Tomb: Difference between revisions
m (→GUI Usage: rm section, since gtomb repo was taken down: https://lists.archlinux.org/pipermail/aur-requests/2022-April/070610.html) |
(category change to match that of dm-crypt, the tomb package is a tool for it) |
||
| (9 intermediate revisions by 3 users not shown) | |||
| Line 1: | Line 1: | ||
[[Category: | [[Category:Data-at-rest encryption]] | ||
[[de:Tomb]] | [[de:Tomb]] | ||
[[ja:Tomb]] | [[ja:Tomb]] | ||
[[zh-hans:Tomb]] | |||
{{Related articles start}} | {{Related articles start}} | ||
{{Related|Data-at-rest encryption}} | {{Related|Data-at-rest encryption}} | ||
| Line 44: | Line 45: | ||
== Advanced features == | == Advanced features == | ||
* steganography | The [https://github.com/dyne/Tomb/wiki/Advancedfeatures advanced features] are: | ||
* bind hooks: can mount | |||
* post hooks: commands that are run when the tomb is | * [[wikipedia:steganography|steganography]] to hide the key inside a jpeg/wav file. | ||
* bind hooks: can automatically apply a {{ic|mount}} to a subdirectory inside a tomb with the {{ic|--bind}} operation to one outside. Suppose, for example, you would like to encrypt your {{ic|Documents}} directory. Then you can create a tomb which contains it (and others too, if you want) and create a simple configuration file inside the tomb itself. When you run {{ic|tomb open}} it will automatically bind the directories into the right places. This way you will easily get an encrypted documents folder, browser profile, or maildir. | |||
* post hooks: commands that are run when the tomb is opened, or closed. You can imagine lot of things for this: open files inside the tomb, put your computer in a "paranoid" status (for example, disabling swap), etc. | |||
== See also == | == See also == | ||
*[https:// | *[https://github.com/dyne/Tomb/blob/master/doc/tomb.1 manpage (available as pdf also)] | ||
*[https://www.dyne.org/software/tomb/ home page] | *[https://www.dyne.org/software/tomb/ home page] | ||
*[https://github.com/dyne/Tomb/wiki/Quickstart quickstart] | *[https://github.com/dyne/Tomb/wiki/Quickstart quickstart] | ||
Latest revision as of 22:25, 18 February 2024
From the official website:
- Tomb is 100% free and open source software to make strong encryption easy to use.
- A tomb is like a locked folder that can be safely transported and hidden in a filesystem.
- Keys can be kept separate: for instance the tomb on your computer and the key on a USB stick.
Tomb aims to be a really simple to use software to manage "encrypted directories", called tombs. A tomb can only be opened if you both have a keyfile and you know the password. It also has advanced features, like steganography.
Installation
Install tombAUR or tomb-gitAUR.
Usage
Tomb is meant to be used from the console as a single, non-interactive script. it also provides tomb-open, which is a simple interactive script to help you create a tomb, open it, retrieve keys from USB.
Tombs are operated from a terminal commandline and require root access to the machine (or just sudo access to the script).
To create a 100MB tomb called "secret" do:
# tomb dig -s 100 secret.tomb # tomb forge secret.tomb.key # tomb lock secret.tomb -k secret.tomb.key
To open it, do:
# tomb open secret.tomb -k secret.tomb.key
And after you are done:
# tomb close
For more information see tomb -h and man tomb.
Advanced features
The advanced features are:
- steganography to hide the key inside a jpeg/wav file.
- bind hooks: can automatically apply a
mountto a subdirectory inside a tomb with the--bindoperation to one outside. Suppose, for example, you would like to encrypt yourDocumentsdirectory. Then you can create a tomb which contains it (and others too, if you want) and create a simple configuration file inside the tomb itself. When you runtomb openit will automatically bind the directories into the right places. This way you will easily get an encrypted documents folder, browser profile, or maildir. - post hooks: commands that are run when the tomb is opened, or closed. You can imagine lot of things for this: open files inside the tomb, put your computer in a "paranoid" status (for example, disabling swap), etc.