Difference between revisions of "Tomb"

From ArchWiki
Jump to: navigation, search
m (Using tomb: Clean up command reference and language)
m (i18n Link to german wiki)
 
(11 intermediate revisions by 8 users not shown)
Line 1: Line 1:
[[Category:Security]]
+
[[Category:Encryption]]
{{Article summary start|Summary}}
+
[[ja:Tomb]]
{{Article summary text|Information on installing and configuring Tomb}}
+
[[de:Tomb]]
{{Article summary heading|Related}}
+
{{Related articles start}}
{{Article summary wiki|TrueCrypt}}
+
{{Related|Disk encryption}}
{{Article summary end}}
+
{{Related|dm-crypt}}
{{DISPLAYTITLE:Tomb}}
+
{{Related|TrueCrypt}}
 +
{{Related|Tcplay}}
 +
{{Related articles end}}
  
From [http://tomb.dyne.org the official website]:
+
From [http://tomb.dyne.org/ the official website]:
:''Tomb is 100% free and open source software to make strong encryption easy to use.''
+
:Tomb is 100% free and open source software to make strong encryption easy to use.
:''A tomb is like a locked folder that can be safely transported and hidden in a filesystem.''
+
:A tomb is like a locked folder that can be safely transported and hidden in a filesystem.
:''Keys can be kept separate: for instance the tomb on your computer and the key on a USB stick.''
+
:Keys can be kept separate: for instance the tomb on your computer and the key on a USB stick.
  
 
Tomb aims to be a really simple to use software to manage "encrypted directories", called tombs. A tomb can only be opened if you both have a keyfile and you know the password. It also has advanced features, like steganography.
 
Tomb aims to be a really simple to use software to manage "encrypted directories", called tombs. A tomb can only be opened if you both have a keyfile and you know the password. It also has advanced features, like steganography.
Line 18: Line 20:
 
== Installation ==
 
== Installation ==
  
tomb is not present in the official repositories, but has his own repository:
+
[[Install]] {{AUR|tomb}} or {{AUR|tomb-git}}.
  
{{bc|<nowiki>[crypto]
+
== Usage ==
SigLevel = Required
+
Server=http://tomb.dyne.org/arch_repo/$arch</nowiki>}}
+
add these two lines to your /etc/pacman.conf, then
+
{{bc|pacman -Syyu
+
pacman -S crypto/tomb}}
+
  
Otherwise, you can install {{AUR|tomb}}, available in the [[Arch User Repository]].
+
Tomb is meant to be used from the console as a single, non-interactive script. it also provides '''tomb-open''', which is a simple interactive script to help you create a tomb, open it, retrieve keys from USB.
  
=== Bleeding edge ===
+
Tombs are operated from a terminal commandline and require root access to the machine (or just [[sudo]] access to the script).
  
If you want to check out the development version, you can install {{ic|tomb-git}} from the "crypto" repo (the same as above),
+
To create a 100MB tomb called "secret" do:
or {{AUR|tomb-git}} from the [[Arch User Repository]].
+
  
== Using tomb ==
+
# tomb dig -s 100 secret.tomb
 +
# tomb forge secret.tomb.key
 +
# tomb lock secret.tomb -k secret.tomb.key
  
Tomb is meant to be used from the console as a single, non-interactive script.
+
To open it, do:
it also provides {{ic|tomb-open}}, which is a simple interactive script to help you
+
create a tomb, open it, retrieve keys from USB.
+
  
Its typical usage is something like
+
# tomb open secret.tomb -k secret.tomb.key
{{bc|tomb create /path/to/mysecret.tomb -s 200
+
tomb open /path/to/mysecret.tomb}}
+
  
This will create a 200MB tombfile, placing the key just next to the tomb (which is bad for security).
+
And after you are done:
  
{{ic|tomb-open}} is much simpler. Calling it without arguments will launch a wizard for tomb creation; it will provide a simple way to put the keyfile on a usb key, to provide effective two-factor authentication.
+
  # tomb close
Calling it with a single argument will try to open the specified tomb:
+
  $ tomb-open /path/to/mysecret.tomb
+
Even in this case, support for retrieving the key from USB is automagical.
+
  
== Tomb Usage ==
+
For more information see {{ic|tomb -h}} and {{ic|man tomb}}.
  
Syntax: tomb [options] command [file] [place]
+
== GUI Usage ==
 +
To make usage of tomb even easier, you can use a GUI wrapper called gtomb. Find it here: {{AUR|gtomb-git}}
  
Commands:
+
It includes almost all features tomb offers, but is still in active development so use it with caution.
create    create a new tomb FILE and its keys
+
open      open an existing tomb FILE on PLACE
+
list      list all open tombs or the one called FILE
+
close      close the open tomb called FILE (or all)
+
slam      close tomb FILE and kill all pids using it
+
passwd    change the password of a tomb key FILE
+
+
Options:
+
-s    size of the tomb file when creating one (in MB)
+
-k    path to the key to use for opening a tomb
+
-n    don't process the hooks found in tomb
+
-o    mount options used to open (default: rw,noatime,nodev)
+
-h    print this help
+
-v    version information for this tool
+
-q    run quietly without printing informations
+
-D    print debugging information at runtime
+
  
 
== Advanced features ==
 
== Advanced features ==
  
 
* steganography (to hide the key inside a jpeg/wav file)
 
* steganography (to hide the key inside a jpeg/wav file)
* bind hooks: can mount some of its subdirectories as "bind" to some other. Suppose, for example, you'd like to encrypt your .Mail, .firefox and Documents directories. Then you can create a tomb which contains these subdirectories (and others too, if you want) and create a simple configuration file inside the tomb itself; when you run {{ic|tomb open}} it will automatically bind that directories into the right places. This way you'll easily get an encrypted firefox profile, or maildir.
+
* bind hooks: can mount some of its subdirectories as "bind" to some other. Suppose, for example, you would like to encrypt your .Mail, .firefox and Documents directories. Then you can create a tomb which contains these subdirectories (and others too, if you want) and create a simple configuration file inside the tomb itself; when you run {{ic|tomb open}} it will automatically bind that directories into the right places. This way you will easily get an encrypted firefox profile, or maildir.
 
* post hooks: commands that are run when the tomb is open, or closed. You can imagine lot of things for this: open files inside the tomb, put your computer in a "paranoid" status (for example, disabling swap), whatever.
 
* post hooks: commands that are run when the tomb is open, or closed. You can imagine lot of things for this: open files inside the tomb, put your computer in a "paranoid" status (for example, disabling swap), whatever.
  
 
== See also ==
 
== See also ==
 +
 
*[http://tomb.dyne.org/manual.html manpage]
 
*[http://tomb.dyne.org/manual.html manpage]
 
*[http://tomb.dyne.org/ home page]
 
*[http://tomb.dyne.org/ home page]
 
*[https://github.com/dyne/Tomb/wiki/Quickstart quickstart]
 
*[https://github.com/dyne/Tomb/wiki/Quickstart quickstart]
 
*[https://github.com/dyne/Tomb/wiki/Advancedfeatures advanced features]
 
*[https://github.com/dyne/Tomb/wiki/Advancedfeatures advanced features]

Latest revision as of 15:53, 10 January 2016

From the official website:

Tomb is 100% free and open source software to make strong encryption easy to use.
A tomb is like a locked folder that can be safely transported and hidden in a filesystem.
Keys can be kept separate: for instance the tomb on your computer and the key on a USB stick.

Tomb aims to be a really simple to use software to manage "encrypted directories", called tombs. A tomb can only be opened if you both have a keyfile and you know the password. It also has advanced features, like steganography.

You can install tombAUR from the Arch User Repository.

Installation

Install tombAUR or tomb-gitAUR.

Usage

Tomb is meant to be used from the console as a single, non-interactive script. it also provides tomb-open, which is a simple interactive script to help you create a tomb, open it, retrieve keys from USB.

Tombs are operated from a terminal commandline and require root access to the machine (or just sudo access to the script).

To create a 100MB tomb called "secret" do:

# tomb dig -s 100 secret.tomb
# tomb forge secret.tomb.key
# tomb lock secret.tomb -k secret.tomb.key

To open it, do:

# tomb open secret.tomb -k secret.tomb.key

And after you are done:

# tomb close

For more information see tomb -h and man tomb.

GUI Usage

To make usage of tomb even easier, you can use a GUI wrapper called gtomb. Find it here: gtomb-gitAUR

It includes almost all features tomb offers, but is still in active development so use it with caution.

Advanced features

  • steganography (to hide the key inside a jpeg/wav file)
  • bind hooks: can mount some of its subdirectories as "bind" to some other. Suppose, for example, you would like to encrypt your .Mail, .firefox and Documents directories. Then you can create a tomb which contains these subdirectories (and others too, if you want) and create a simple configuration file inside the tomb itself; when you run tomb open it will automatically bind that directories into the right places. This way you will easily get an encrypted firefox profile, or maildir.
  • post hooks: commands that are run when the tomb is open, or closed. You can imagine lot of things for this: open files inside the tomb, put your computer in a "paranoid" status (for example, disabling swap), whatever.

See also