tomb

the crypto undertaker
git clone git://parazyd.org/tomb.git
Log | Files | Refs | README | LICENSE
commit fa145074f82af74dc4eee2ed87ebcf35e4cc9e82
parent 843b7fdfc4c125065d31cc11cff8a994ed680bd4
Author: Jaromil <jaromil@dyne.org>
Date:   Mon,  2 Jan 2017 12:02:23 +0100

documentation updates and reorganisation

Added two new sections to the manpage: deniability and password.
Small actualisation of the install instructions.

Diffstat:

MAUTHORS.md | 4++--


MChangeLog.md | 2+-


MINSTALL.md | 63+++++++++++++++++----------------------------------------------


Mdoc/tomb.1 | 68+++++++++++++++++++++++++++++++++++++++-----------------------------


4 files changed, 59 insertions(+), 78 deletions(-)

diff --git a/AUTHORS.md b/AUTHORS.md
@@ -21,8 +21,8 @@ Augello and Swedish translation by PLJ / Kosovoper.
 Testing, reviews and documentation contributed by Dreamer, Vlax,
 Shining the Translucent, Mancausoft, Asbesto Molesto, Nignux, TheJH,
 The Grugq, Reiven, GDrooid, Alphazo, Brian May, fsLeg, JoelMon,
-Narrat, x3nu, Jim Turner, Maxime Arthaud, RobertMX, and...
-the Linux Action Show!
+Narrat, x3nu, Jim Turner, Maxime Arthaud, RobertMX, mhogomchungu
+and...  the Linux Action Show!
 
 Tomb includes an implementation of the "Password-Based Key Derivation
 Function v2" based on GCrypt and written by Anthony Thyssen.
diff --git a/ChangeLog.md b/ChangeLog.md
@@ -1,7 +1,7 @@
 # Tomb ChangeLog
 
 ## 2.3
-### December 2016
+### January 2017
 
 Fix to bug occurring when using ZSh version 5.3 or higher. Fix to
 inclusion of final newline in keys generated with 2.2. Enhanced
diff --git a/INSTALL.md b/INSTALL.md
@@ -20,12 +20,12 @@ To install Tomb simply download the source distribution (the tar.gz file)
 from https://files.dyne.org/tomb and decompress it. From a terminal:
 
     cd Downloads
-    tar xvfz Tomb-2.0.1.tar.gz (correct with actual file name)
+    tar xvfz Tomb-2.3.tar.gz (correct with actual file name)
 
 Then enter its directory and run 'make install' as root, this will install
 Tomb into /usr/local:
 
-    cd Tomb-2.0.1 (correct with actual directory name)
+    cd Tomb-2.3 (correct with actual directory name)
     sudo make install
 
 After installation one can read the commandline help or read the manual:
@@ -60,36 +60,7 @@ There are some more things that tomb can do for you, make sure you
 have a look at the manpage and at the commandline help to find out
 more.
 
-## Basic usage notes
-
-Here we collect notes on common issues users may or may not experience
-and the commonly working solutions found.
-
-### Pinentry issues
-
-If pinentry has problems dealing with the password because of language
-or tty settings on your system, try running `gpg-agent` by launching it
-from the session initialization (~/.xsession or ~/.xinitrc) with this
-command:
-```
-eval $(gpg-agent --daemon --write-env-file "${HOME}/.gpg-agent-info")
-```
-
-### Deleting history
-
-To improve deniability one has to avoid that tomb commands are
-recorded in the shell history. In order to do so the
-`HISTIGNORESPACE=1` environment setting of Zsh comes handy.  Anywhere
-in the `.zshrc` put:
-```
-export HISTIGNORESPACE=1
-alias tomb=' tomb'
-```
-
-
-# Advanced usage
-
-## Install optional tools
+# Optional tools
 
 Tomb can use some optional tools to extend its functionalities:
 
@@ -110,12 +81,12 @@ the packages provided by each distribution.
 
 Once any of the above is installed Tomb will find the tool automatically.
 
-## Install Tomb Extras
+# Extras
 
 Tomb comes with a bunch of extra tools that contribute to enhance its
 functionality or integrate it into particular system environments.
 
-### extras/gtk-tray
+## extras/gtk-tray
 
 The Gtk tray adds a nifty tomb skull into the desktop toolbar: one can
 use it to close, slam and explore the open tomb represented by it.
@@ -132,13 +103,13 @@ To have it change directory `extras/gtk-tray` then
 
 Of cource one can include the launch of tomb-gtk-tray scripts.
 
-### extras/qt-tray
+## extras/qt-tray
 
 The QT tray adds a tomb tray in a QT desktop toolbar. It requires at
 least QT libraries of version 5.4 or above.
 Build with 'qmake' and then 'make'.
 
-### extras/kdf-keys
+## extras/kdf-keys
 
 The KDF wrapper programs allows one to use KDF rounds on passwords in
 order to obstruct dictionary based and similar brute-forcing attacks.
@@ -165,7 +136,7 @@ Please note that it doesn't makes much sense to use KDF keys and
 steganography, since the latter will invalidate the brute-forcing
 protection. For details on the issue see [KNOWN_BUGS.md](KNOWN_BUGS).
 
-### extras/translations/
+## extras/translations/
 
 There are translations available for Tomb and they are installed by
 default. If you wish to update them manually navigate to extras/po
@@ -174,7 +145,7 @@ and run 'make install' as root:
     cd extras/translations
     sudo make install
 
-### extras/gtomb/
+## extras/gtomb/
 
 This is a minimalistic graphical user interface scripted in ZSh
 depending from Zenity to display dialog boxes. It covers all basic
@@ -204,6 +175,14 @@ other people logged on the same system can easily log your passwords
 while such commands are executing.
 We only recommend using the pinentry to input your passwords.
 
+At the time of writing another free software graphical application
+supports opening and closing Tombs via a plugin installed by
+default: [zuluCrypt](https://mhogomchungu.github.io/zuluCrypt/). One
+needs to activate the Tomb plugin included in the zuluCrypt source to
+be able to create, open and close tombs. Beware zuluCrypt may miss
+advanced Tomb functionalities that are only available from the
+command-line.
+
 ## Python
 
 ![](extras/images/python_for_tomb.png)
@@ -212,14 +191,6 @@ A Python wrapper is under development and already usable, but it
 introduces some vulnerabilities mentioned above. Find it in
 `extras/tomber`. For more information see [PYTHON](extras/PYTHON.md).
 
-## Graphical applications
-
-So far the only graphical application supporting Tomb volumes is
-[ZuluCrypt](https://github.com/mhogomchungu/zuluCrypt). One needs to
-activate the Tomb plugin included in its source and will be able to
-create, open and close tombs. It might still miss advanced Tomb
-functionalities that are only available from the command-line.
-
 ## Let us know!
 
 If you plan to develop any kind of wrapper for Tomb you are welcome to
diff --git a/doc/tomb.1 b/doc/tomb.1
@@ -327,6 +327,36 @@ If you don't need swap, execute \fI swapoff -a\fR. If you really need
 it, you could make an encrypted swap partition. Tomb doesn't detect if
 your swap is encrypted, and will complain anyway.
 
+.SH DENIABILITY
+
+The possibility to have an encrypted volume which is invisible and
+cannot be detected is called "deniability". The cryptographic layer of
+the device mapper in Linux (dm-crypt) does not implement
+deniability. Tomb is just a wrapper on top of that and it doesn't add
+cryptographic deniability. However a certain way of using tomb can
+facilitate a weak sort of deniability outside of the scenario of
+seized devices and forensic analysis of files and blocks on disc.
+
+For instance to eliminate any trace of tomb usage from the shell
+history ZSh users can activate the "HISTIGNORESPACE" feature and
+prefix all invokations of tomb with a blank space, including two lines
+in ".zshrc":
+
+.EX
+export HISTIGNORESPACE=1
+alias tomb=' tomb'
+.EE
+
+.SH PASSWORD INPUT
+
+Tomb uses the external program "pinentry" to let users type the key password into a terminal or a graphical window. This program works in conjunction with "gpg-agent", a daemon running in background to facilitate secret key management with gpg. It is recommended one runs "gpg-agent" launching it from the X session initialization ("~/.xsession" or "~/.xinitrc" files) with this command:
+
+.EX
+eval $(gpg-agent --daemon --write-env-file "${HOME}/.gpg-agent-info")
+.EE
+
+In the future it may become mandatory to run gpg-agent when using tomb.
+
 .SH EXAMPLES
 
 .IP \(bu
@@ -410,26 +440,8 @@ Please report bugs on the Github issue tracker at
 .UR https://github.com/dyne/Tomb/issues
 .UE
 
-One can also try to get in touch with developers via the #dyne chat channel on \fIhttps://irc.dyne.org\fR.
-
-.SH AUTHORS
-
-Tomb is designed, written and maintained by Denis Roio aka Jaromil.
-
-Tomb includes code by Anathema, Boyska, Hellekin O. Wolf and GDrooid.
-
-Tomb's artwork is contributed by Jordi aka Mon Mort and Logan VanCuren.
-
-Gettext internationalization and Spanish translation is contributed by
-GDrooid, French translation by Hellekin, Russian translation by fsLeg,
-German translation by x3nu.
-
-Testing, reviews and documentation are contributed by Dreamer, Shining
-the Translucent, Mancausoft, Asbesto Molesto, Nignux, Vlax, The Grugq,
-Reiven, GDrooid, Alphazo, Brian May, TheJH, fsLeg, JoelMon and the
-Linux Action Show!
-
-Cryptsetup was developed by Christophe Saout and Clemens Fruhwirth.
+One can also try to get in touch with developers via the #dyne chat
+channel on \fIhttps://irc.dyne.org\fR.
 
 .SH COPYING
 
@@ -454,15 +466,13 @@ documentation is available for download from its website on
 
 .B
 .IP cryptsetup(8)
+.B
+.IP pinentry(1)
+.B
+.IP gpg-agent(1)
 
-GnuPG website:
-.br
-https://www.gnupg.org
+GnuPG website: https://www.gnupg.org
 
-DM-Crypt website:
-.br
-https://gitlab.com/cryptsetup/cryptsetup/wikis/DMCrypt
+DM-Crypt website: https://gitlab.com/cryptsetup/cryptsetup/wikis/DMCrypt
 
-LUKS website:
-.br
-https://gitlab.com/cryptsetup/cryptsetup/wikis/home
+LUKS website: https://gitlab.com/cryptsetup/cryptsetup/wikis/home