Difference between revisions of "Tomb"

From ArchWiki
Jump to: navigation, search
m (Using tomb: Clean up command reference and language)
m (i18n Link to german wiki)
 
(11 intermediate revisions by 8 users not shown)
Line 1: Line 1:
[[Category:Security]]
+
[[Category:Encryption]]
{{Article summary start|Summary}}
+
[[ja:Tomb]]
{{Article summary text|Information on installing and configuring Tomb}}
+
[[de:Tomb]]
{{Article summary heading|Related}}
+
{{Related articles start}}
{{Article summary wiki|TrueCrypt}}
+
{{Related|Disk encryption}}
{{Article summary end}}
+
{{Related|dm-crypt}}
{{DISPLAYTITLE:Tomb}}
+
{{Related|TrueCrypt}}
 +
{{Related|Tcplay}}
 +
{{Related articles end}}
  
From [http://tomb.dyne.org the official website]:
+
From [http://tomb.dyne.org/ the official website]:
:''Tomb is 100% free and open source software to make strong encryption easy to use.''
+
:Tomb is 100% free and open source software to make strong encryption easy to use.
:''A tomb is like a locked folder that can be safely transported and hidden in a filesystem.''
+
:A tomb is like a locked folder that can be safely transported and hidden in a filesystem.
:''Keys can be kept separate: for instance the tomb on your computer and the key on a USB stick.''
+
:Keys can be kept separate: for instance the tomb on your computer and the key on a USB stick.
  
 
Tomb aims to be a really simple to use software to manage "encrypted directories", called tombs. A tomb can only be opened if you both have a keyfile and you know the password. It also has advanced features, like steganography.
 
Tomb aims to be a really simple to use software to manage "encrypted directories", called tombs. A tomb can only be opened if you both have a keyfile and you know the password. It also has advanced features, like steganography.
Line 18: Line 20:
 
== Installation ==
 
== Installation ==
  
tomb is not present in the official repositories, but has his own repository:
+
[[Install]] {{AUR|tomb}} or {{AUR|tomb-git}}.
  
{{bc|<nowiki>[crypto]
+
== Usage ==
SigLevel = Required
 
Server=http://tomb.dyne.org/arch_repo/$arch</nowiki>}}
 
add these two lines to your /etc/pacman.conf, then
 
{{bc|pacman -Syyu
 
pacman -S crypto/tomb}}
 
  
Otherwise, you can install {{AUR|tomb}}, available in the [[Arch User Repository]].
+
Tomb is meant to be used from the console as a single, non-interactive script. it also provides '''tomb-open''', which is a simple interactive script to help you create a tomb, open it, retrieve keys from USB.
  
=== Bleeding edge ===
+
Tombs are operated from a terminal commandline and require root access to the machine (or just [[sudo]] access to the script).
  
If you want to check out the development version, you can install {{ic|tomb-git}} from the "crypto" repo (the same as above),
+
To create a 100MB tomb called "secret" do:
or {{AUR|tomb-git}} from the [[Arch User Repository]].
 
  
== Using tomb ==
+
# tomb dig -s 100 secret.tomb
 +
# tomb forge secret.tomb.key
 +
# tomb lock secret.tomb -k secret.tomb.key
  
Tomb is meant to be used from the console as a single, non-interactive script.
+
To open it, do:
it also provides {{ic|tomb-open}}, which is a simple interactive script to help you
 
create a tomb, open it, retrieve keys from USB.
 
  
Its typical usage is something like
+
# tomb open secret.tomb -k secret.tomb.key
{{bc|tomb create /path/to/mysecret.tomb -s 200
 
tomb open /path/to/mysecret.tomb}}
 
  
This will create a 200MB tombfile, placing the key just next to the tomb (which is bad for security).
+
And after you are done:
  
{{ic|tomb-open}} is much simpler. Calling it without arguments will launch a wizard for tomb creation; it will provide a simple way to put the keyfile on a usb key, to provide effective two-factor authentication.
+
  # tomb close
Calling it with a single argument will try to open the specified tomb:
 
  $ tomb-open /path/to/mysecret.tomb
 
Even in this case, support for retrieving the key from USB is automagical.
 
  
== Tomb Usage ==
+
For more information see {{ic|tomb -h}} and {{ic|man tomb}}.
  
Syntax: tomb [options] command [file] [place]
+
== GUI Usage ==
 +
To make usage of tomb even easier, you can use a GUI wrapper called gtomb. Find it here: {{AUR|gtomb-git}}
  
Commands:
+
It includes almost all features tomb offers, but is still in active development so use it with caution.
create    create a new tomb FILE and its keys
 
open      open an existing tomb FILE on PLACE
 
list      list all open tombs or the one called FILE
 
close      close the open tomb called FILE (or all)
 
slam      close tomb FILE and kill all pids using it
 
passwd    change the password of a tomb key FILE
 
 
Options:
 
-s    size of the tomb file when creating one (in MB)
 
-k    path to the key to use for opening a tomb
 
-n    don't process the hooks found in tomb
 
-o    mount options used to open (default: rw,noatime,nodev)
 
-h    print this help
 
-v    version information for this tool
 
-q    run quietly without printing informations
 
-D    print debugging information at runtime
 
  
 
== Advanced features ==
 
== Advanced features ==
  
 
* steganography (to hide the key inside a jpeg/wav file)
 
* steganography (to hide the key inside a jpeg/wav file)
* bind hooks: can mount some of its subdirectories as "bind" to some other. Suppose, for example, you'd like to encrypt your .Mail, .firefox and Documents directories. Then you can create a tomb which contains these subdirectories (and others too, if you want) and create a simple configuration file inside the tomb itself; when you run {{ic|tomb open}} it will automatically bind that directories into the right places. This way you'll easily get an encrypted firefox profile, or maildir.
+
* bind hooks: can mount some of its subdirectories as "bind" to some other. Suppose, for example, you would like to encrypt your .Mail, .firefox and Documents directories. Then you can create a tomb which contains these subdirectories (and others too, if you want) and create a simple configuration file inside the tomb itself; when you run {{ic|tomb open}} it will automatically bind that directories into the right places. This way you will easily get an encrypted firefox profile, or maildir.
 
* post hooks: commands that are run when the tomb is open, or closed. You can imagine lot of things for this: open files inside the tomb, put your computer in a "paranoid" status (for example, disabling swap), whatever.
 
* post hooks: commands that are run when the tomb is open, or closed. You can imagine lot of things for this: open files inside the tomb, put your computer in a "paranoid" status (for example, disabling swap), whatever.
  
 
== See also ==
 
== See also ==
 +
 
*[http://tomb.dyne.org/manual.html manpage]
 
*[http://tomb.dyne.org/manual.html manpage]
 
*[http://tomb.dyne.org/ home page]
 
*[http://tomb.dyne.org/ home page]
 
*[https://github.com/dyne/Tomb/wiki/Quickstart quickstart]
 
*[https://github.com/dyne/Tomb/wiki/Quickstart quickstart]
 
*[https://github.com/dyne/Tomb/wiki/Advancedfeatures advanced features]
 
*[https://github.com/dyne/Tomb/wiki/Advancedfeatures advanced features]

Latest revision as of 15:53, 10 January 2016

From the official website:

Tomb is 100% free and open source software to make strong encryption easy to use.
A tomb is like a locked folder that can be safely transported and hidden in a filesystem.
Keys can be kept separate: for instance the tomb on your computer and the key on a USB stick.

Tomb aims to be a really simple to use software to manage "encrypted directories", called tombs. A tomb can only be opened if you both have a keyfile and you know the password. It also has advanced features, like steganography.

You can install tombAUR from the Arch User Repository.

Installation

Install tombAUR or tomb-gitAUR.

Usage

Tomb is meant to be used from the console as a single, non-interactive script. it also provides tomb-open, which is a simple interactive script to help you create a tomb, open it, retrieve keys from USB.

Tombs are operated from a terminal commandline and require root access to the machine (or just sudo access to the script).

To create a 100MB tomb called "secret" do:

# tomb dig -s 100 secret.tomb
# tomb forge secret.tomb.key
# tomb lock secret.tomb -k secret.tomb.key

To open it, do:

# tomb open secret.tomb -k secret.tomb.key

And after you are done:

# tomb close

For more information see tomb -h and man tomb.

GUI Usage

To make usage of tomb even easier, you can use a GUI wrapper called gtomb. Find it here: gtomb-gitAUR

It includes almost all features tomb offers, but is still in active development so use it with caution.

Advanced features

  • steganography (to hide the key inside a jpeg/wav file)
  • bind hooks: can mount some of its subdirectories as "bind" to some other. Suppose, for example, you would like to encrypt your .Mail, .firefox and Documents directories. Then you can create a tomb which contains these subdirectories (and others too, if you want) and create a simple configuration file inside the tomb itself; when you run tomb open it will automatically bind that directories into the right places. This way you will easily get an encrypted firefox profile, or maildir.
  • post hooks: commands that are run when the tomb is open, or closed. You can imagine lot of things for this: open files inside the tomb, put your computer in a "paranoid" status (for example, disabling swap), whatever.

See also