tomb

the crypto undertaker
git clone git://parazyd.org/tomb.git
Log | Files | Refs | README | LICENSE
commit 76248f2d661de08414e9fceb311e1859afb6ed53
parent e8aaf03b52a1798e7e8a9db6cc625cb718efb072
Author: Jaromil <jaromil@dyne.org>
Date:   Fri, 29 Aug 2014 23:23:08 +0200

documentation updates

Diffstat:

MAUTHORS.md | 23++++++++++++++---------


MChangeLog.md | 11+++++++++++


MINSTALL.md | 36++++++++++++++++++++++++++++++++----


MREADME.md | 46++++++++++++++++++++++++----------------------


Mtomb | 20++++++++------------


5 files changed, 89 insertions(+), 47 deletions(-)

diff --git a/AUTHORS.md b/AUTHORS.md
@@ -1,18 +1,23 @@
 
 Tomb is designed and written by Denis Roio aka Jaromil.
 
-Tomb includes code by Anathema, Boyska and Hellekin O. Wolf.
+Tomb includes code by Anathema, Boyska, Hellekin O. Wolf and GDrooid.
 
-Tomb's artwork is contributed by Jordi aka Mon Mort
+Tomb's artwork is contributed by Jordi aka Mon Mort.
 
-Testing, reviews and documentation are contributed by Dreamer,
-Shining, Mancausoft, Asbesto Molesto, Nignux, Vlax, Reiven and
-GDrooid.
+Gettext internationalization and Spanish translation is contributed by
+GDrooid, French translation by Hellekin, Russian translation by fsLeg,
+German translation by x3nu.
 
-Cryptsetup was developed by Christophe Saout and Clemens Fruhwirth
+Testing, reviews and documentation are contributed by Dreamer, Shining
+the Translucent, Mancausoft, Asbesto Molesto, Nignux, Vlax, The Grugq,
+Reiven, GDrooid and the Linux Action Show!
+
+Cryptsetup was developed by Christophe Saout and Clemens Fruhwirth.
 
 Tomb includes an implementation of the "Password-Based Key Derivation
-Function v2" based on GCrypt and written by by Anthony Thyssen
+Function v2" based on GCrypt and written by Anthony Thyssen.
 
-Tomb's developers can be contacted via the "crypto" mailinglist on
-http://lists.dyne.org or on IRC https://irc.dyne.org channel #dyne
+Tomb's developers can be contacted via GitHub issues on
+https://www.github.com/dyne/Tomb or over IRC https://irc.dyne.org
+channel **#dyne**.
diff --git a/ChangeLog.md b/ChangeLog.md
@@ -1,5 +1,16 @@
 # Tomb ChangeLog
 
+## 1.6
+### September 2014
+
+The way secrets are handled internally has been refactored to avoid
+writing anything on the filesystem, improving security and speed.
+Steganography functions have fixes and improved usability: it is now
+possible to use an image directly as key i.e. `tomb open -k
+image.jpg`. Four translations have been contributed: Spanish, French,
+Russian and German.
+
+
 ## 1.5.3
 ### June 2014
 
diff --git a/INSTALL.md b/INSTALL.md
@@ -45,10 +45,10 @@ Tomb can use some optional tools to extend its functionalities:
 
 executable | function
 ---------- | ---------------------------------------------------
-  dcfldd   | show progress while executing long operations
+  dcfldd   | show progress while digging tombs and keys
   steghide | bury and exhume keys inside images
   resizefs | extend the size of existing tomb volumes
-  qrencode | engrave keys into printable qrcode tags
+  qrencode | engrave keys into printable qrcode sheets
   mlocate  | have fast search of file names inside tombs
   swish++  | have fast search of file contents inside tombs
   unoconv  | have fast search of contents in PDF and DOC files
@@ -58,12 +58,40 @@ the packages provided by each distribution.
 
 Once any of the above is installed Tomb will find the tool automatically.
 
-## Install Tomb extras
+## Install Tomb Extras
 
 Tomb comes with a bunch of extra tools that contribute to enhance its
 functionality or integrate it into particular system environments.
 
-### Install translations
+### extras/gtk-tray
+
+The Gtk3 tray adds a nifty tomb skull into the desktop toolbar: one can use it to close, slam and explore the open tomb represented by it.
+
+To have it enter `extras/gtk-tray` then
+
+ 1- make sure libnotify and gtk+-3.0 dev packages are available
+ 2- run `make` inside the directory to build `tomb-gtk-tray`
+ 3- optionally copy tomb-gtk-tray into your PATH (/usr/local/bin)
+ 4- start `tomb-gtk-tray tombname` for each tomb
+
+One can include the launch of tomb-gtk-tray from scripts.
+
+### extras/kdf-keys
+
+The KDF wrapper programs allows one to use KDF rounds on passwords in order to obstruct dictionary based and similar brute-forcing attacks.
+
+In case an attacker comes in possession of both a tomb and its key, the easy to memorize password can be guessed by rapidly trying different combinations. With KDF every try will require a significant amount of computation that will slow down the process avoiding tight loops and in fact making such attacks very onerous and almost impossible.
+
+To have it enter `extras/kdf-keys` then
+
+ 1- make sure libgcrypt dev packages are available
+ 2- run `make` inside the directory to build tomb-kdb-* executables
+ 3- optionally copy tomb-kdb-* into your PATH (/usr/local/bin)
+ 4- always use tomb using the `--kdf` flag: forge, lock, open etc.
+
+In case one creates and uses KDF keys then the --kdf flag must be always present for tomb to work correctly. It might be handy to create an alias tomb=`tomb --kdf`.
+
+### extras/po (translations)
 
 There are translations available for Tomb. If you wish to install them
 navigate to extras/po and run 'make install' as root:
diff --git a/README.md b/README.md
@@ -12,12 +12,15 @@
     '    "*88888888*      'Y"         `~    "    `"`    `%888*%"
             ^"***"`                                        "`
 
-*A minimalistic commandline tool to manage encrypted volumes*
+*A minimalistic commandline tool to manage encrypted volumes* aka **The Crypto Undertaker**
 
-Latest version: **1.5.3**
+Latest stable version: **1.5.3**
 
 Updates on website: http://dyne.org/software/tomb
 
+Get the stable .tar.gz signed release for production use!
+Download it from https://files.dyne.org/tomb
+
 # What is Tomb, the crypto undertaker
 
 Tomb aims to be a free and open source system for easy encryption and
@@ -29,22 +32,6 @@ standard filesystem tools (GNU) and the cryptographic API of the Linux
 kernel (cryptsetup and LUKS). Tomb can also produce machine parsable
 output to facilitate its use inside graphical applications.
 
-# Use stable releases in production
-
-Anyone planning to use Tomb to store and access secrets should not use
-the latest development version in Git, but use instead the .tar.gz
-release on https://files.dyne.org/tomb . The stable version will
-always insure backward compatibility with older tombs: we make sure it
-creates sane tombs and keys by running various tests before releasing
-it. The development version in Git might introduce sudden bugs and is
-not granted to produce backward or forward compatible tombs and keys.
-Only developers and testers should use the Git version to report bugs,
-test new features and develop patches.
-
-So be warned: do not use the latest Git version in production
-environments, but use a stable release versioned and packed as
-tarball on https://files.dyne.org/tomb
-
 # How does it works
 
 For the instructions on how to get started using Tomb, see [INSTALL](INSTALL.md).
@@ -98,9 +85,25 @@ military grade use, where the integrity of informations stored depend
 from the user's behaviour and the strenght of a standard AES-256
 (XTS plain) encryption algorithm.
 
+# Use stable releases in production
+
+Anyone planning to use Tomb to store and access secrets should not use
+the latest development version in Git, but use instead the .tar.gz
+release on https://files.dyne.org/tomb . The stable version will
+always insure backward compatibility with older tombs: we make sure it
+creates sane tombs and keys by running various tests before releasing
+it. The development version in Git might introduce sudden bugs and is
+not granted to produce backward or forward compatible tombs and keys.
+Only developers and testers should use the Git version to report bugs,
+test new features and develop patches.
+
+So be warned: do not use the latest Git version in production
+environments, but use a stable release versioned and packed as
+tarball on https://files.dyne.org/tomb
+
 # How can you help
 
-Donations are always welcome, see https://dyne.org/donate
+Donations are always welcome, see https://www.dyne.org/donate
 
 Translations are also needed: they can be contributed via this website
 https://poeditor.com/join/project?hash=33bdefea2e46b26f512a0caae55fbbb5
@@ -112,10 +115,9 @@ to be further implemented.
 
 For the bleeding edge visit https://github.com/dyne/Tomb
 
-Tomb's developers can be contacted via the "crypto" mailinglist on
-http://lists.dyne.org or via IRC on https://irc.dyne.org channel #dyne
+Tomb's developers can be contacted using the issues on GitHub or over
+IRC on https://irc.dyne.org channel **#dyne**
 
 Some enthusiastic ideas are in the [TODO](doc/TODO.org) file.
 
 Information on developers involved is found in the [AUTHORS](AUTHORS.md) file.
-
diff --git a/tomb b/tomb
@@ -40,8 +40,8 @@
 
 # {{{ Global variables
 
-VERSION=1.5.3
-DATE="Jun/2014"
+VERSION=1.6
+DATE="Sept/2014"
 TOMBEXEC=$0
 typeset -a OLDARGS
 for arg in ${argv}; do OLDARGS+=($arg); done
@@ -1483,18 +1483,14 @@ change_tomb_key() {
 # backward compatibility
 create_tomb() {
     _verbose "create_tomb(): ${=@} ${=OLDARGS}"
-    if ! [ $1 ]; then
+    [[ "$1" = "" ]] && {
         _warning "No tomb name specified for creation."
-        return 1
-    fi
-
-
-    { test -r "$1" } && {
-        _warning "Creating this tomb would overwrite an existing file. Operation aborted."
-        _failure "`ls -lh $1`"    }
-
-    { test $? = 0 } || { _failure "Failed to dig tomb, operation aborted." }
+        return 1 }
 
+    { test -s "$1" } && {
+        _warning "Creating this tomb would overwrite an existing file."
+        ls -lh "$1"
+        _failure " Operation aborted." }
 
     tombfile=`basename $1`
     tombdir=`dirname $1`