Difference between revisions of "Tomb"

From ArchWiki
Jump to: navigation, search
(Installation: the repo is no longer maintained, also rm'd from Unofficial user repositories https://wiki.archlinux.org/index.php?title=Unofficial_user_repositories&diff=321436&oldid=321017)
(I edited the old commands with the ones used on their website, since 'create' didn't create anything for me when I used it. http://www.dyne.org/software/tomb/ I also edited the 'tutorial' to create an example tomb, since the old one didn't work.)
Line 25: Line 25:
 
create a tomb, open it, retrieve keys from USB.
 
create a tomb, open it, retrieve keys from USB.
  
Its typical usage is something like
+
Tombs are operated from a terminal commandline and require root access to the machine (or just sudo access to the script).
{{bc|tomb create /path/to/mysecret.tomb -s 200
 
tomb open /path/to/mysecret.tomb}}
 
  
This will create a 200MB tombfile, placing the key just next to the tomb (which is bad for security).
+
To create a 100MB tomb called “secret” do:
  
{{ic|tomb-open}} is much simpler. Calling it without arguments will launch a wizard for tomb creation; it will provide a simple way to put the keyfile on a usb key, to provide effective two-factor authentication.
+
tomb dig -s 100 secret.tomb
Calling it with a single argument will try to open the specified tomb:
+
tomb forge secret.tomb.key
  $ tomb-open /path/to/mysecret.tomb
+
  tomb lock secret.tomb -k secret.tomb.key
Even in this case, support for retrieving the key from USB is automagical.
 
  
== Tomb Usage ==
+
To open it, do
 +
 
 +
tomb open secret.tomb -k secret.tomb.key
 +
 
 +
and after you are done
  
  Syntax: tomb [options] command [file] [place]
+
  tomb close
  
Commands:
+
== Tomb Usage ==
create    create a new tomb FILE and its keys
+
Syntax: tomb [options] command [arguments]
open      open an existing tomb FILE on PLACE
 
list      list all open tombs or the one called FILE
 
close      close the open tomb called FILE (or all)
 
slam      close tomb FILE and kill all pids using it
 
passwd    change the password of a tomb key FILE
 
 
   
 
   
  Options:
+
Commands:
  -s    size of the tomb file when creating one (in MB)
+
  -k    path to the key to use for opening a tomb
+
// Creation:
  -n    don't process the hooks found in tomb
+
dig    create a new empty TOMB file of size -s in MB
 +
forge  create a new KEY file and set its password
 +
  lock    installs a lock on a TOMB to use it with KEY
 +
 +
// Operations on tombs:
 +
open    open an existing TOMB
 +
index  update the search indexes of tombs
 +
search  looks for filenames matching text patterns
 +
list    list of open TOMBs and information on them
 +
close  close a specific TOMB (or 'all')
 +
slam    slam a TOMB killing all programs using it
 +
resize  resize a TOMB to a new size -s (can only grow)
 +
 +
// Operations on keys:
 +
passwd  change the password of a KEY
 +
setkey  change the KEY locking a TOMB (needs old one)
 +
engrave makes a QR code of a KEY to be saved on paper
 +
bury    hide a KEY inside a JPEG image
 +
exhume  extract a KEY from a JPEG image
 +
 +
Options:
 +
 +
  -s    size of the tomb file when creating/resizing one (in MB)
 +
  -k    path to the key to be used ('-k -' to read from stdin)
 +
  -n    do not process the hooks found in tomb
 
  -o    mount options used to open (default: rw,noatime,nodev)
 
  -o    mount options used to open (default: rw,noatime,nodev)
 +
-f    force operation (i.e. even if swap is active)
 +
--kdf  generate passwords armored against dictionary attacks
 +
 
  -h    print this help
 
  -h    print this help
  -v    version information for this tool
+
  -v    print version, license and list of available ciphers
 
  -q    run quietly without printing informations
 
  -q    run quietly without printing informations
 
  -D    print debugging information at runtime
 
  -D    print debugging information at runtime
 +
 +
For more informations on Tomb read the manual: man tomb
  
 
== Advanced features ==
 
== Advanced features ==

Revision as of 07:59, 26 June 2014

From the official website:

Tomb is 100% free and open source software to make strong encryption easy to use.
A tomb is like a locked folder that can be safely transported and hidden in a filesystem.
Keys can be kept separate: for instance the tomb on your computer and the key on a USB stick.

Tomb aims to be a really simple to use software to manage "encrypted directories", called tombs. A tomb can only be opened if you both have a keyfile and you know the password. It also has advanced features, like steganography.

You can install tombAUR from the Arch User Repository.

Installation

Install tombAUR or tomb-gitAUR from the Arch User Repository.

Using tomb

Tomb is meant to be used from the console as a single, non-interactive script. it also provides tomb-open, which is a simple interactive script to help you create a tomb, open it, retrieve keys from USB.

Tombs are operated from a terminal commandline and require root access to the machine (or just sudo access to the script).

To create a 100MB tomb called “secret” do:

tomb dig -s 100 secret.tomb
tomb forge secret.tomb.key
tomb lock secret.tomb -k secret.tomb.key

To open it, do

tomb open secret.tomb -k secret.tomb.key

and after you are done

tomb close

Tomb Usage

Syntax: tomb [options] command [arguments]

Commands:

// Creation:
dig     create a new empty TOMB file of size -s in MB
forge   create a new KEY file and set its password
lock    installs a lock on a TOMB to use it with KEY

// Operations on tombs:
open    open an existing TOMB
index   update the search indexes of tombs
search  looks for filenames matching text patterns
list    list of open TOMBs and information on them
close   close a specific TOMB (or 'all')
slam    slam a TOMB killing all programs using it
resize  resize a TOMB to a new size -s (can only grow)

// Operations on keys:
passwd  change the password of a KEY
setkey  change the KEY locking a TOMB (needs old one)
engrave makes a QR code of a KEY to be saved on paper
bury    hide a KEY inside a JPEG image
exhume  extract a KEY from a JPEG image

Options:

-s     size of the tomb file when creating/resizing one (in MB)
-k     path to the key to be used ('-k -' to read from stdin)
-n     do not process the hooks found in tomb
-o     mount options used to open (default: rw,noatime,nodev)
-f     force operation (i.e. even if swap is active)
--kdf  generate passwords armored against dictionary attacks

-h     print this help
-v     print version, license and list of available ciphers
-q     run quietly without printing informations
-D     print debugging information at runtime

For more informations on Tomb read the manual: man tomb

Advanced features

  • steganography (to hide the key inside a jpeg/wav file)
  • bind hooks: can mount some of its subdirectories as "bind" to some other. Suppose, for example, you would like to encrypt your .Mail, .firefox and Documents directories. Then you can create a tomb which contains these subdirectories (and others too, if you want) and create a simple configuration file inside the tomb itself; when you run tomb open it will automatically bind that directories into the right places. This way you will easily get an encrypted firefox profile, or maildir.
  • post hooks: commands that are run when the tomb is open, or closed. You can imagine lot of things for this: open files inside the tomb, put your computer in a "paranoid" status (for example, disabling swap), whatever.

See also