tUpdate documentation: swap, --ignore-swap, -k - tomb - the crypto undertaker
(HTM) git clone git://parazyd.org/tomb.git
(DIR) Log
(DIR) Files
(DIR) Refs
(DIR) README
(DIR) LICENSE
---
(DIR) commit f4b8a2275e865444a69002634dd83f6375a2ec8f
(DIR) parent a3f0c7c86b538e729cf849edab36046daffa45e3
(HTM) Author: boyska <piuttosto@logorroici.org>
Date: Wed, 31 Aug 2011 17:07:18 +0200
Update documentation: swap, --ignore-swap, -k
Diffstat:
M doc/tomb.1 | 34 ++++++++++++++++++++++++++++++-
1 file changed, 33 insertions(+), 1 deletion(-)
---
(DIR) diff --git a/doc/tomb.1 b/doc/tomb.1
t@@ -91,7 +91,7 @@ given. This is used to recoved buried keys from unsuspected places.
.B
.B
.IP "-s \fI<MBytes>\fR"
-When creating a tomb, this option must be used to specify the size of
+When creating a tomb, this option MUST be used to specify the size of
the new \fIfile\fR to be created, in megabytes.
.B
.IP "-k \fI<keyfile>\fR"
t@@ -100,6 +100,13 @@ of the key to use. Keys are created with the same name of the tomb
file adding a '.gpg' suffix, but can be later renamed and transported
on other media. When a key is not found, the program asks to insert a
USB storage device and it will look for the key file inside it.
+When creating a tomb, this option can be used to specify the name (and
+location) of the key you are creating. For example, you could use
+.EX
+tomb create -s 100 tombname -k /media/usb/tombname
+.EE
+to put the key on a usb pendrive
+
.B
.IP "-n"
Skip processing of post-hooks and bind-hooks if found inside the tomb.
t@@ -111,6 +118,11 @@ of the default \fIrw,noatime,nodev\fR. This option can be used to
mount a tomb read-only (ro) to prevent any modification of its data,
or to experiment with other settings (if you really know what you are
doing) see the mount(8) man page.
+.B
+.IP "--ignore-swap"
+By default, Tomb will abort any create and open operation if swap is used (see
+SWAP section for details). This flag will disable this behaviour. NOTE: it is
+not secure to do so, unless you know that your swap is encrypted
.B
.IP "-h"
t@@ -124,6 +136,7 @@ Run more quietly
.IP "-D"
Print more information while running, for debugging purposes
+
.SH HOOKS
Hooks are special files that can be placed inside the tomb and trigger
t@@ -161,6 +174,25 @@ pinentry(1) is adopted to collect passwords from the user.
Tomb executes as super user only those commands requiring it, while it
executes desktop applications as processes owned by the user.
+.SH SWAP
+
+During "create" and "open" operation, swap will complain and \fIabort\fR if
+your system has swap activated. This can be annoying, and you can disable this
+behaviour using \fI--ignore-swap\fR. Before doing that, however, you may be
+interested in knowing the risks of doing so:
+.IP \(bu
+During both creation and opening it could write your secret key on the disk
+.IP \(bu
+After having opened the tomb, an application you're using could swap file
+contents. So you'll put file contents in clear on your disk
+.P
+
+If you don't need swap, execute \fI swapoff -a\fR. If you really need it, you
+could encrypt it. Tomb doesn't detect if your swap is encrypted, and will
+complain anyway. In that case, using --ignore-swap is safe. Otherwise, use
+--ignore-swap at your own risk
+
+
.SH BUGS
Please report bugs on the tracker at http://bugs.dyne.org