tdocumentation update and small swish-e fix - tomb - the crypto undertaker
HTML git clone git://parazyd.org/tomb.git
DIR Log
DIR Files
DIR Refs
DIR README
DIR LICENSE
---
DIR commit b8447dbf24731c4ca26307efaaf27b4b085a6b0b
DIR parent e8ca2998b92fd929351ff58d1ba670304b9c6c89
HTML Author: Jaromil <jaromil@dyne.org>
Date: Mon, 6 Jul 2015 13:03:32 +0200
documentation update and small swish-e fix
The fix is due to the new naming scheme without .tomb extension recently
introduced for mountpoints. While testing this a problem arised with
swish-e related to compression of indexes, to be addressed.
Diffstat:
M AUTHORS.md | 8 ++++----
M INSTALL.md | 23 ++++++++++++-----------
M README.md | 21 ++++++++++++---------
M doc/tomb.1 | 21 ++++++++++++---------
M tomb | 15 ++++++---------
5 files changed, 46 insertions(+), 42 deletions(-)
---
DIR diff --git a/AUTHORS.md b/AUTHORS.md
t@@ -11,10 +11,10 @@ Gettext internationalization and Spanish translation is contributed by
GDrooid, French translation by Hellekin, Russian translation by fsLeg,
German translation by x3nu.
-Testing, reviews and documentation are contributed by Dreamer, Shining
-the Translucent, Mancausoft, Asbesto Molesto, Nignux, Vlax, The Grugq,
-Reiven, GDrooid, Alphazo, Brian May, TheJH, fsLeg, JoelMon and the
-Linux Action Show!
+Testing, reviews and documentation contributed by Dreamer, Vlax,
+Shining the Translucent, Mancausoft, Asbesto Molesto, Nignux, TheJH,
+The Grugq, Reiven, GDrooid, Alphazo, Brian May, fsLeg, JoelMon, Jim
+Turner, Maxime Arthaud and the Linux Action Show!
Cryptsetup was developed by Christophe Saout and Clemens Fruhwirth.
DIR diff --git a/INSTALL.md b/INSTALL.md
t@@ -37,18 +37,18 @@ After installation one can read the commandline help or read the manual:
Once installed one can proceed creating a tomb, for instance:
- tomb dig -s 10 secrets.tomb (dig a 10MB Tomb, be patient)
- tomb forge -k secrets.tomb.key (be patient and follow instructions)
- tomb lock -k secrets.tomb.key secrets.tomb
+ tomb dig -s 10 secrets.tomb (dig a 10MB Tomb)
+ tomb forge -k secrets.tomb.key (create a new key and set its password)
+ tomb lock -k secrets.tomb.key secrets.tomb (format the tomb, lock it with key)
When this is done, the tomb can be opened with:
- tomb open -k secrets.tomb.key secrets.tomb
+ tomb open -k secrets.tomb.key secrets.tomb (will ask for password)
The key can also be hidden in an image, to be used as key later
- tomb bury -k secrets.tomb.key nosferatu.jpg
- tomb open -k nosferatu.jpg secrets.tomb
+ tomb bury -k secrets.tomb.key nosferatu.jpg (hide the key in a jpeg image)
+ tomb open -k nosferatu.jpg secrets.tomb (use the jpeg image to open the tomb)
Or backupped to a QRCode that can be printed on paper and hidden in
books. QRCodes can be scanned with any mobile application, resulting
t@@ -72,10 +72,11 @@ executable | function
steghide | bury and exhume keys inside images
resizefs | extend the size of existing tomb volumes
qrencode | engrave keys into printable qrcode sheets
- mlocate | have fast search of file names inside tombs
- swish++ | have fast search of file contents inside tombs
- unoconv | have fast search of contents in PDF and DOC files
- haveged | have fast entropy generation for key forging
+ mlocate | fast search of file names inside tombs
+ swish++ | fast search of file contents inside tombs
+ unoconv | fast search of contents in PDF and DOC files
+ lesspipe | fast search of contents in compressed archives
+ haveged | fast entropy generation for key forging
As for requirements, also optional tools may be easy to install using
the packages provided by each distribution.
t@@ -184,4 +185,4 @@ let us know. Tomb is really meant to be maintained as a minimal tool
for long-term compatibility when handling something so delicate as our
secrets. For anything else we rely on your own initiative.
-Happy hacking! :&^)
+Happy hacking! ;^)
DIR diff --git a/README.md b/README.md
t@@ -126,23 +126,21 @@ usage, etc.
Death is the only sure thing in life. That said, Tomb is a pretty
secure tool especially because it is kept minimal, its source is
-always open, and its code is easy to review with a bit of shell script
-knowledge.
+always open to review (even when installed) and its code is easy to
+read with a bit of shell script knowledge.
All encryption tools being used in Tomb are included as default in
many GNU/Linux operating systems and therefore are regularly peer
reviewed: we don't add anything else to them really, just a layer of
usability.
-The code of Tomb is made to be read in literate programming style.
-
The file [KNOWN_BUGS.md](KNOWN_BUGS.md) contains some notes on known
vulnerabilities and threat model analysis.
-In absence of the Tomb script it is always possible to access the
-contents of a Tomb using a dm-crypt enabled Linux kernel, cryptsetup
-and GnuPG issuing the following commands as root:
-
+In absence or malfunction of the Tomb script it is always possible to
+access the contents of a Tomb only using a dm-crypt enabled Linux
+kernel, cryptsetup, GnuPG and any shell interpreter issuing the
+following commands as root:
```
lo=$(losetup -f)
losetup -f secret.tomb
t@@ -150,7 +148,12 @@ pass="$(gpg -d secret.key)"
echo -n -e "$pass" | cryptsetup --key-file - luksOpen $lo secret
mount /dev/mapper/secret /mnt
```
-
+One can change the last argument `/mnt` to where the Tomb has to be
+mounted and made accessible. To close the tomb then use:
+```
+umount /mnt
+cryptsetup luksClose /dev/mapper/secret
+```
# Stage of development
DIR diff --git a/doc/tomb.1 b/doc/tomb.1
t@@ -79,18 +79,21 @@ open tomb mountpoint paths.
.B
.IP "index"
-Creates or updates the search indexes of all tombs currently
-open: enables use of the \fIsearch\fR command using simple word
-patterns on file names. Indexes are created using mlocate updatedb(8) and
-stored in a file inside the tomb's root. To avoid indexing
-a specific tomb simply touch a \fI.noindex\fR file in its root.
+Creates or updates the search indexes of all tombs currently open:
+enables use of the \fIsearch\fR command using simple word patterns on
+file names. Indexes are created using mlocate's updatedb(8) and
+swish-e(1) if they are found on the system. Indexes allow to search
+very fast for filenames and contents inside a tomb, they are stored
+inside it and are not accessible if the Tomb is closed. To avoid
+indexing a specific tomb simply touch a \fI.noindex\fR file in it.
.B
.IP "search"
-Searches through all tombs currently open for filenames matching one
-or more text patterns given as arguments. Search returns a list of
-files found in all open tombs on which the \fIindex\fR command was run
-at least once.
+Takes any string as argument and searches for them through all tombs
+currently open and previously indexed using the \fIindex\fR command.
+The search matches filenames if mlocate is installed and then also
+file contents if swish++ is present on the system, results are listed
+on the console.
.B
.IP "close"
DIR diff --git a/tomb b/tomb
t@@ -44,8 +44,8 @@
# {{{ Global variables
-typeset VERSION="2.0.1"
-typeset DATE="Dec/2014"
+typeset VERSION="2.1"
+typeset DATE="Jul/2015"
typeset TOMBEXEC=$0
typeset TMPPREFIX=${TMPPREFIX:-/tmp}
# TODO: configure which tmp dir to use from a cli flag
t@@ -2149,9 +2149,9 @@ index_tombs() {
# here we use swish to index file contents
[[ $SWISH == 1 ]] && {
_message "Indexing ::1 tomb name:: contents..." $tombname
- [[ -r ${tombmount}/.swishrc ]] || {
- _message "Generating a new swish-e configuration file: ::1 swish conf::" ${tombmount}/.swishrc
- cat <<EOF > ${tombmount}/.swishrc
+ rm -f ${tombmount}/.swishrc
+ _message "Generating a new swish-e configuration file: ::1 swish conf::" ${tombmount}/.swishrc
+ cat <<EOF > ${tombmount}/.swishrc
# index directives
DefaultContents TXT*
IndexDir $tombmount
t@@ -2190,7 +2190,6 @@ FileRules filename is sys
FileRules filename is supervise
FileRules filename regex /\.asc$/i
FileRules filename regex /\.gpg$/i
-
# pdf and postscript
FileFilter .pdf pdftotext "'%p' -"
FileFilter .ps ps2txt "'%p' -"
t@@ -2218,15 +2217,13 @@ FileFilterMatch unoconv "-d document -f txt --stdout %P" /\.tex$/i
IndexContents HTML* .htm .html .shtml
IndexContents XML* .xml
EOF
- }
swish-e -c ${tombmount}/.swishrc -S fs -v3
-
}
-
_message "Search index updated."
done
}
+
search_tombs() {
{ command -v locate 1>/dev/null 2>/dev/null } || {
_failure "Cannot index tombs on this system: updatedb (mlocate) not installed." }