parazyd.org

       timproved readme, section on compliancy - tomb - the crypto undertaker
 (HTM) git clone git://parazyd.org/tomb.git
 (DIR) Log
 (DIR) Files
 (DIR) Refs
 (DIR) README
 (DIR) LICENSE
       ---
 (DIR) commit 1f852908ae669cabcce0c3206baea33bb10c1ee3
 (DIR) parent 9110ccd9d16c1cb25e9694cd426e299c0655f1da
 (HTM) Author: Jaromil <jaromil@dyne.org>
       Date:   Wed,  1 Feb 2017 09:19:09 +0100
       
       improved readme, section on compliancy
       
       Diffstat:
         M README.md                           |      17 +++++++++++++++++
       
       1 file changed, 17 insertions(+), 0 deletions(-)
       ---
 (DIR) diff --git a/README.md b/README.md
       t@@ -151,6 +151,7 @@ losetup -f secret.tomb
        pass="$(gpg -d secret.key)"
        echo -n -e "$pass" | cryptsetup --key-file - luksOpen $lo secret
        mount /dev/mapper/secret /mnt
       +unset pass
        ```
        One can change the last argument `/mnt` to where the Tomb has to be
        mounted and made accessible. To close the tomb then use:
       t@@ -175,6 +176,22 @@ military grade use where the integrity of information stored depends
        on the user's behaviour and the strength of a standard AES-256 (XTS
        plain) encryption algorithm.
        
       +## Compliancy
       +
       +Tomb volumes are fully compliant FIPS 197 and with:
       +
       +- [ISO/IEC 18033-1:2015](http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=54530) Information technology -- Security techniques -- Encryption algorithms -- Part 1: General
       +- [ISO/IEC 18033-3:2010](http://www.iso.org/iso/home/store/catalogue_ics/catalogue_detail_ics.htm?csnumber=54531) Information technology -- Security techniques -- Encryption algorithms -- Part 3: Block ciphers
       +
       +Tomb implementation is known to address at least partially issues raised in:
       +
       +- [ISO/IEC 11770-1:2010](http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=53456) Information technology -- Security techniques -- Key management -- Part 1: Framework
       +- [ISO/IEC 11770-2:2008](http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=46370) Information technology -- Security techniques -- Key management -- Part 2: Mechanisms using symmetric techniques
       +- [ISO/IEC 27005:2011](http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=56742) Information technology -- Security techniques -- Information security risk management
       +- [ISO/IEC 24759:2014](http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=59142) Information technology -- Security techniques -- Test requirements for cryptographic modules 
       +
       +As such Tomb qualifies sound for use on information rated as "top secret" when used on an underlying stack of carefully reviewed hardware (random number generator and other components) and software (Linux kernel build, crypto modules, device manager, compiler used to built, shell interpreter and packaged dependencies).
       +
        # Use stable releases in production!
        
        Anyone planning to use Tomb to store and access secrets should not use