tomb

the crypto undertaker
git clone git://parazyd.org/tomb.git
Log | Files | Refs | README | LICENSE
commit f4b8a2275e865444a69002634dd83f6375a2ec8f
parent a3f0c7c86b538e729cf849edab36046daffa45e3
Author: boyska <piuttosto@logorroici.org>
Date:   Wed, 31 Aug 2011 17:07:18 +0200

Update documentation: swap, --ignore-swap, -k

Diffstat:

Mdoc/tomb.1 | 34+++++++++++++++++++++++++++++++++-


1 file changed, 33 insertions(+), 1 deletion(-)

diff --git a/doc/tomb.1 b/doc/tomb.1
@@ -91,7 +91,7 @@ given. This is used to recoved buried keys from unsuspected places.
 .B
 .B
 .IP "-s \fI<MBytes>\fR" 
-When creating a tomb, this option  must be used to specify the size of
+When creating a tomb, this option  MUST be used to specify the size of
 the new \fIfile\fR to be created, in megabytes.
 .B
 .IP "-k \fI<keyfile>\fR"
@@ -100,6 +100,13 @@ of the  key to use. Keys  are created with  the same name of  the tomb
 file adding a '.gpg' suffix,  but can be later renamed and transported
 on other media. When a key is  not found, the program asks to insert a
 USB storage device and it will look for the key file inside it.
+When creating a tomb, this option can be used to specify the name (and
+location) of the key you are creating. For example, you could use
+.EX
+tomb create -s 100 tombname -k /media/usb/tombname
+.EE
+to put the key on a usb pendrive
+
 .B
 .IP "-n"
 Skip processing of post-hooks and bind-hooks if found inside the tomb.
@@ -111,6 +118,11 @@ of the default \fIrw,noatime,nodev\fR. This option can be used to
 mount a tomb read-only (ro) to prevent any modification of its data,
 or to experiment with other settings (if you really know what you are
 doing) see the mount(8) man page.
+.B
+.IP "--ignore-swap"
+By default, Tomb will abort any create and open operation if swap is used (see
+SWAP section for details). This flag will disable this behaviour. NOTE: it is
+not secure to do so, unless you know that your swap is encrypted
 
 .B
 .IP "-h"
@@ -124,6 +136,7 @@ Run more quietly
 .IP "-D"
 Print more information while running, for debugging purposes
 
+
 .SH HOOKS
 
 Hooks are special files that can be placed inside the tomb and trigger
@@ -161,6 +174,25 @@ pinentry(1) is adopted to collect passwords from the user.
 Tomb executes as super user only those commands requiring it, while it
 executes desktop applications as processes owned by the user.
 
+.SH SWAP
+
+During "create" and "open" operation, swap will complain and \fIabort\fR if
+your system has swap activated. This can be annoying, and you can disable this
+behaviour using \fI--ignore-swap\fR. Before doing that, however, you may be
+interested in knowing the risks of doing so:
+.IP \(bu
+During both creation and opening it could write your secret key on the disk
+.IP \(bu
+After having opened the tomb, an application you're using could swap file
+contents. So you'll put file contents in clear on your disk
+.P
+
+If you don't need swap, execute \fI swapoff -a\fR. If you really need it, you
+could encrypt it. Tomb doesn't detect if your swap is encrypted, and will
+complain anyway. In that case, using --ignore-swap is safe. Otherwise, use
+--ignore-swap at your own risk
+
+
 
 .SH BUGS
 Please report bugs on the tracker at http://bugs.dyne.org