tomb

the crypto undertaker
git clone git://parazyd.org/tomb.git
Log | Files | Refs | README | LICENSE

commit 0d690bf142ada38deb5930d7e791a63482d267f9
parent 710558381fb5ffee177dee5a724682df04a46ad8
Author: Jaromil <jaromil@dyne.org>
Date:   Wed, 26 Nov 2014 20:28:06 +0100

documentation and makefile scripts updates for release

Diffstat:
MAUTHORS.md | 3++-
MChangeLog.md | 9+++++----
MINSTALL.md | 128++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-------------
MREADME.md | 69+++++++++++++++++++++++++--------------------------------------------
Mdoc/tomb.1 | 20+++++++++++++-------
Mextras/gtk-tray/Makefile | 11++++++++---
Aextras/gtk-tray/gtkrc-2.0 | 3+++
Mextras/kdf-keys/Makefile | 8++++----
Mtomb | 20+++++++++++++-------
9 files changed, 180 insertions(+), 91 deletions(-)

diff --git a/AUTHORS.md b/AUTHORS.md @@ -13,7 +13,8 @@ German translation by x3nu. Testing, reviews and documentation are contributed by Dreamer, Shining the Translucent, Mancausoft, Asbesto Molesto, Nignux, Vlax, The Grugq, -Reiven, GDrooid, Alphazo, Brian May, TheJH and the Linux Action Show! +Reiven, GDrooid, Alphazo, Brian May, TheJH, fsLeg, JoelMon and the +Linux Action Show! Cryptsetup was developed by Christophe Saout and Clemens Fruhwirth. diff --git a/ChangeLog.md b/ChangeLog.md @@ -12,10 +12,11 @@ connections: it is possible to pipe cleartext secrets from stdin using `-k cleartext` but that requires the --unsafe flag. The security is also improved by avoiding most uses of temporary -files. All code has been refactored for readability and integration -with zsh features. Signal handlers are now in place, global arrays are -used to keep track of temp files. Namespace has been revisioned and -corrected, described in [HACKING](docs/HACKING.txt). +files. The privilege escalation model has been simplified and sudo is +called only when needed. All code has been refactored for readability +and integration with zsh features. Signal handlers are now in place, +global arrays are used to keep track of temp files. Namespace has been +revisioned and corrected, described in [HACKING](docs/HACKING.txt). ## 1.5.3 ### June 2014 diff --git a/INSTALL.md b/INSTALL.md @@ -8,19 +8,19 @@ Tomb needs a few programs to be installed on a system in order to work: * sudo * gnupg * cryptsetup - * pinentry-curses (or -gtk or -qt as you prefer) + * pinentry-curses (and/or -gtk-2, -x11, -qt) -Most systems provide these tools in their package collection, -for instance on Debian/Ubuntu one can use 'apt-get install' -on Fedora and CentOS one can use 'yum install' +Most systems provide these tools in their package collection, for +instance on Debian/Ubuntu one can use `apt-get install` on Fedora and +CentOS one can use `yum install` and `pacman` on Arch. ## Install Tomb To install Tomb simply download the source distribution (the tar.gz file) -and decompress it. From a terminal: +from https://files.dyne.org/tomb and decompress it. From a terminal: cd Downloads - tar xvfz Tomb-1.5.3.tar.gz (correct with actual file name) + tar xvfz Tomb-2.0.tar.gz (correct with actual file name) Then enter its directory and run 'make install' as root, this will install Tomb into /usr/local: @@ -33,12 +33,35 @@ After installation one can read the commandline help or read the manual: tomb -h (print a short help on the commandline) man tomb (show the full usage manual) -At this point one can proceed creating a tomb, for instance: +# Basic usage - tomb dig -s 1000 secrets.tomb (be patient and wait a bit) - tomb forge -k secrets.tomb.key (be patient and follow instructions) +Once installed one can proceed creating a tomb, for instance: + + tomb dig -s 10 secrets.tomb (dig a 10MB Tomb, be patient) + tomb forge -k secrets.tomb.key (be patient and follow instructions) tomb lock -k secrets.tomb.key secrets.tomb +When this is done, the tomb can be opened with: + + tomb open -k secrets.tomb.key secrets.tomb + +The key can also be hidden in an image, to be used as key later + + tomb bury -k secrets.tomb.key nosferatu.jpg + tomb open -k nosferatu.jpg secrets.tomb + +Or backupped to a QRCode that can be printed on paper and hidden in +books. QRCodes can be scanned with any mobile application, resulting +into a block of text that can be used with `-k` just as a normal key. + + tomb engrave -k secrets.tomb.key (also an image will work) + +There are some more things that tomb can do for you, make sure you +have a look at the manpage and at the commandline help to find out +more. + +# Advanced usage + ## Install optional tools Tomb can use some optional tools to extend its functionalities: @@ -66,36 +89,99 @@ functionality or integrate it into particular system environments. ### extras/gtk-tray -The Gtk3 tray adds a nifty tomb skull into the desktop toolbar: one can use it to close, slam and explore the open tomb represented by it. +The Gtk tray adds a nifty tomb skull into the desktop toolbar: one can +use it to close, slam and explore the open tomb represented by it. -To have it enter `extras/gtk-tray` then +When using pinentry-gtk-2 it also adds a little skull on the password +input, useful to not confuse it with other password inputs. + +To have it change directory `extras/gtk-tray` then 1. make sure libnotify and gtk+-3.0 dev packages are available 2. run `make` inside the directory to build `tomb-gtk-tray` - 3. optionally copy tomb-gtk-tray into your PATH (/usr/local/bin) - 4. start `tomb-gtk-tray tombname` for each tomb + 3. run `sudo make install` (default PREFIX is `/usr/local`) + 4. start `tomb-gtk-tray tombname` after the tomb is open -One can include the launch of tomb-gtk-tray from scripts. +Of cource one can include the launch of tomb-gtk-tray scripts. ### extras/kdf-keys -The KDF wrapper programs allows one to use KDF rounds on passwords in order to obstruct dictionary based and similar brute-forcing attacks. +The KDF wrapper programs allows one to use KDF rounds on passwords in +order to obstruct dictionary based and similar brute-forcing attacks. -In case an attacker comes in possession of both a tomb and its key, the easy to memorize password can be guessed by rapidly trying different combinations. With KDF every try will require a significant amount of computation that will slow down the process avoiding tight loops and in fact making such attacks very onerous and almost impossible. +In case an attacker comes in possession of both a tomb and its key, +the easy to memorize password can be guessed by rapidly trying +different combinations. With KDF every try will require a significant +amount of computation that will slow down the process avoiding tight +loops and in fact making such attacks very onerous and almost +impossible. To have it enter `extras/kdf-keys` then 1. make sure libgcrypt dev packages are available 2. run `make` inside the directory to build tomb-kdb-* executables - 3. optionally copy tomb-kdb-* into your PATH (/usr/local/bin) - 4. always use tomb using the `--kdf` flag: forge, lock, open etc. + 3. run `sudo make install` (default PREFIX is `/usr/local`) + 4. use `--kdf 100` when forging a key (tune the number to your cpu) + +KDF keys are recognized automatically by Tomb, which will always need +the `extras/kdf-keys` program to be installed on a machine in order to +open the Tomb. -In case one creates and uses KDF keys then the --kdf flag must be always present for tomb to work correctly. It might be handy to create an alias tomb=`tomb --kdf`. +Please note that it doesn't makes much sense to use KDF keys and +steganography, since the latter will invalidate the brute-forcing +protection. For details on the issue see [KNOWN_BUGS.md](KNOWN_BUGS). ### extras/po (translations) -There are translations available for Tomb. If you wish to install them -navigate to extras/po and run 'make install' as root: +There are translations available for Tomb and they are installed by +default. If you wish to update them manually navigate to extras/po +and run 'make install' as root: cd extras/po sudo make install + +# Tomb support in other applications + +Can Tomb be used by other applications? + +Sure as Hell it can! Licensing issues aside ([GNU GPLv3+](COPYING) +terms) Tomb provides machine-readable output and interaction via some +flags: + + flag | function +--------------- | ------------------------------------------------ + --no-color | avoids coloring output to allow parsing + --unsafe | allows passwords options and cleartext key from stdin + --tomb-pwd | specify the key password as argument + --tomb-old-pwd | specify the old key password as argument + -k cleartext | reads the unencrypted key from stdin + +Yet please consider that these flags may introduce vulnerabilities and +other people logged on the same system can easily log your passwords +while such commands are executing. +We only recommend using the pinentry to input your passwords. + +## Python + +![](extras/images/python_for_tomb.png) + +A Python wrapper is under development and already usable, but it +introduces some vulnerabilities mentioned above. Find it in +`extras/tomber`. For more information see [PYTHON](extras/PYTHON.md). + +## Graphical applications + +So far the only graphical application supporting Tomb volumes is +[ZuluCrypt](https://github.com/mhogomchungu/zuluCrypt). One needs to +activate the Tomb plugin included in its source and will be able to +create, open and close tombs. It might still miss advanced Tomb +functionalities that are only available from the command-line. + +## Let us know! + +If you plan to develop any kind of wrapper for Tomb you are welcome to +let us know. Tomb is really meant to be maintained as a minimal tool +for long-term compatibility when handling something so delicate as our +secrets. For anything else we rely on your own initiative. + +Happy hacking! :&^) diff --git a/README.md b/README.md @@ -15,11 +15,10 @@ ![](https://github.com/dyne/Tomb/blob/master/extras/images/monmort.png) -Latest stable version: **2.0** - Updates on website: https://www.dyne.org/software/tomb Get the stable .tar.gz signed release for production use! + Download it from https://files.dyne.org/tomb # What is Tomb, the crypto undertaker? @@ -137,6 +136,9 @@ usability. The code of Tomb is made to be read in literate programming style. +The file [KNOWN_BUGS.md](KNOWN_BUGS) contains some notes on known +vulnerabilities and threat model analysis. + In absence of the Tomb script it is always possible to access the contents of a Tomb using a dm-crypt enabled Linux kernel, cryptsetup and GnuPG issuing the following commands as root: @@ -183,7 +185,7 @@ tarball on https://files.dyne.org/tomb # How can you help -Donations are always welcome, see https://www.dyne.org/donate +Donations are very welcome, please go to https://www.dyne.org/donate Translations are also needed: they can be contributed via this website https://poeditor.com/join/project?hash=33bdefea2e46b26f512a0caae55fbbb5 @@ -195,53 +197,32 @@ to be further implemented. For the bleeding edge visit https://github.com/dyne/Tomb +If you plan to commit code into Tomb, please keep in mind this is a +minimalist tool and its code should be readable. Guidelines on the +coding style are illustrated in [doc/HACKING.txt](HACKING.txt). + Tomb's developers can be contacted using the issues on GitHub or over IRC on https://irc.dyne.org channel **#dyne** -Some enthusiastic ideas are in the [TODO](doc/TODO.org) file. - -Information on developers involved is found in the [AUTHORS](AUTHORS.md) file. - -# Can Tomb be used by applications? - -Sure as Hell it can! Licensing issues aside ([GNU GPLv3+](COPYING) -terms) Tomb provides machine-readable output and interaction via some flags: - - flag | function ---------------- | ------------------------------------------------ - --no-color | avoids coloring output to allow parsing - --unsafe | allows passwords options and cleartext key from stdin - --tomb-pwd | specify the key password as argument - --tomb-old-pwd | specify the old key password as argument - --sudo-pwd | specify the sudo password as argument - -k cleartext | reads the unencrypted key from stdin - -Yet please consider that these flags may introduce vulnerabilities and -other people logged on the same system can easily log your passwords -while such commands are executing. -We only recommend using the pinentry to input your passwords. - -## Python - -![](extras/images/python_for_tomb.png) +# Licensing -A Python wrapper is under development and already usable, but it -introduces some vulnerabilities mentioned above. Find it in -`extras/tomber`. For more information see [PYTHON](extras/PYTHON.md). +Tomb is Copyright (C) 2007-2014 by the Dyne.org Foundation -## Graphical applications +Tomb is designed, written and maintained by Denis Roio <jaromil@dyne.org> -So far the only graphical application supporting Tomb volumes is -[ZuluCrypt](https://github.com/mhogomchungu/zuluCrypt). One needs to -activate the Tomb plugin included in its source and will be able to -create, open and close tombs. It might still miss advanced Tomb -functionalities that are only available from the command-line. +More information on all the developers involved is found in the +[AUTHORS](AUTHORS.md) file. -## Let us know! +This source code is free software; you can redistribute it and/or +modify it under the terms of the GNU Public License as published by +the Free Software Foundation; either version 3 of the License, or +(at your option) any later version. -If you plan to develop any kind of wrapper for Tomb you are welcome to -let us know. Tomb is really meant to be maintained as a minimal tool -for long-term compatibility when handling something so delicate as our -secrets. For anything else we rely on your own initiative. +This source code is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Please refer +to the GNU Public License for more details. -Happy hacking! :&^) +You should have received a copy of the GNU Public License along with +this source code; if not, write to: Free Software Foundation, Inc., +675 Mass Ave, Cambridge, MA 02139, USA. diff --git a/doc/tomb.1 b/doc/tomb.1 @@ -1,4 +1,4 @@ -.TH tomb 1 "November 14, 2014" "tomb" +.TH tomb 1 "November 26, 2014" "tomb" .SH NAME Tomb \- the Crypto Undertaker @@ -410,18 +410,24 @@ One can also try to get in touch with developers via the #dyne chat channel on \ Tomb is designed, written and maintained by Denis Roio aka Jaromil. -Tomb includes code by Anathema, Boyska and Hellekin O. Wolf. +Tomb includes code by Anathema, Boyska, Hellekin O. Wolf and GDrooid. -Tomb's artwork is contributed by Jordi aka Mon Mort +Tomb's artwork is contributed by Jordi aka Mon Mort and Logan VanCuren. -Testing and reviews are contributed by Dreamer, Shining, Mancausoft, -Asbesto Molesto and Nignux. +Gettext internationalization and Spanish translation is contributed by +GDrooid, French translation by Hellekin, Russian translation by fsLeg, +German translation by x3nu. -Cryptsetup was developed by Christophe Saout and Clemens Fruhwirth +Testing, reviews and documentation are contributed by Dreamer, Shining +the Translucent, Mancausoft, Asbesto Molesto, Nignux, Vlax, The Grugq, +Reiven, GDrooid, Alphazo, Brian May, TheJH, fsLeg, JoelMon and the +Linux Action Show! + +Cryptsetup was developed by Christophe Saout and Clemens Fruhwirth. .SH COPYING -This manual is Copyright (c) 2011-2013 by Denis Roio <\fIjaromil@dyne.org\fR> +This manual is Copyright (c) 2011-2014 by Denis Roio <\fIjaromil@dyne.org\fR> This manual includes contributions by Boyska. diff --git a/extras/gtk-tray/Makefile b/extras/gtk-tray/Makefile @@ -1,7 +1,12 @@ +PREFIX ?= /usr/local all: - gcc -I. `pkg-config --cflags libnotify gtk+-3.0` $(CFLAGS) -c tomb-gtk-tray.c - gcc tomb-gtk-tray.o `pkg-config --libs libnotify gtk+-3.0` -o tomb-gtk-tray + $(CC) -I. `pkg-config --cflags libnotify gtk+-3.0` $(CFLAGS) -c tomb-gtk-tray.c + $(CC) tomb-gtk-tray.o `pkg-config --libs libnotify gtk+-3.0` -o tomb-gtk-tray + +install: + install -Dm666 gtkrc-2.0 ${DESTDIR}${PREFIX}/share/themes/tomb/gtk-2.0-key/gtkrc + install -Dm666 monmort.xpm ${DESTDIR}${PREFIX}/share/themes/tomb/gtk-2.0-key/monmort.xpm clean: - rm *.o tomb-gtk-tray + rm -f *.o tomb-gtk-tray diff --git a/extras/gtk-tray/gtkrc-2.0 b/extras/gtk-tray/gtkrc-2.0 @@ -0,0 +1,3 @@ +pixmap_path "%prefix%/pixmaps" +style "normal" { stock["gtk-dialog-authentication"] = {{"monmort.xpm"}} } +widget "*" style "normal" diff --git a/extras/kdf-keys/Makefile b/extras/kdf-keys/Makefile @@ -2,10 +2,10 @@ PREFIX ?= /usr/local all: - gcc -O2 -o tomb-kdb-pbkdf2 pbkdf2.c -lgcrypt - gcc -O2 -o tomb-kdb-pbkdf2-getiter benchmark.c -lgcrypt - gcc -O2 -o tomb-kdb-pbkdf2-gensalt gen_salt.c -lgcrypt - gcc -O2 -o tomb-kdb-hexencode hexencode.c + $(CC) -O2 -o tomb-kdb-pbkdf2 pbkdf2.c -lgcrypt + $(CC) -O2 -o tomb-kdb-pbkdf2-getiter benchmark.c -lgcrypt + $(CC) -O2 -o tomb-kdb-pbkdf2-gensalt gen_salt.c -lgcrypt + $(CC) -O2 -o tomb-kdb-hexencode hexencode.c clean: rm -f tomb-kdb-pbkdf2 tomb-kdb-pbkdf2-getiter tomb-kdb-pbkdf2-gensalt tomb-kdb-hexencode diff --git a/tomb b/tomb @@ -4,9 +4,6 @@ # # A commandline tool to easily operate encryption of secret data # -# Homepage on: [tomb.dyne.org](http://tomb.dyne.org) -# -# In Emacs, you can use C-c @ C-q to (un)fold code using folding.el # {{{ License @@ -16,10 +13,18 @@ # # With contributions by Anathema, Boyska, Hellekin O. Wolf and GDrooid # -# Testing and reviews are contributed by Dreamer, Shining, Mancausoft, -# Asbesto Molesto and Nignux. +# Gettext internationalization and Spanish translation is contributed by +# GDrooid, French translation by Hellekin, Russian translation by fsLeg, +# German translation by x3nu. +# +# Testing, reviews and documentation are contributed by Dreamer, Shining +# the Translucent, Mancausoft, Asbesto Molesto, Nignux, Vlax, The Grugq, +# Reiven, GDrooid, Alphazo, Brian May, TheJH, fsLeg, JoelMon and the +# Linux Action Show! # -# Tomb's artwork is contributed by Jordi aka Mon Mort. +# Tomb's artwork is contributed by Jordi aka Mon Mort and Logan VanCuren. +# +# Cryptsetup was developed by Christophe Saout and Clemens Fruhwirth. # This source code is free software; you can redistribute it and/or # modify it under the terms of the GNU Public License as published by @@ -166,7 +171,8 @@ _cat() { local -a _arr; _is_found() { # returns 0 if binary if found in path [[ "$1" = "" ]] && return 1 - return command -v "$1" 1>/dev/null 2>/dev/null + command -v "$1" 1>/dev/null 2>/dev/null + return $? } # Identify the running user