Difference between revisions of "Tomb"

From ArchWiki
Jump to: navigation, search
(I edited the old commands with the ones used on their website, since 'create' didn't create anything for me when I used it. http://www.dyne.org/software/tomb/ I also edited the 'tutorial' to create an example tomb, since the old one didn't work.)
(rm unneded snapshot of "tomb -h" + style fixes, see Help:Style and related)
Line 6: Line 6:
 
{{Related|Tcplay}}
 
{{Related|Tcplay}}
 
{{Related articles end}}
 
{{Related articles end}}
From [http://tomb.dyne.org the official website]:
+
 
:''Tomb is 100% free and open source software to make strong encryption easy to use.''
+
From [http://tomb.dyne.org/ the official website]:
:''A tomb is like a locked folder that can be safely transported and hidden in a filesystem.''
+
:Tomb is 100% free and open source software to make strong encryption easy to use.
:''Keys can be kept separate: for instance the tomb on your computer and the key on a USB stick.''
+
:A tomb is like a locked folder that can be safely transported and hidden in a filesystem.
 +
:Keys can be kept separate: for instance the tomb on your computer and the key on a USB stick.
  
 
Tomb aims to be a really simple to use software to manage "encrypted directories", called tombs. A tomb can only be opened if you both have a keyfile and you know the password. It also has advanced features, like steganography.
 
Tomb aims to be a really simple to use software to manage "encrypted directories", called tombs. A tomb can only be opened if you both have a keyfile and you know the password. It also has advanced features, like steganography.
Line 19: Line 20:
 
Install {{AUR|tomb}} or {{AUR|tomb-git}} from the [[Arch User Repository]].
 
Install {{AUR|tomb}} or {{AUR|tomb-git}} from the [[Arch User Repository]].
  
== Using tomb ==
+
== Usage ==
  
Tomb is meant to be used from the console as a single, non-interactive script.
+
Tomb is meant to be used from the console as a single, non-interactive script. it also provides '''tomb-open''', which is a simple interactive script to help you create a tomb, open it, retrieve keys from USB.
it also provides {{ic|tomb-open}}, which is a simple interactive script to help you
 
create a tomb, open it, retrieve keys from USB.
 
  
Tombs are operated from a terminal commandline and require root access to the machine (or just sudo access to the script).
+
Tombs are operated from a terminal commandline and require root access to the machine (or just [[sudo]] access to the script).
  
To create a 100MB tomb called “secret” do:
+
To create a 100MB tomb called "secret" do:
  
  tomb dig -s 100 secret.tomb
+
  # tomb dig -s 100 secret.tomb
  tomb forge secret.tomb.key
+
  # tomb forge secret.tomb.key
  tomb lock secret.tomb -k secret.tomb.key
+
  # tomb lock secret.tomb -k secret.tomb.key
  
To open it, do
+
To open it, do:
  
  tomb open secret.tomb -k secret.tomb.key
+
  # tomb open secret.tomb -k secret.tomb.key
  
and after you are done
+
And after you are done:
  
  tomb close
+
  # tomb close
  
== Tomb Usage ==
+
For more information see {{ic|tomb -h}} and {{ic|man tomb}}.
Syntax: tomb [options] command [arguments]
 
 
Commands:
 
 
// Creation:
 
dig    create a new empty TOMB file of size -s in MB
 
forge  create a new KEY file and set its password
 
lock    installs a lock on a TOMB to use it with KEY
 
 
// Operations on tombs:
 
open    open an existing TOMB
 
index  update the search indexes of tombs
 
search  looks for filenames matching text patterns
 
list    list of open TOMBs and information on them
 
close  close a specific TOMB (or 'all')
 
slam    slam a TOMB killing all programs using it
 
resize  resize a TOMB to a new size -s (can only grow)
 
 
// Operations on keys:
 
passwd  change the password of a KEY
 
setkey  change the KEY locking a TOMB (needs old one)
 
engrave makes a QR code of a KEY to be saved on paper
 
bury    hide a KEY inside a JPEG image
 
exhume  extract a KEY from a JPEG image
 
 
Options:
 
 
-s    size of the tomb file when creating/resizing one (in MB)
 
-k    path to the key to be used ('-k -' to read from stdin)
 
-n    do not process the hooks found in tomb
 
-o    mount options used to open (default: rw,noatime,nodev)
 
-f    force operation (i.e. even if swap is active)
 
--kdf  generate passwords armored against dictionary attacks
 
 
-h     print this help
 
-v    print version, license and list of available ciphers
 
-q    run quietly without printing informations
 
-D    print debugging information at runtime
 
 
For more informations on Tomb read the manual: man tomb
 
  
 
== Advanced features ==
 
== Advanced features ==
Line 90: Line 49:
  
 
== See also ==
 
== See also ==
 +
 
*[http://tomb.dyne.org/manual.html manpage]
 
*[http://tomb.dyne.org/manual.html manpage]
 
*[http://tomb.dyne.org/ home page]
 
*[http://tomb.dyne.org/ home page]
 
*[https://github.com/dyne/Tomb/wiki/Quickstart quickstart]
 
*[https://github.com/dyne/Tomb/wiki/Quickstart quickstart]
 
*[https://github.com/dyne/Tomb/wiki/Advancedfeatures advanced features]
 
*[https://github.com/dyne/Tomb/wiki/Advancedfeatures advanced features]

Revision as of 14:12, 27 June 2014

From the official website:

Tomb is 100% free and open source software to make strong encryption easy to use.
A tomb is like a locked folder that can be safely transported and hidden in a filesystem.
Keys can be kept separate: for instance the tomb on your computer and the key on a USB stick.

Tomb aims to be a really simple to use software to manage "encrypted directories", called tombs. A tomb can only be opened if you both have a keyfile and you know the password. It also has advanced features, like steganography.

You can install tombAUR from the Arch User Repository.

Installation

Install tombAUR or tomb-gitAUR from the Arch User Repository.

Usage

Tomb is meant to be used from the console as a single, non-interactive script. it also provides tomb-open, which is a simple interactive script to help you create a tomb, open it, retrieve keys from USB.

Tombs are operated from a terminal commandline and require root access to the machine (or just sudo access to the script).

To create a 100MB tomb called "secret" do:

# tomb dig -s 100 secret.tomb
# tomb forge secret.tomb.key
# tomb lock secret.tomb -k secret.tomb.key

To open it, do:

# tomb open secret.tomb -k secret.tomb.key

And after you are done:

# tomb close

For more information see tomb -h and man tomb.

Advanced features

  • steganography (to hide the key inside a jpeg/wav file)
  • bind hooks: can mount some of its subdirectories as "bind" to some other. Suppose, for example, you would like to encrypt your .Mail, .firefox and Documents directories. Then you can create a tomb which contains these subdirectories (and others too, if you want) and create a simple configuration file inside the tomb itself; when you run tomb open it will automatically bind that directories into the right places. This way you will easily get an encrypted firefox profile, or maildir.
  • post hooks: commands that are run when the tomb is open, or closed. You can imagine lot of things for this: open files inside the tomb, put your computer in a "paranoid" status (for example, disabling swap), whatever.

See also