From ArchWiki
Revision as of 10:09, 22 November 2011 by Boyska (talk | contribs)
Jump to: navigation, search

This template has only maintenance purposes. For linking to local translations please use interlanguage links, see Help:i18n#Interlanguage links.

Local languages: Català – Dansk – English – Español – Esperanto – Hrvatski – Indonesia – Italiano – Lietuviškai – Magyar – Nederlands – Norsk Bokmål – Polski – Português – Slovenský – Česky – Ελληνικά – Български – Русский – Српски – Українська – עברית – العربية – ไทย – 日本語 – 正體中文 – 简体中文 – 한국어

External languages (all articles in these languages should be moved to the external wiki): Deutsch – Français – Română – Suomi – Svenska – Tiếng Việt – Türkçe – فارسی

Tango-document-new.pngThis article is a stub.Tango-document-new.png

Notes: please use the first argument of the template to provide more detailed indications. (Discuss in Talk:Tomb#)

From [the official website]:

Tomb is 100% free and open source software to make strong encryption easy to use.
A tomb is like a locked folder that can be safely transported and hidden in a filesystem.
Keys can be kept separate: for instance the tomb on your computer and the key on a USB stick.

Tomb aims to be a really simple to use software to manage "encrypted directories", called tombs. A tomb can only be opened if you both have a keyfile and you know the password. It also has advanced features, like steganography.

You can install tombAUR from the aur using yaourt -S tomb

Using tomb

Tomb is meant to be used from the console as a single, non-interactive script. it also provides tomb-open, which is a simple interactive script to help you create a tomb, open it, retrieve keys from USB.

Its typical usage is something like

tomb create /path/to/mysecret.tomb -s 200
tomb open /path/to/mysecret.tomb

This will create a 200MegaBytes tombfile, placing the key just next to the tomb (which is bad for security).

tomb-open is way easier to use. Calling it without arguments will launch a wizard for tomb creation; it will provide a simple way to put the keyfile on a usb key, to provide effective two-factor.

Calling it with a single argument will try to open a tomb.
tomb-open /path/to/mysecret.tomb
. Even in this case,

support for retrieving the key from USB is automagical.

Advanced features

  • steganography (to hide the key inside a jpeg/wav file)
  • bind hooks: can mount some of its subdirectories as "bind" to some other. Suppose, for example, you'd like to encrypt your .Mail, .firefox and Documents directories. Then you can create a tomb which contains these subdirectories (and others too, if you want) and create a simple configuration file inside the tomb itself; when you run tomb open it will automatically bind that directories into the right places. This way you'll easily get an encrypted firefox profile, or maildir.
  • post hooks: commands that are run when the tomb is open, or closed. You can imagine lot of things for this: open files inside the tomb, put your computer in a "paranoid" status (for example, disabling swap), whatever.


[manpage] [home page] [quickstart] [advanced features]