tdocumentation updates and reorganisation - tomb - the crypto undertaker
(HTM) git clone git://parazyd.org/tomb.git
(DIR) Log
(DIR) Files
(DIR) Refs
(DIR) README
(DIR) LICENSE
---
(DIR) commit fa145074f82af74dc4eee2ed87ebcf35e4cc9e82
(DIR) parent 843b7fdfc4c125065d31cc11cff8a994ed680bd4
(HTM) Author: Jaromil <jaromil@dyne.org>
Date: Mon, 2 Jan 2017 12:02:23 +0100
documentation updates and reorganisation
Added two new sections to the manpage: deniability and password.
Small actualisation of the install instructions.
Diffstat:
M AUTHORS.md | 4 ++--
M ChangeLog.md | 2 +-
M INSTALL.md | 63 +++++++++----------------------
M doc/tomb.1 | 68 ++++++++++++++++++-------------
4 files changed, 59 insertions(+), 78 deletions(-)
---
(DIR) diff --git a/AUTHORS.md b/AUTHORS.md
t@@ -21,8 +21,8 @@ Augello and Swedish translation by PLJ / Kosovoper.
Testing, reviews and documentation contributed by Dreamer, Vlax,
Shining the Translucent, Mancausoft, Asbesto Molesto, Nignux, TheJH,
The Grugq, Reiven, GDrooid, Alphazo, Brian May, fsLeg, JoelMon,
-Narrat, x3nu, Jim Turner, Maxime Arthaud, RobertMX, and...
-the Linux Action Show!
+Narrat, x3nu, Jim Turner, Maxime Arthaud, RobertMX, mhogomchungu
+and... the Linux Action Show!
Tomb includes an implementation of the "Password-Based Key Derivation
Function v2" based on GCrypt and written by Anthony Thyssen.
(DIR) diff --git a/ChangeLog.md b/ChangeLog.md
t@@ -1,7 +1,7 @@
# Tomb ChangeLog
## 2.3
-### December 2016
+### January 2017
Fix to bug occurring when using ZSh version 5.3 or higher. Fix to
inclusion of final newline in keys generated with 2.2. Enhanced
(DIR) diff --git a/INSTALL.md b/INSTALL.md
t@@ -20,12 +20,12 @@ To install Tomb simply download the source distribution (the tar.gz file)
from https://files.dyne.org/tomb and decompress it. From a terminal:
cd Downloads
- tar xvfz Tomb-2.0.1.tar.gz (correct with actual file name)
+ tar xvfz Tomb-2.3.tar.gz (correct with actual file name)
Then enter its directory and run 'make install' as root, this will install
Tomb into /usr/local:
- cd Tomb-2.0.1 (correct with actual directory name)
+ cd Tomb-2.3 (correct with actual directory name)
sudo make install
After installation one can read the commandline help or read the manual:
t@@ -60,36 +60,7 @@ There are some more things that tomb can do for you, make sure you
have a look at the manpage and at the commandline help to find out
more.
-## Basic usage notes
-
-Here we collect notes on common issues users may or may not experience
-and the commonly working solutions found.
-
-### Pinentry issues
-
-If pinentry has problems dealing with the password because of language
-or tty settings on your system, try running `gpg-agent` by launching it
-from the session initialization (~/.xsession or ~/.xinitrc) with this
-command:
-```
-eval $(gpg-agent --daemon --write-env-file "${HOME}/.gpg-agent-info")
-```
-
-### Deleting history
-
-To improve deniability one has to avoid that tomb commands are
-recorded in the shell history. In order to do so the
-`HISTIGNORESPACE=1` environment setting of Zsh comes handy. Anywhere
-in the `.zshrc` put:
-```
-export HISTIGNORESPACE=1
-alias tomb=' tomb'
-```
-
-
-# Advanced usage
-
-## Install optional tools
+# Optional tools
Tomb can use some optional tools to extend its functionalities:
t@@ -110,12 +81,12 @@ the packages provided by each distribution.
Once any of the above is installed Tomb will find the tool automatically.
-## Install Tomb Extras
+# Extras
Tomb comes with a bunch of extra tools that contribute to enhance its
functionality or integrate it into particular system environments.
-### extras/gtk-tray
+## extras/gtk-tray
The Gtk tray adds a nifty tomb skull into the desktop toolbar: one can
use it to close, slam and explore the open tomb represented by it.
t@@ -132,13 +103,13 @@ To have it change directory `extras/gtk-tray` then
Of cource one can include the launch of tomb-gtk-tray scripts.
-### extras/qt-tray
+## extras/qt-tray
The QT tray adds a tomb tray in a QT desktop toolbar. It requires at
least QT libraries of version 5.4 or above.
Build with 'qmake' and then 'make'.
-### extras/kdf-keys
+## extras/kdf-keys
The KDF wrapper programs allows one to use KDF rounds on passwords in
order to obstruct dictionary based and similar brute-forcing attacks.
t@@ -165,7 +136,7 @@ Please note that it doesn't makes much sense to use KDF keys and
steganography, since the latter will invalidate the brute-forcing
protection. For details on the issue see [KNOWN_BUGS.md](KNOWN_BUGS).
-### extras/translations/
+## extras/translations/
There are translations available for Tomb and they are installed by
default. If you wish to update them manually navigate to extras/po
t@@ -174,7 +145,7 @@ and run 'make install' as root:
cd extras/translations
sudo make install
-### extras/gtomb/
+## extras/gtomb/
This is a minimalistic graphical user interface scripted in ZSh
depending from Zenity to display dialog boxes. It covers all basic
t@@ -204,6 +175,14 @@ other people logged on the same system can easily log your passwords
while such commands are executing.
We only recommend using the pinentry to input your passwords.
+At the time of writing another free software graphical application
+supports opening and closing Tombs via a plugin installed by
+default: [zuluCrypt](https://mhogomchungu.github.io/zuluCrypt/). One
+needs to activate the Tomb plugin included in the zuluCrypt source to
+be able to create, open and close tombs. Beware zuluCrypt may miss
+advanced Tomb functionalities that are only available from the
+command-line.
+
## Python
t@@ -212,14 +191,6 @@ A Python wrapper is under development and already usable, but it
introduces some vulnerabilities mentioned above. Find it in
`extras/tomber`. For more information see [PYTHON](extras/PYTHON.md).
-## Graphical applications
-
-So far the only graphical application supporting Tomb volumes is
-[ZuluCrypt](https://github.com/mhogomchungu/zuluCrypt). One needs to
-activate the Tomb plugin included in its source and will be able to
-create, open and close tombs. It might still miss advanced Tomb
-functionalities that are only available from the command-line.
-
## Let us know!
If you plan to develop any kind of wrapper for Tomb you are welcome to
(DIR) diff --git a/doc/tomb.1 b/doc/tomb.1
t@@ -327,6 +327,36 @@ If you don't need swap, execute \fI swapoff -a\fR. If you really need
it, you could make an encrypted swap partition. Tomb doesn't detect if
your swap is encrypted, and will complain anyway.
+.SH DENIABILITY
+
+The possibility to have an encrypted volume which is invisible and
+cannot be detected is called "deniability". The cryptographic layer of
+the device mapper in Linux (dm-crypt) does not implement
+deniability. Tomb is just a wrapper on top of that and it doesn't add
+cryptographic deniability. However a certain way of using tomb can
+facilitate a weak sort of deniability outside of the scenario of
+seized devices and forensic analysis of files and blocks on disc.
+
+For instance to eliminate any trace of tomb usage from the shell
+history ZSh users can activate the "HISTIGNORESPACE" feature and
+prefix all invokations of tomb with a blank space, including two lines
+in ".zshrc":
+
+.EX
+export HISTIGNORESPACE=1
+alias tomb=' tomb'
+.EE
+
+.SH PASSWORD INPUT
+
+Tomb uses the external program "pinentry" to let users type the key password into a terminal or a graphical window. This program works in conjunction with "gpg-agent", a daemon running in background to facilitate secret key management with gpg. It is recommended one runs "gpg-agent" launching it from the X session initialization ("~/.xsession" or "~/.xinitrc" files) with this command:
+
+.EX
+eval $(gpg-agent --daemon --write-env-file "${HOME}/.gpg-agent-info")
+.EE
+
+In the future it may become mandatory to run gpg-agent when using tomb.
+
.SH EXAMPLES
.IP \(bu
t@@ -410,26 +440,8 @@ Please report bugs on the Github issue tracker at
.UR https://github.com/dyne/Tomb/issues
.UE
-One can also try to get in touch with developers via the #dyne chat channel on \fIhttps://irc.dyne.org\fR.
-
-.SH AUTHORS
-
-Tomb is designed, written and maintained by Denis Roio aka Jaromil.
-
-Tomb includes code by Anathema, Boyska, Hellekin O. Wolf and GDrooid.
-
-Tomb's artwork is contributed by Jordi aka Mon Mort and Logan VanCuren.
-
-Gettext internationalization and Spanish translation is contributed by
-GDrooid, French translation by Hellekin, Russian translation by fsLeg,
-German translation by x3nu.
-
-Testing, reviews and documentation are contributed by Dreamer, Shining
-the Translucent, Mancausoft, Asbesto Molesto, Nignux, Vlax, The Grugq,
-Reiven, GDrooid, Alphazo, Brian May, TheJH, fsLeg, JoelMon and the
-Linux Action Show!
-
-Cryptsetup was developed by Christophe Saout and Clemens Fruhwirth.
+One can also try to get in touch with developers via the #dyne chat
+channel on \fIhttps://irc.dyne.org\fR.
.SH COPYING
t@@ -454,15 +466,13 @@ documentation is available for download from its website on
.B
.IP cryptsetup(8)
+.B
+.IP pinentry(1)
+.B
+.IP gpg-agent(1)
-GnuPG website:
-.br
-https://www.gnupg.org
+GnuPG website: https://www.gnupg.org
-DM-Crypt website:
-.br
-https://gitlab.com/cryptsetup/cryptsetup/wikis/DMCrypt
+DM-Crypt website: https://gitlab.com/cryptsetup/cryptsetup/wikis/DMCrypt
-LUKS website:
-.br
-https://gitlab.com/cryptsetup/cryptsetup/wikis/home
+LUKS website: https://gitlab.com/cryptsetup/cryptsetup/wikis/home