tDocumentation for -k cleartext and --unsafe - tomb - the crypto undertaker
(HTM) git clone git://parazyd.org/tomb.git
(DIR) Log
(DIR) Files
(DIR) Refs
(DIR) README
(DIR) LICENSE
---
(DIR) commit 0d485bf51d6053d6be9566ef39bb1675b279220b
(DIR) parent 4d82b20199c7037c1a1ab705790b19a845faa377
(HTM) Author: Jaromil <jaromil@dyne.org>
Date: Fri, 21 Nov 2014 22:50:45 +0100
Documentation for -k cleartext and --unsafe
Diffstat:
M README.md | 29 +++++++++++++++--------------
M doc/tomb.1 | 6 +++---
2 files changed, 18 insertions(+), 17 deletions(-)
---
(DIR) diff --git a/README.md b/README.md
t@@ -208,25 +208,26 @@ Information on developers involved is found in the [AUTHORS](AUTHORS.md) file.
Sure as Hell it can! Licensing issues aside ([GNU GPLv3+](COPYING)
terms) Tomb provides machine-readable output and interaction via some flags:
- flag | function
--------------------- | ------------------------------------------------
- --no-color | avoids coloring output to allow parsing
- --unsecure-dev-mode | allows giving passwords as argument
- --tomb-pwd | specify the key password as argument
- --tomb-old-pwd | specify the old key password as argument
- --sudo-pwd | specify the sudo password as argument
-
-Yet please consider that these flags may introduce vulnerabilities as
-process table scanning can reveal passwords while such commands are
-executing. For passwords in particular the best is always let Tomb
-gather them via pinentry.
+ flag | function
+--------------- | ------------------------------------------------
+ --no-color | avoids coloring output to allow parsing
+ --unsafe | allows passwords options and cleartext key from stdin
+ --tomb-pwd | specify the key password as argument
+ --tomb-old-pwd | specify the old key password as argument
+ --sudo-pwd | specify the sudo password as argument
+ -k cleartext | reads the unencrypted key from stdin
+
+Yet please consider that these flags may introduce vulnerabilities and
+other people logged on the same system can easily log your passwords
+while such commands are executing. We only recommend using the
+pinentry input for your passwords.
## Python
-A Python wrapper is under developed and already usable, but it
-introduces the vulnerabilities mentioned above. Find it in
+A Python wrapper is under development and already usable, but it
+introduces some vulnerabilities mentioned above. Find it in
`extras/tomber`. For more information see [PYTHON](extras/PYTHON.md).
## Graphical applications
(DIR) diff --git a/doc/tomb.1 b/doc/tomb.1
t@@ -216,7 +216,7 @@ Print more information while running, for debugging purposes
Suppress colors in console output (needed for string parsing by
wrappers).
.B
-.IP "--unsecure-dev-mode"
+.IP "--unsafe"
Enable using dev-mode arguments, i.e. to pass passwords from
commandline options. This is mostly used needed for execution by
wrappers and testing suite.
t@@ -345,11 +345,11 @@ local copy of it:
.EE
.IP \(bu
-Open a Tomb on a remote server using the local key on stdin to SSH,
+Open a Tomb on a remote server passing the unencrypted local key on stdin via SSH,
without saving any remote copy of it:
.EX
- cat .secrets/tomb.key | ssh server tomb open secret.tomb -k -
+ gpg -d .secrets/tomb.key | ssh server tomb open secret.tomb -k cleartext --unsafe
.EE
.IP \(bu