Content-type: text/html
Tomb is an application to manage the creation and access of encrypted storage files: it can be operated from commandline and it can integrate with a user's graphical desktop.
Tomb generates encrypted storage files to be opened and closed using their associated keys, which are also protected with a password chosen by the user. To create, open and close tombs a user will need super user rights to execute the tomb commandline utility.
A tomb is like a locked folder that can be safely transported and hidden in a filesystem; it encourages users to keep their keys separate from tombs, for instance keeping a tomb file on your computer harddisk and its key file on a USB stick.
For simplified use, the command tomb-open starts a wizard that guides users in the creation of a new tomb or, if a tomb file is specified as argument, it opens it and makes it accessible in a default location under the /media folder, starting the status tray applet (tomb-status) if a desktop is present.
Creates a new encrypted storage tomb and its key, named as specified
by the given argument.
List all the tombs found open, including information about the time they were opened and the hooks that they mounted. If the first argument is present, then shows only the tomb named that way or returns an error if its not found.
Hooks are special files that can be placed inside the tomb and trigger actions when it is opened and closed; there are two kinds of such files: bind-hooks and post-hooks can be placed in the base root of the tomb.
This hook file consists of a simple two column list of files or
directories inside the tomb to be made directly accessible inside the
current user's home directory. Tomb will use the "mount -o bind"
command to bind locations inside the tomb to locations found in $HOME
so in the first column are indicated paths relative to the tomb and in
the second column are indicated paths relative to $HOME contents, for
example:
mail mail
.gnupg .gnupg
.fmrc .fetchmailrc
.mozilla .mozilla
The tomb commandline tool needs to acquire super user rights to execute most of its operations: to do so it uses sudo(8), while pinentry(1) is adopted to collect passwords from the user.
Tomb executes as super user only those commands requiring it, while it executes desktop applications as processes owned by the user.
During "create" and "open" operation, swap will complain and abort if your system has swap activated. This can be annoying, and you can disable this behaviour using --ignore-swap. Before doing that, however, you may be interested in knowing the risks of doing so:
If you don't need swap, execute swapoff -a. If you really need it, you could encrypt it. Tomb doesn't detect if your swap is encrypted, and will complain anyway. In that case, using --ignore-swap is safe. Otherwise, use --ignore-swap at your own risk
Get in touch with developers via mail using this web page or via chat on
Tomb is designed and written by Denis Roio aka Jaromil.
Tomb includes code by Hellekin O. Wolf, Anathema and Boyska.
Tomb's artwork is contributed by Jordi aka Mon Mort
Testing and reviews are contributed by Dreamer, Shining, Mancausoft, Asbesto Molesto.
Cryptsetup is developed by Christophe Saout and Clemens Fruhwirth
This manual is Copyleft (c) 2011 Denis Roio <jaromil@dyne.org>
It includes contributions by Boyska
Permission is granted to copy, distribute and/or modify this manual under the terms of the GNU Free Documentation License, Version 1.1 or any later version published by the Free Software Foundation. Permission is granted to make and distribute verbatim copies of this manual page provided the above copyright notice and this permission notice are preserved on all copies.
The most recent version of Tomb sourcecode and up to date documentation is available for download from its website on http://tomb.dyne.org.
GnuPG website on http://www.gnupg.org
DM-Crypt website on http://www.saout.de/misc/dm-crypt
LUKS website, http://code.google.com/p/cryptsetup