For licensing information see the [[http://www.gnu.org/copyleft/gpl.html][GNU General Public License]]
Below a list of formats you can download this application: ready to be
run with some of the interfaces developed, as a library you can use to
build your own application and as source code you can study.
*** Code repository
Latest stable release is 0.9.2 (10 February 2011) more about it in the
[[ftp://ftp.dyne.org/tomb/NEWS][NEWS]] and [[ftp://ftp.dyne.org/tomb/ChangeLog][ChangeLog]]
Source releases are checked and signed by [[http://jaromil.dyne.org][Jaromil]] using [[http://www.gnupg.org][GnuPG]].
On [[ftp://ftp.dyne.org/tomb][ftp.dyne.org/tomb]] you find all present and past Tomb releases,
source code for extra plugins and more binaries that we occasionally
build for various architectures.
The bleeding edge version is developed on our [[http://code.dyne.org][code repository]] using
**GIT**, you can clone the repository free and anonymously
<example>
git clone git://code.dyne.org/tomb.git
</example>
** Development
*** Stage of development
Tomb is an evolution of the 'mknest' tool developed for the [[http://dynebolic.org][dyne:bolic]]
GNU/Linux distribution, which is used by its 'nesting' mechanism to
encrypt the Home directory of users.
As such, it uses well tested and reviewed routines and its shell code
is pretty readable. The name transition from 'mknest' to 'tomb' is
marked by the adaptation of mknest to work on Debian based operating
systems.
At present time Tomb is easy to install and use, it mainly consists of
a Shell script and some auxiliary C code for desktop integration
(GTK), making use of GNU tools and the cryptographic API of the Linux
kernel.
*** People involved
Tomb is designed and written by [[http://jaromil.dyne.org][Jaromil]].
Tomb's artwork is contributed by [[http://monmort.blogspot.com][Món Mort]].
Testing and fixes are contributed by Dreamer and Hellekin O. Wolf.
Most research we refer to is documented by Clemens Fruhwirth.
Tomb relies on Cryptsetup(8) and LUKS, big up to the developers involved \o/
*** How can you help
Code is pretty short and readable: start looking around it and the
materials found in doc/ which are good pointers at security measures
to be further implemented.
Have a look in the TODO file to see what our plans are.
At the moment we can use some good help in porting this tool on
M$/Windows and Apple/OSX, still keeping the minimal approach we all
love.
Please report bugs on the tracker at http://bugs.dyne.org
Get in touch with developers via mail using this web page
http://dyne.org/contact or via chat on http://irc.dyne.org