Content-type: text/html Man page of tomb

tomb

Section: User Commands (1)
Updated: February 12, 2011
Index Return to Main Contents

NAME

Tomb - the Crypto Undertaker

SYNOPSIS

tomb [options] command [arguments]

DESCRIPTION

Tomb is an application to manage the creation and access of encrypted storage files: it can be operated from commandline and it can integrate with a user's graphical desktop.

Tomb generates encrypted storage files to be opened and closed using their associated keys, which are also protected with a password chosen by the user. To create, open and close tombs a user will need super user rights to execute the tomb commandline utility.

A tomb is like a locked folder that can be safely transported and hidden in a filesystem; it encourages users to keep their keys separate from tombs, for instance keeping a tomb file on your computer harddisk and its key file on a USB stick.

For simplified use, the command tomb-open starts a wizard that guides users in the creation of a new tomb or, if a tomb file is specified as argument, it opens it and makes it accessible in a default location under the /media folder, starting the status tray applet (tomb-status) if a desktop is present.

COMMANDS

create: Creates a new encrypted storage tomb and its key, named as specified by the given argument.
open: Opens an existing tomb file specified in the first argument. If a second argument is given it will indicate the mountpoint where the tomb should be made accessible, if not then the tomb is mounted in a directory named after the filename and inside /media.
close: Closes a currently open tomb. When an argument is specified, it should point to the tomb mount on /dev/mapper; if not specified and only one tomb is open then it will be closed; if multiple tombs are open, the command will list them on the terminal. The special argument 'all' will close all currently open tombs.
bury: Hides a tomb key (first argument) inside a jpeg image (second argument) using steganography: the image will change in a way that cannot be noticed by human eyes and the presence of the key inside it isn't detectable without the right password. This option is useful to backup tomb keys in unsuspected places; it uses steghide and the serpent encryption algorithm.
exhume: Extracts a named tomb key (first argument) from a (jpeg) image file (second argument) known to be containing it, if the right password is given. This is used to recoved buried keys from unsuspected places.

OPTIONS

-s <MBytes>: When creating a tomb, this option must be used to specify the size of the new file to be created, in megabytes.
-k <keyfile>: When opening a tomb, this option can be used to specify the location of the key to use. Keys are created with the same name of the tomb file adding a '.gpg' suffix, but can be later renamed and transported on other media. When a key is not found, the program asks to insert a USB storage device and it will look for the key file inside it.
-n: Skip processing of post-hooks and bind-hooks if found inside the tomb. See the HOOKS section in this manual for more information.
-h: Display a help text and quit
-v: Display version and quit
-q: Run more quietly
-D: Print more information while running, for debugging purposes

HOOKS

Hooks are special files that can be placed inside the tomb and trigger actions when it is opened and closed; there are two kinds of such files: bind-hooks and post-hooks can be placed in the base root of the tomb.

bind-hooks
This hook file consists of a simple two column list of files or directories inside the tomb to be made directly accessible inside the current user's home directory. Tomb will use the "mount -o bind" command to bind locations inside the tomb to locations found in $HOME so in the first column are indicated paths relative to the tomb and in the second column are indicated paths relative to $HOME contents, for example:

  mail          mail
  .gnupg        .gnupg
  .fmrc         .fetchmailrc
  .mozilla      .mozilla

post-hooks

This hook file gets executed as user by tomb right after opening it; it can consist of a shell script of a binary executable that performs batch operations every time a tomb is opened.

PRIVILEGE ESCALATION

The tomb commandline tool needs to acquire super user rights to execute most of its operations: to do so it uses sudo(8), while pinentry(1) is adopted to collect passwords from the user.

Tomb executes as super user only those commands requiring it, while it executes desktop applications as processes owned by the user.

BUGS

Please report bugs on the tracker at http://bugs.dyne.org

Get in touch with developers via mail using this web page http://dyne.org/contact or via chat on http://irc.dyne.org

AUTHORS

Tomb is designed and written by Denis Roio aka Jaromil.

Tomb's artwork is contributed by Jordi aka Mon Mort

Testing and fixes are contributed by Dreamer and Hellekin O. Wolf

Cryptsetup is developed by Christophe Saout and Clemens Fruhwirth

COPYING

Permission is granted to copy, distribute and/or modify this manual under the terms of the GNU Free Documentation License, Version 1.1 or any later version published by the Free Software Foundation. Permission is granted to make and distribute verbatim copies of this manual page provided the above copyright notice and this permission notice are preserved on all copies.

AVAILABILITY

The most recent version of Tomb sourcecode and up to date documentation is available for download from its website on http://tomb.dyne.org.

This document was created by man2html, using the manual pages.
Time: 18:57:34 GMT, March 09, 2011