tdocumentation updates - tomb - the crypto undertaker
(HTM) git clone git://parazyd.org/tomb.git
(DIR) Log
(DIR) Files
(DIR) Refs
(DIR) README
(DIR) LICENSE
---
(DIR) commit 76248f2d661de08414e9fceb311e1859afb6ed53
(DIR) parent e8aaf03b52a1798e7e8a9db6cc625cb718efb072
(HTM) Author: Jaromil <jaromil@dyne.org>
Date: Fri, 29 Aug 2014 23:23:08 +0200
documentation updates
Diffstat:
M AUTHORS.md | 23 ++++++++++++++---------
M ChangeLog.md | 11 +++++++++++
M INSTALL.md | 36 +++++++++++++++++++++++++++----
M README.md | 46 ++++++++++++++++---------------
M tomb | 20 ++++++++------------
5 files changed, 89 insertions(+), 47 deletions(-)
---
(DIR) diff --git a/AUTHORS.md b/AUTHORS.md
t@@ -1,18 +1,23 @@
Tomb is designed and written by Denis Roio aka Jaromil.
-Tomb includes code by Anathema, Boyska and Hellekin O. Wolf.
+Tomb includes code by Anathema, Boyska, Hellekin O. Wolf and GDrooid.
-Tomb's artwork is contributed by Jordi aka Mon Mort
+Tomb's artwork is contributed by Jordi aka Mon Mort.
-Testing, reviews and documentation are contributed by Dreamer,
-Shining, Mancausoft, Asbesto Molesto, Nignux, Vlax, Reiven and
-GDrooid.
+Gettext internationalization and Spanish translation is contributed by
+GDrooid, French translation by Hellekin, Russian translation by fsLeg,
+German translation by x3nu.
-Cryptsetup was developed by Christophe Saout and Clemens Fruhwirth
+Testing, reviews and documentation are contributed by Dreamer, Shining
+the Translucent, Mancausoft, Asbesto Molesto, Nignux, Vlax, The Grugq,
+Reiven, GDrooid and the Linux Action Show!
+
+Cryptsetup was developed by Christophe Saout and Clemens Fruhwirth.
Tomb includes an implementation of the "Password-Based Key Derivation
-Function v2" based on GCrypt and written by by Anthony Thyssen
+Function v2" based on GCrypt and written by Anthony Thyssen.
-Tomb's developers can be contacted via the "crypto" mailinglist on
-http://lists.dyne.org or on IRC https://irc.dyne.org channel #dyne
+Tomb's developers can be contacted via GitHub issues on
+https://www.github.com/dyne/Tomb or over IRC https://irc.dyne.org
+channel **#dyne**.
(DIR) diff --git a/ChangeLog.md b/ChangeLog.md
t@@ -1,5 +1,16 @@
# Tomb ChangeLog
+## 1.6
+### September 2014
+
+The way secrets are handled internally has been refactored to avoid
+writing anything on the filesystem, improving security and speed.
+Steganography functions have fixes and improved usability: it is now
+possible to use an image directly as key i.e. `tomb open -k
+image.jpg`. Four translations have been contributed: Spanish, French,
+Russian and German.
+
+
## 1.5.3
### June 2014
(DIR) diff --git a/INSTALL.md b/INSTALL.md
t@@ -45,10 +45,10 @@ Tomb can use some optional tools to extend its functionalities:
executable | function
---------- | ---------------------------------------------------
- dcfldd | show progress while executing long operations
+ dcfldd | show progress while digging tombs and keys
steghide | bury and exhume keys inside images
resizefs | extend the size of existing tomb volumes
- qrencode | engrave keys into printable qrcode tags
+ qrencode | engrave keys into printable qrcode sheets
mlocate | have fast search of file names inside tombs
swish++ | have fast search of file contents inside tombs
unoconv | have fast search of contents in PDF and DOC files
t@@ -58,12 +58,40 @@ the packages provided by each distribution.
Once any of the above is installed Tomb will find the tool automatically.
-## Install Tomb extras
+## Install Tomb Extras
Tomb comes with a bunch of extra tools that contribute to enhance its
functionality or integrate it into particular system environments.
-### Install translations
+### extras/gtk-tray
+
+The Gtk3 tray adds a nifty tomb skull into the desktop toolbar: one can use it to close, slam and explore the open tomb represented by it.
+
+To have it enter `extras/gtk-tray` then
+
+ 1- make sure libnotify and gtk+-3.0 dev packages are available
+ 2- run `make` inside the directory to build `tomb-gtk-tray`
+ 3- optionally copy tomb-gtk-tray into your PATH (/usr/local/bin)
+ 4- start `tomb-gtk-tray tombname` for each tomb
+
+One can include the launch of tomb-gtk-tray from scripts.
+
+### extras/kdf-keys
+
+The KDF wrapper programs allows one to use KDF rounds on passwords in order to obstruct dictionary based and similar brute-forcing attacks.
+
+In case an attacker comes in possession of both a tomb and its key, the easy to memorize password can be guessed by rapidly trying different combinations. With KDF every try will require a significant amount of computation that will slow down the process avoiding tight loops and in fact making such attacks very onerous and almost impossible.
+
+To have it enter `extras/kdf-keys` then
+
+ 1- make sure libgcrypt dev packages are available
+ 2- run `make` inside the directory to build tomb-kdb-* executables
+ 3- optionally copy tomb-kdb-* into your PATH (/usr/local/bin)
+ 4- always use tomb using the `--kdf` flag: forge, lock, open etc.
+
+In case one creates and uses KDF keys then the --kdf flag must be always present for tomb to work correctly. It might be handy to create an alias tomb=`tomb --kdf`.
+
+### extras/po (translations)
There are translations available for Tomb. If you wish to install them
navigate to extras/po and run 'make install' as root:
(DIR) diff --git a/README.md b/README.md
t@@ -12,12 +12,15 @@
' "*88888888* 'Y" `~ " `"` `%888*%"
^"***"` "`
-*A minimalistic commandline tool to manage encrypted volumes*
+*A minimalistic commandline tool to manage encrypted volumes* aka **The Crypto Undertaker**
-Latest version: **1.5.3**
+Latest stable version: **1.5.3**
Updates on website: http://dyne.org/software/tomb
+Get the stable .tar.gz signed release for production use!
+Download it from https://files.dyne.org/tomb
+
# What is Tomb, the crypto undertaker
Tomb aims to be a free and open source system for easy encryption and
t@@ -29,22 +32,6 @@ standard filesystem tools (GNU) and the cryptographic API of the Linux
kernel (cryptsetup and LUKS). Tomb can also produce machine parsable
output to facilitate its use inside graphical applications.
-# Use stable releases in production
-
-Anyone planning to use Tomb to store and access secrets should not use
-the latest development version in Git, but use instead the .tar.gz
-release on https://files.dyne.org/tomb . The stable version will
-always insure backward compatibility with older tombs: we make sure it
-creates sane tombs and keys by running various tests before releasing
-it. The development version in Git might introduce sudden bugs and is
-not granted to produce backward or forward compatible tombs and keys.
-Only developers and testers should use the Git version to report bugs,
-test new features and develop patches.
-
-So be warned: do not use the latest Git version in production
-environments, but use a stable release versioned and packed as
-tarball on https://files.dyne.org/tomb
-
# How does it works
For the instructions on how to get started using Tomb, see [INSTALL](INSTALL.md).
t@@ -98,9 +85,25 @@ military grade use, where the integrity of informations stored depend
from the user's behaviour and the strenght of a standard AES-256
(XTS plain) encryption algorithm.
+# Use stable releases in production
+
+Anyone planning to use Tomb to store and access secrets should not use
+the latest development version in Git, but use instead the .tar.gz
+release on https://files.dyne.org/tomb . The stable version will
+always insure backward compatibility with older tombs: we make sure it
+creates sane tombs and keys by running various tests before releasing
+it. The development version in Git might introduce sudden bugs and is
+not granted to produce backward or forward compatible tombs and keys.
+Only developers and testers should use the Git version to report bugs,
+test new features and develop patches.
+
+So be warned: do not use the latest Git version in production
+environments, but use a stable release versioned and packed as
+tarball on https://files.dyne.org/tomb
+
# How can you help
-Donations are always welcome, see https://dyne.org/donate
+Donations are always welcome, see https://www.dyne.org/donate
Translations are also needed: they can be contributed via this website
https://poeditor.com/join/project?hash=33bdefea2e46b26f512a0caae55fbbb5
t@@ -112,10 +115,9 @@ to be further implemented.
For the bleeding edge visit https://github.com/dyne/Tomb
-Tomb's developers can be contacted via the "crypto" mailinglist on
-http://lists.dyne.org or via IRC on https://irc.dyne.org channel #dyne
+Tomb's developers can be contacted using the issues on GitHub or over
+IRC on https://irc.dyne.org channel **#dyne**
Some enthusiastic ideas are in the [TODO](doc/TODO.org) file.
Information on developers involved is found in the [AUTHORS](AUTHORS.md) file.
-
(DIR) diff --git a/tomb b/tomb
t@@ -40,8 +40,8 @@
# {{{ Global variables
-VERSION=1.5.3
-DATE="Jun/2014"
+VERSION=1.6
+DATE="Sept/2014"
TOMBEXEC=$0
typeset -a OLDARGS
for arg in ${argv}; do OLDARGS+=($arg); done
t@@ -1483,18 +1483,14 @@ change_tomb_key() {
# backward compatibility
create_tomb() {
_verbose "create_tomb(): ${=@} ${=OLDARGS}"
- if ! [ $1 ]; then
+ [[ "$1" = "" ]] && {
_warning "No tomb name specified for creation."
- return 1
- fi
-
-
- { test -r "$1" } && {
- _warning "Creating this tomb would overwrite an existing file. Operation aborted."
- _failure "`ls -lh $1`" }
-
- { test $? = 0 } || { _failure "Failed to dig tomb, operation aborted." }
+ return 1 }
+ { test -s "$1" } && {
+ _warning "Creating this tomb would overwrite an existing file."
+ ls -lh "$1"
+ _failure " Operation aborted." }
tombfile=`basename $1`
tombdir=`dirname $1`