Difference between revisions of "Tomb"

From ArchWiki
Jump to: navigation, search
Line 7: Line 7:
 
:''Keys can be kept separate: for instance the tomb on your computer and the key on a USB stick.''
 
:''Keys can be kept separate: for instance the tomb on your computer and the key on a USB stick.''
  
Tomb aims to be a simple to use software to manage "encrypted directories", called tombs. A tomb can only be opened if you both have a keyfile and you know the password. It also has advanced features, like steganography.
+
Tomb aims to be a really simple to use software to manage "encrypted directories", called tombs. A tomb can only be opened if you both have a keyfile and you know the password. It also has advanced features, like steganography.
  
  
 
You can install {{AUR|tomb}} from the aur using {{ic|yaourt -S tomb}}
 
You can install {{AUR|tomb}} from the aur using {{ic|yaourt -S tomb}}
 +
 +
== Using tomb ==
 +
 +
Tomb is meant to be used from the console as a single, non-interactive script.
 +
it also provides {{ic|tomb-open}}, which is a simple interactive script to help you
 +
create a tomb, open it, retrieve keys from USB.
 +
 +
Its typical usage is something like
 +
{{bc|tomb create /path/to/mysecret.tomb -s 200
 +
tomb open /path/to/mysecret.tomb}}
 +
 +
This will create a 200MegaBytes tombfile, placing the key just next to the tomb (which is bad for security).
 +
 +
{{ic|tomb-open}} is way easier to use. Calling it without arguments will launch a wizard for tomb creation; it will provide a simple way to put the keyfile on a usb key, to provide effective two-factor.
 +
Calling it with a single argument will try to open a tomb. {{bc|tomb-open /path/to/mysecret.tomb}}. Even in this case,
 +
support for retrieving the key from USB is automagical.
 +
 +
== Advanced features ==
 +
 +
* steganography (to hide the key inside a jpeg/wav file)
 +
* bind hooks: can mount some of its subdirectories as "bind" to some other. Suppose, for example, you'd like to encrypt your .Mail, .firefox and Documents directories. Then you can create a tomb which contains these subdirectories (and others too, if you want) and create a simple configuration file inside the tomb itself; when you run {{ic|tomb open}} it will automatically bind that directories into the right places. This way you'll easily get an encrypted firefox profile, or maildir.
 +
* post hooks: commands that are run when the tomb is open, or closed. You can imagine lot of things for this: open files inside the tomb, put your computer in a "paranoid" status (for example, disabling swap), whatever.
 +
 +
== Resources ==
 +
[[http://tomb.dyne.org/manual.html manpage]]
 +
[[http://tomb.dyne.org/ home page]]
 +
[[https://github.com/dyne/Tomb/wiki/Quickstart quickstart]]
 +
[[https://github.com/dyne/Tomb/wiki/Advancedfeatures advanced features]]

Revision as of 10:09, 22 November 2011

This template has only maintenance purposes. For linking to local translations please use interlanguage links, see Help:i18n#Interlanguage links.


Local languages: Català – Dansk – English – Español – Esperanto – Hrvatski – Indonesia – Italiano – Lietuviškai – Magyar – Nederlands – Norsk Bokmål – Polski – Português – Slovenský – Česky – Ελληνικά – Български – Русский – Српски – Українська – עברית – العربية – ไทย – 日本語 – 正體中文 – 简体中文 – 한국어


External languages (all articles in these languages should be moved to the external wiki): Deutsch – Français – Română – Suomi – Svenska – Tiếng Việt – Türkçe – فارسی

Tango-document-new.pngThis article is a stub.Tango-document-new.png

Notes: please use the first argument of the template to provide more detailed indications. (Discuss in Talk:Tomb#)

From [the official website]:

Tomb is 100% free and open source software to make strong encryption easy to use.
A tomb is like a locked folder that can be safely transported and hidden in a filesystem.
Keys can be kept separate: for instance the tomb on your computer and the key on a USB stick.

Tomb aims to be a really simple to use software to manage "encrypted directories", called tombs. A tomb can only be opened if you both have a keyfile and you know the password. It also has advanced features, like steganography.


You can install tombAUR from the aur using yaourt -S tomb

Using tomb

Tomb is meant to be used from the console as a single, non-interactive script. it also provides tomb-open, which is a simple interactive script to help you create a tomb, open it, retrieve keys from USB.

Its typical usage is something like

tomb create /path/to/mysecret.tomb -s 200
tomb open /path/to/mysecret.tomb

This will create a 200MegaBytes tombfile, placing the key just next to the tomb (which is bad for security).

tomb-open is way easier to use. Calling it without arguments will launch a wizard for tomb creation; it will provide a simple way to put the keyfile on a usb key, to provide effective two-factor.

Calling it with a single argument will try to open a tomb.
tomb-open /path/to/mysecret.tomb
. Even in this case,

support for retrieving the key from USB is automagical.

Advanced features

  • steganography (to hide the key inside a jpeg/wav file)
  • bind hooks: can mount some of its subdirectories as "bind" to some other. Suppose, for example, you'd like to encrypt your .Mail, .firefox and Documents directories. Then you can create a tomb which contains these subdirectories (and others too, if you want) and create a simple configuration file inside the tomb itself; when you run tomb open it will automatically bind that directories into the right places. This way you'll easily get an encrypted firefox profile, or maildir.
  • post hooks: commands that are run when the tomb is open, or closed. You can imagine lot of things for this: open files inside the tomb, put your computer in a "paranoid" status (for example, disabling swap), whatever.

Resources

[manpage] [home page] [quickstart] [advanced features]