commit a568cdf546354cfa191b39565998d57ddc2b3655
parent ced2e5fcb8e279fa83f2e19476803468404fa241
Author: Jaromil <jaromil@dyne.org>
Date: Sun, 16 Nov 2014 15:18:11 +0100
imported python tomber into extras
more documentation updates
Diffstat:
11 files changed, 233 insertions(+), 20 deletions(-)
diff --git a/AUTHORS.md b/AUTHORS.md
@@ -3,7 +3,9 @@ Tomb is designed and written by Denis Roio aka Jaromil.
Tomb includes code by Anathema, Boyska, Hellekin O. Wolf and GDrooid.
-Tomb's artwork is contributed by Jordi aka Mon Mort.
+Tomber, the Python Tomb wrapper, is written by Reiven.
+
+Tomb's artwork is contributed by Jordi aka Mon Mort and Logan VanCuren.
Gettext internationalization and Spanish translation is contributed by
GDrooid, French translation by Hellekin, Russian translation by fsLeg,
diff --git a/INSTALL.md b/INSTALL.md
@@ -1,4 +1,3 @@
-
# TOMB INSTALLATION INSTRUCTIONS
## Install required tools
@@ -6,6 +5,7 @@
Tomb needs a few programs to be installed on a system in order to work:
* zsh
+ * sudo
* gnupg
* cryptsetup
* pinentry-curses (or -gtk or -qt as you prefer)
@@ -52,6 +52,7 @@ executable | function
mlocate | have fast search of file names inside tombs
swish++ | have fast search of file contents inside tombs
unoconv | have fast search of contents in PDF and DOC files
+ haveged | have fast entropy generation for key forging
As for requirements, also optional tools may be easy to install using
the packages provided by each distribution.
@@ -98,4 +99,3 @@ navigate to extras/po and run 'make install' as root:
cd extras/po
sudo make install
-
diff --git a/README.md b/README.md
@@ -1,4 +1,3 @@
-
..... ..
.H8888888h. ~-. . uW8"
888888888888x `> u. .. . : `t888
@@ -14,6 +13,8 @@
*A minimalistic commandline tool to manage encrypted volumes* aka **The Crypto Undertaker**
+
+
Latest stable version: **2.0**
Updates on website: https://www.dyne.org/software/tomb
@@ -34,8 +35,74 @@ output to facilitate its use inside graphical applications.
# How does it work?
+To create a Tomb, do:
+```
+ $ tomb dig -s 100 secret.tomb
+ $ tomb forge secret.tomb.key
+ $ tomb lock secret.tomb -k secret.tomb.key
+```
+To open it, do
+```
+ $ tomb open secret.tomb -k secret.tomb.key
+```
+and after you are done
+```
+ $ tomb close
+```
+or if you are in a hurry
+```
+ $ tomb slam all
+```
+
For the instructions on how to get started using Tomb, see [INSTALL](INSTALL.md).
+```
+ Syntax: tomb [options] command [arguments]
+
+ Commands:
+
+ // Creation:
+ dig create a new empty TOMB file of size -s in MB
+ forge create a new KEY file and set its password
+ lock installs a lock on a TOMB to use it with KEY
+
+ // Operations on tombs:
+ open open an existing TOMB
+ index update the search indexes of tombs
+ search looks for filenames matching text patterns
+ list list of open TOMBs and information on them
+ close close a specific TOMB (or 'all')
+ slam slam a TOMB killing all programs using it
+ resize resize a TOMB to a new size -s (can only grow)
+
+ // Operations on keys:
+ passwd change the password of a KEY (needs old pass)
+ setkey change the KEY locking a TOMB (needs old key and pass)
+
+ // Backup on paper:
+ engrave makes a QR code of a KEY to be saved on paper
+
+ // Steganography:
+ bury hide a KEY inside a JPEG image (for use with -k)
+ exhume extract a KEY from a JPEG image (prints to stout)
+
+ Options:
+
+ -s size of the tomb file when creating/resizing one (in MB)
+ -k path to the key to be used ('-k -' to read from stdin)
+ -n don't process the hooks found in tomb
+ -o mount options used to open (default: rw,noatime,nodev)
+ -f force operation (i.e. even if swap is active)
+ --kdf generate passwords armored against dictionary attacks
+
+ -h print this help
+ -v print version, license and list of available ciphers
+ -q run quietly without printing informations
+ -D print debugging information at runtime
+```
+
+# What is it for, exactly?
+
This tool can be used to dig .tomb files (LUKS volumes), forge keys
protected by a password (GnuPG symmetric encryption) and use the keys
to lock the tombs. Tombs are like single files whose contents are
@@ -81,11 +148,11 @@ encrypt the Home directory of users, a system implemented already in
As of today, Tomb is a very stable tool also used in mission critical
situations by a number of activists in dangerous zones. It has been
reviewed by forensics analysts and it can be considered to be safe for
-military grade use where the integrity of information stored depends on
-the user's behaviour and the strength of a standard AES-256
-(XTS plain) encryption algorithm.
+military grade use where the integrity of information stored depends
+on the user's behaviour and the strength of a standard AES-256 (XTS
+plain) encryption algorithm.
-# Use stable releases in production
+# Use stable releases in production!
Anyone planning to use Tomb to store and access secrets should not use
the latest development version in Git, but use instead the .tar.gz
@@ -121,3 +188,46 @@ IRC on https://irc.dyne.org channel **#dyne**
Some enthusiastic ideas are in the [TODO](doc/TODO.org) file.
Information on developers involved is found in the [AUTHORS](AUTHORS.md) file.
+
+# Can Tomb be used inside other applications?
+
+Sure as Hell it can! Licensing issues aside ([GNU GPLv3+](COPYING)
+terms) Tomb provides machine-readable output and interaction via some flags:
+
+ flag | function
+-------------------- | ------------------------------------------------
+ --no-color | avoids coloring output to allow parsing
+ --unsecure-dev-mode | allows giving passwords as argument
+ --tomb-pwd | specify the key password as argument
+ --tomb-old-pwd | specify the old key password as argument
+ --sudo-pwd | specify the sudo password as argument
+
+Yet please consider that these flags may introduce vulnerabilities as
+process table scanning can reveal passwords while such commands are
+executing. For passwords in particular the best is always let Tomb
+gather them via pinentry.
+
+## Python
+
+
+
+A Python wrapper is under developed and already usable, but it
+introduces the vulnerabilities mentioned above. Find it in
+`extras/tomber`. For more information see [PYTHON](extras/PYTHON.md).
+
+## Graphical applications
+
+So far the only graphical application supporting Tomb volumes is
+[ZuluCrypt](https://github.com/mhogomchungu/zuluCrypt). One needs to
+activate the Tomb plugin included in its source and will be able to
+create, open and close tombs. It might still miss advanced Tomb
+functionalities that are only available from the command-line.
+
+## Let us know!
+
+If you plan to develop any kind of wrapper for Tomb you are welcome to
+let us know. Tomb is really meant to be maintained as a minimal tool
+for long-term compatibility when handling something so delicate as our
+secrets. For anything else we rely on your own initiative.
+
+Happy hacking! :&^)
diff --git a/extras/PYTHON.md b/extras/PYTHON.md
@@ -0,0 +1,73 @@
+Tomber: a Python wrapper for Tomb
+=================================
+
+Found in [extras/tomber](/extras/tomber)
+
+Description
+-----------
+
+Tomber is a python wrapper for [Tomb](https://github.com/dyne/Tomb).
+It relies on Python's subprocess module for Tomb command execution.
+
+Please note that for future compatibility with Tomb, using subprocess
+execution of the tomb script is the recommended way to wrap its
+functionalities in other languages.
+
+Tomber is still under development. Any contributions are greatly
+welcomed here or on its original repository
+https://github.com/reiven/Tomb
+
+
+Installation
+----------
+
+First of all Tomb must be installed. Refer to [INSTALL](/INSTALL.md)
+
+Then Tomber can be installed from
+[PyPi](https://pypi.python.org/pypi) using
+[pip](https://pypi.python.org/pypi/pip).
+
+Enter the following command in a terminal:
+
+ pip install tomber
+
+Alternatively you can install it from this source repository
+
+
+Example usage
+-------------
+```python
+from tomber import *
+
+# dig a tomb of 20mb
+tdig('test.tomb',20)
+
+# forge a key
+tforge('test.key', 'this is the passphrase for the key')
+
+# lock the tomb
+tlock('test.tomb', 'test.key', 'this is the passphrase for the key')
+
+# open the tomb
+topen('test.tomb', 'test.key', 'this is the passphrase for the key', '/tmp/tomb')
+
+# close the tomb
+tclose('test')
+```
+
+Running tests
+-------------
+
+Keep in mind that the included *test.py* file execute the
+`Tomb.slam()` command which will likely close any tombs, encrypted
+volumes, you may have open.
+
+
+License
+-------
+
+Tomber is Copyright (c) 2014 by Federico Cardoso <reiven@gmail.com>
+
+This package is distributed under BSD License.
+
+See [LICENSE](https://github.com/reiven/pynientos/blob/master/LICENSE)
diff --git a/extras/desktop/README b/extras/desktop/README
@@ -0,0 +1,8 @@
+This is unfinished and very boring to do.
+
+Freedesktop standards are gnarly.
+
+Hoping someone in need finishes this sometime.
+
+For contact: https://irc.dyne.org #dyne (IRC SSL port 9999)
+
diff --git a/extras/INSTALL.python b/extras/dismissed/INSTALL.python
diff --git a/extras/gtk-tray/README.md b/extras/gtk-tray/README.md
@@ -0,0 +1,24 @@
+# Gtk2 tray icon for Tomb
+## by Jaromil
+
+If you like to see our nifty little skull on the upper right corner of
+your desktop, then compile and install this little auxiliary program.
+
+Use by launching `tomb-gtk-tray` followed by the name of your tomb as
+reported by `tomb list`. For instance if your tomb is `secrets.tomb`:
+
+```
+ $ tomb-gtk-tray secrets
+```
+
+The tray offers a drop-down menu with three options:
+ + `explore` will launch your desktop configured filemanager
+ + `close` will try to close the tomb (fails if in use)
+ + `slam` will slam the tomb killing all applications using it
+
+Please note you need to launch this program for each tomb you want it
+to administer, then you will have a skull visible for each tomb open.
+
+By mouse-over the skull tells the name of the tomb it is open for.
+
+Enjoy!
diff --git a/extras/images/python_for_tomb.png b/extras/images/python_for_tomb.png
Binary files differ.
diff --git a/extras/kdf-keys/Makefile b/extras/kdf-keys/Makefile
@@ -5,14 +5,14 @@ all:
gcc -O2 -o tomb-kdb-pbkdf2 pbkdf2.c -lgcrypt
gcc -O2 -o tomb-kdb-pbkdf2-getiter benchmark.c -lgcrypt
gcc -O2 -o tomb-kdb-pbkdf2-gensalt gen_salt.c -lgcrypt
- gcc -O2 -o hexencode hexencode.c
+ gcc -O2 -o tomb-kdb-hexencode hexencode.c
clean:
- rm -f tomb-kdb-pbkdf2 tomb-kdb-pbkdf2-getiter tomb-kdb-pbkdf2-gensalt hexencode
+ rm -f tomb-kdb-pbkdf2 tomb-kdb-pbkdf2-getiter tomb-kdb-pbkdf2-gensalt tomb-kdb-hexencode
install:
install -Dm755 tomb-kdb-pbkdf2 ${DESTDIR}${PREFIX}/bin/tomb-kdb-pbkdf2
install -Dm755 tomb-kdb-pbkdf2-getiter ${DESTDIR}${PREFIX}/bin/tomb-kdb-pbkdf2-getiter
install -Dm755 tomb-kdb-pbkdf2-gensalt ${DESTDIR}${PREFIX}/bin/tomb-kdb-pbkdf2-gensalt
- install -Dm755 hexencode ${DESTDIR}${PREFIX}/bin/hexencode
- @echo "Tomb-kdb auxiliary binaries installed in ${PREFIX}"
+ install -Dm755 hexencode ${DESTDIR}${PREFIX}/bin/tomb-kdb-hexencode
+ @echo "Tomb-kdb auxiliary binaries installed in ${DESTDIR}${PREFIX}/bin"
diff --git a/extras/kdf-keys/README b/extras/kdf-keys/README
@@ -13,12 +13,10 @@ PLANS
While this can be useful for general purpose, it specially fits tomb, and it's designed for easy integration and compilation.
Binary name will then be:
-tomb-kdf-${algo}
-tomb-kdf-${algo}-gensalt
-tomb-kdf-${algo}-getiter
-
-hexencode (or similar utils, should they be developed), go with:
-tomb-utils-hexencode
+tomb-kdb-${algo}
+tomb-kdb-${algo}-gensalt
+tomb-kdb-${algo}-getiter
+tomb-kdb-hexencode
Base64 vs hexencode
-------------------
diff --git a/tomb b/tomb
@@ -2279,8 +2279,6 @@ umount_tomb() {
_warning "or issue the command 'tomb close all' to close them all."
_failure "Operation aborted." }
- _message "Tomb close ::1::" $1
-
for t in ${mounted_tombs}; do
mapper=`basename ${t[(ws:;:)1]}`
tombname=${t[(ws:;:)5]}
