itdocumentation update and small swish-e fix - tomb - the crypto undertaker Err parazyd.org 70 hgit clone git://parazyd.org/tomb.git URL:git://parazyd.org/tomb.git parazyd.org 70 1Log /git/tomb/log.gph parazyd.org 70 1Files /git/tomb/files.gph parazyd.org 70 1Refs /git/tomb/refs.gph parazyd.org 70 1README /git/tomb/file/README.md.gph parazyd.org 70 1LICENSE /git/tomb/file/COPYING.gph parazyd.org 70 i--- Err parazyd.org 70 1commit b8447dbf24731c4ca26307efaaf27b4b085a6b0b /git/tomb/commit/b8447dbf24731c4ca26307efaaf27b4b085a6b0b.gph parazyd.org 70 1parent e8ca2998b92fd929351ff58d1ba670304b9c6c89 /git/tomb/commit/e8ca2998b92fd929351ff58d1ba670304b9c6c89.gph parazyd.org 70 hAuthor: Jaromil URL:mailto:jaromil@dyne.org parazyd.org 70 iDate: Mon, 6 Jul 2015 13:03:32 +0200 Err parazyd.org 70 i Err parazyd.org 70 idocumentation update and small swish-e fix Err parazyd.org 70 i Err parazyd.org 70 iThe fix is due to the new naming scheme without .tomb extension recently Err parazyd.org 70 iintroduced for mountpoints. While testing this a problem arised with Err parazyd.org 70 iswish-e related to compression of indexes, to be addressed. Err parazyd.org 70 i Err parazyd.org 70 iDiffstat: Err parazyd.org 70 i M AUTHORS.md | 8 ++++---- Err parazyd.org 70 i M INSTALL.md | 23 ++++++++++++----------- Err parazyd.org 70 i M README.md | 21 ++++++++++++--------- Err parazyd.org 70 i M doc/tomb.1 | 21 ++++++++++++--------- Err parazyd.org 70 i M tomb | 15 ++++++--------- Err parazyd.org 70 i Err parazyd.org 70 i5 files changed, 46 insertions(+), 42 deletions(-) Err parazyd.org 70 i--- Err parazyd.org 70 1diff --git a/AUTHORS.md b/AUTHORS.md /git/tomb/file/AUTHORS.md.gph parazyd.org 70 it@@ -11,10 +11,10 @@ Gettext internationalization and Spanish translation is contributed by Err parazyd.org 70 i GDrooid, French translation by Hellekin, Russian translation by fsLeg, Err parazyd.org 70 i German translation by x3nu. Err parazyd.org 70 i Err parazyd.org 70 i-Testing, reviews and documentation are contributed by Dreamer, Shining Err parazyd.org 70 i-the Translucent, Mancausoft, Asbesto Molesto, Nignux, Vlax, The Grugq, Err parazyd.org 70 i-Reiven, GDrooid, Alphazo, Brian May, TheJH, fsLeg, JoelMon and the Err parazyd.org 70 i-Linux Action Show! Err parazyd.org 70 i+Testing, reviews and documentation contributed by Dreamer, Vlax, Err parazyd.org 70 i+Shining the Translucent, Mancausoft, Asbesto Molesto, Nignux, TheJH, Err parazyd.org 70 i+The Grugq, Reiven, GDrooid, Alphazo, Brian May, fsLeg, JoelMon, Jim Err parazyd.org 70 i+Turner, Maxime Arthaud and the Linux Action Show! Err parazyd.org 70 i Err parazyd.org 70 i Cryptsetup was developed by Christophe Saout and Clemens Fruhwirth. Err parazyd.org 70 i Err parazyd.org 70 1diff --git a/INSTALL.md b/INSTALL.md /git/tomb/file/INSTALL.md.gph parazyd.org 70 it@@ -37,18 +37,18 @@ After installation one can read the commandline help or read the manual: Err parazyd.org 70 i Err parazyd.org 70 i Once installed one can proceed creating a tomb, for instance: Err parazyd.org 70 i Err parazyd.org 70 i- tomb dig -s 10 secrets.tomb (dig a 10MB Tomb, be patient) Err parazyd.org 70 i- tomb forge -k secrets.tomb.key (be patient and follow instructions) Err parazyd.org 70 i- tomb lock -k secrets.tomb.key secrets.tomb Err parazyd.org 70 i+ tomb dig -s 10 secrets.tomb (dig a 10MB Tomb) Err parazyd.org 70 i+ tomb forge -k secrets.tomb.key (create a new key and set its password) Err parazyd.org 70 i+ tomb lock -k secrets.tomb.key secrets.tomb (format the tomb, lock it with key) Err parazyd.org 70 i Err parazyd.org 70 i When this is done, the tomb can be opened with: Err parazyd.org 70 i Err parazyd.org 70 i- tomb open -k secrets.tomb.key secrets.tomb Err parazyd.org 70 i+ tomb open -k secrets.tomb.key secrets.tomb (will ask for password) Err parazyd.org 70 i Err parazyd.org 70 i The key can also be hidden in an image, to be used as key later Err parazyd.org 70 i Err parazyd.org 70 i- tomb bury -k secrets.tomb.key nosferatu.jpg Err parazyd.org 70 i- tomb open -k nosferatu.jpg secrets.tomb Err parazyd.org 70 i+ tomb bury -k secrets.tomb.key nosferatu.jpg (hide the key in a jpeg image) Err parazyd.org 70 i+ tomb open -k nosferatu.jpg secrets.tomb (use the jpeg image to open the tomb) Err parazyd.org 70 i Err parazyd.org 70 i Or backupped to a QRCode that can be printed on paper and hidden in Err parazyd.org 70 i books. QRCodes can be scanned with any mobile application, resulting Err parazyd.org 70 it@@ -72,10 +72,11 @@ executable | function Err parazyd.org 70 i steghide | bury and exhume keys inside images Err parazyd.org 70 i resizefs | extend the size of existing tomb volumes Err parazyd.org 70 i qrencode | engrave keys into printable qrcode sheets Err parazyd.org 70 i- mlocate | have fast search of file names inside tombs Err parazyd.org 70 i- swish++ | have fast search of file contents inside tombs Err parazyd.org 70 i- unoconv | have fast search of contents in PDF and DOC files Err parazyd.org 70 i- haveged | have fast entropy generation for key forging Err parazyd.org 70 i+ mlocate | fast search of file names inside tombs Err parazyd.org 70 i+ swish++ | fast search of file contents inside tombs Err parazyd.org 70 i+ unoconv | fast search of contents in PDF and DOC files Err parazyd.org 70 i+ lesspipe | fast search of contents in compressed archives Err parazyd.org 70 i+ haveged | fast entropy generation for key forging Err parazyd.org 70 i Err parazyd.org 70 i As for requirements, also optional tools may be easy to install using Err parazyd.org 70 i the packages provided by each distribution. Err parazyd.org 70 it@@ -184,4 +185,4 @@ let us know. Tomb is really meant to be maintained as a minimal tool Err parazyd.org 70 i for long-term compatibility when handling something so delicate as our Err parazyd.org 70 i secrets. For anything else we rely on your own initiative. Err parazyd.org 70 i Err parazyd.org 70 i-Happy hacking! :&^) Err parazyd.org 70 i+Happy hacking! ;^) Err parazyd.org 70 1diff --git a/README.md b/README.md /git/tomb/file/README.md.gph parazyd.org 70 it@@ -126,23 +126,21 @@ usage, etc. Err parazyd.org 70 i Err parazyd.org 70 i Death is the only sure thing in life. That said, Tomb is a pretty Err parazyd.org 70 i secure tool especially because it is kept minimal, its source is Err parazyd.org 70 i-always open, and its code is easy to review with a bit of shell script Err parazyd.org 70 i-knowledge. Err parazyd.org 70 i+always open to review (even when installed) and its code is easy to Err parazyd.org 70 i+read with a bit of shell script knowledge. Err parazyd.org 70 i Err parazyd.org 70 i All encryption tools being used in Tomb are included as default in Err parazyd.org 70 i many GNU/Linux operating systems and therefore are regularly peer Err parazyd.org 70 i reviewed: we don't add anything else to them really, just a layer of Err parazyd.org 70 i usability. Err parazyd.org 70 i Err parazyd.org 70 i-The code of Tomb is made to be read in literate programming style. Err parazyd.org 70 i- Err parazyd.org 70 i The file [KNOWN_BUGS.md](KNOWN_BUGS.md) contains some notes on known Err parazyd.org 70 i vulnerabilities and threat model analysis. Err parazyd.org 70 i Err parazyd.org 70 i-In absence of the Tomb script it is always possible to access the Err parazyd.org 70 i-contents of a Tomb using a dm-crypt enabled Linux kernel, cryptsetup Err parazyd.org 70 i-and GnuPG issuing the following commands as root: Err parazyd.org 70 i- Err parazyd.org 70 i+In absence or malfunction of the Tomb script it is always possible to Err parazyd.org 70 i+access the contents of a Tomb only using a dm-crypt enabled Linux Err parazyd.org 70 i+kernel, cryptsetup, GnuPG and any shell interpreter issuing the Err parazyd.org 70 i+following commands as root: Err parazyd.org 70 i ``` Err parazyd.org 70 i lo=$(losetup -f) Err parazyd.org 70 i losetup -f secret.tomb Err parazyd.org 70 it@@ -150,7 +148,12 @@ pass="$(gpg -d secret.key)" Err parazyd.org 70 i echo -n -e "$pass" | cryptsetup --key-file - luksOpen $lo secret Err parazyd.org 70 i mount /dev/mapper/secret /mnt Err parazyd.org 70 i ``` Err parazyd.org 70 i- Err parazyd.org 70 i+One can change the last argument `/mnt` to where the Tomb has to be Err parazyd.org 70 i+mounted and made accessible. To close the tomb then use: Err parazyd.org 70 i+``` Err parazyd.org 70 i+umount /mnt Err parazyd.org 70 i+cryptsetup luksClose /dev/mapper/secret Err parazyd.org 70 i+``` Err parazyd.org 70 i Err parazyd.org 70 i # Stage of development Err parazyd.org 70 i Err parazyd.org 70 1diff --git a/doc/tomb.1 b/doc/tomb.1 /git/tomb/file/doc/tomb.1.gph parazyd.org 70 it@@ -79,18 +79,21 @@ open tomb mountpoint paths. Err parazyd.org 70 i Err parazyd.org 70 i .B Err parazyd.org 70 i .IP "index" Err parazyd.org 70 i-Creates or updates the search indexes of all tombs currently Err parazyd.org 70 i-open: enables use of the \fIsearch\fR command using simple word Err parazyd.org 70 i-patterns on file names. Indexes are created using mlocate updatedb(8) and Err parazyd.org 70 i-stored in a file inside the tomb's root. To avoid indexing Err parazyd.org 70 i-a specific tomb simply touch a \fI.noindex\fR file in its root. Err parazyd.org 70 i+Creates or updates the search indexes of all tombs currently open: Err parazyd.org 70 i+enables use of the \fIsearch\fR command using simple word patterns on Err parazyd.org 70 i+file names. Indexes are created using mlocate's updatedb(8) and Err parazyd.org 70 i+swish-e(1) if they are found on the system. Indexes allow to search Err parazyd.org 70 i+very fast for filenames and contents inside a tomb, they are stored Err parazyd.org 70 i+inside it and are not accessible if the Tomb is closed. To avoid Err parazyd.org 70 i+indexing a specific tomb simply touch a \fI.noindex\fR file in it. Err parazyd.org 70 i Err parazyd.org 70 i .B Err parazyd.org 70 i .IP "search" Err parazyd.org 70 i-Searches through all tombs currently open for filenames matching one Err parazyd.org 70 i-or more text patterns given as arguments. Search returns a list of Err parazyd.org 70 i-files found in all open tombs on which the \fIindex\fR command was run Err parazyd.org 70 i-at least once. Err parazyd.org 70 i+Takes any string as argument and searches for them through all tombs Err parazyd.org 70 i+currently open and previously indexed using the \fIindex\fR command. Err parazyd.org 70 i+The search matches filenames if mlocate is installed and then also Err parazyd.org 70 i+file contents if swish++ is present on the system, results are listed Err parazyd.org 70 i+on the console. Err parazyd.org 70 i Err parazyd.org 70 i .B Err parazyd.org 70 i .IP "close" Err parazyd.org 70 1diff --git a/tomb b/tomb /git/tomb/file/tomb.gph parazyd.org 70 it@@ -44,8 +44,8 @@ Err parazyd.org 70 i Err parazyd.org 70 i # {{{ Global variables Err parazyd.org 70 i Err parazyd.org 70 i-typeset VERSION="2.0.1" Err parazyd.org 70 i-typeset DATE="Dec/2014" Err parazyd.org 70 i+typeset VERSION="2.1" Err parazyd.org 70 i+typeset DATE="Jul/2015" Err parazyd.org 70 i typeset TOMBEXEC=$0 Err parazyd.org 70 i typeset TMPPREFIX=${TMPPREFIX:-/tmp} Err parazyd.org 70 i # TODO: configure which tmp dir to use from a cli flag Err parazyd.org 70 it@@ -2149,9 +2149,9 @@ index_tombs() { Err parazyd.org 70 i # here we use swish to index file contents Err parazyd.org 70 i [[ $SWISH == 1 ]] && { Err parazyd.org 70 i _message "Indexing ::1 tomb name:: contents..." $tombname Err parazyd.org 70 i- [[ -r ${tombmount}/.swishrc ]] || { Err parazyd.org 70 i- _message "Generating a new swish-e configuration file: ::1 swish conf::" ${tombmount}/.swishrc Err parazyd.org 70 i- cat < ${tombmount}/.swishrc Err parazyd.org 70 i+ rm -f ${tombmount}/.swishrc Err parazyd.org 70 i+ _message "Generating a new swish-e configuration file: ::1 swish conf::" ${tombmount}/.swishrc Err parazyd.org 70 i+ cat < ${tombmount}/.swishrc Err parazyd.org 70 i # index directives Err parazyd.org 70 i DefaultContents TXT* Err parazyd.org 70 i IndexDir $tombmount Err parazyd.org 70 it@@ -2190,7 +2190,6 @@ FileRules filename is sys Err parazyd.org 70 i FileRules filename is supervise Err parazyd.org 70 i FileRules filename regex /\.asc$/i Err parazyd.org 70 i FileRules filename regex /\.gpg$/i Err parazyd.org 70 i- Err parazyd.org 70 i # pdf and postscript Err parazyd.org 70 i FileFilter .pdf pdftotext "'%p' -" Err parazyd.org 70 i FileFilter .ps ps2txt "'%p' -" Err parazyd.org 70 it@@ -2218,15 +2217,13 @@ FileFilterMatch unoconv "-d document -f txt --stdout %P" /\.tex$/i Err parazyd.org 70 i IndexContents HTML* .htm .html .shtml Err parazyd.org 70 i IndexContents XML* .xml Err parazyd.org 70 i EOF Err parazyd.org 70 i- } Err parazyd.org 70 i Err parazyd.org 70 i swish-e -c ${tombmount}/.swishrc -S fs -v3 Err parazyd.org 70 i- Err parazyd.org 70 i } Err parazyd.org 70 i- Err parazyd.org 70 i _message "Search index updated." Err parazyd.org 70 i done Err parazyd.org 70 i } Err parazyd.org 70 i+ Err parazyd.org 70 i search_tombs() { Err parazyd.org 70 i { command -v locate 1>/dev/null 2>/dev/null } || { Err parazyd.org 70 i _failure "Cannot index tombs on this system: updatedb (mlocate) not installed." } Err parazyd.org 70 .