Speedy encrption
Hiding data may be difficult for mere mortals in this connected world, but it’s a no-brainer for master Bash ninjas like Shashank Sharma.
There was a time when, for most people, the greatest fear of the modern world was catching a cold on public transport. But times have changed, and now our common dread is losing irreplaceable data – either accidentally, or through it being stolen.
As more people opt for digital banking transactions done from the comfort and convenience of a cellphone, the manufacturers have had to resort to measures such as fingerprint sensors to help you guard your secrets on the mobile device. But what about all the other data on your laptops and desktops? One easy solution to gain peace of mind is to use encryption to forever lock away all your precious secrets, whether it’s files, bank statements, or family photos.
Using Tomb, you can easily store all important data in encrypted, password-protected directories. Such directories are referred to as tombs in the tool’s parlance, and you can create as many tombs as you like, and even expand the size of an existing tomb if you need more space to safeguard your data.
INSTALLING TOMB
The command-line utility has a fairly straightforward installation, but you must fetch all of its dependencies first. Apart from zsh , the tool also requires gnupg , cryptsetup and pinentry-curses . The last of these, pinentry-curses is a utility that’s used for securely providing passwords and pins.
With the exception of pinentrycurses and cryptsetup , you probably already have the other dependencies installed on your Linux desktop. In any event, all of them are distributed in the software repositories of most popular distributions and can be installed by running the sudo apt install zsh pienentry-curses cryptsetup or the sudo dnf install zsh pienentry-curses cryptsetup command on Ubuntu/ Debian and Fedora, respectively.
Now head over to https://files.dyne. org/tomb and download the latest source tarball:
$ wget https://files.dyne. org/tomb/Tomb-2.5.tar.gz $ tar zxvf Tomb-2.5.tar.gz $ cd Tomb-2.5 $ sudo make install Assuming all the dependencies are already in place, the last command in the code block above will install the utility. The reason why installing Tomb doesn’t require running the ./ configure and make commands, as you must when install other packages from source, is that Tomb is merely a script. You can place the tomb script found in the extracted Tomb-2.5 directory anywhere in your $PATH to be able to execute it. Running sudo make install merely copies this script into the /usr/ local/ bin directory and makes it possible for you to access the man page.
HIDING SECRETS
With all the preliminaries out of the way, you can begin creating tombs to hold your secrets. For each tomb you create, you must also create a security key to lock its content. Each keyfile in turn is password-protected for additional security. For obvious reasons, you should never keep your tombs and associated keyfiles in the same directory.
The first step is to carve space for a tomb, and you must do this with the tomb dig command: $ sudo tomb dig -s 100 hideyhole.tomb
$ tomb dig -s 150 hidey-hole. tomb
tomb . Commanded to dig tomb hidey-hole.tomb
tomb (*) Creating a new tomb in hidey-hole.tomb
tomb . Generating hideyhole.tomb of 150MiB 150+0 records in 150+0 records out 157286400 bytes (157 MB, 150 MiB) copied, 1.4048 s, 112 MB/s
-rw------- 1 linuxlala linuxlala 150M Oct 25 17:26 hidey-hole.tomb
tomb (*) Done digging hideyhole
tomb . Your tomb is not yet ready, you need to forge a key
and lock it:
tomb . tomb forge hideyhole.tomb.key
tomb . tomb lock hideyhole.tomb -k hidey-hole.tomb. key
As you can see from the code block, each tomb you create must have the . tomb extension. The -s command option expects a numerical value, which denoted the size of the tomb in MB. Apart from informing you of successfully creating a tomb, and its default permissions, the project also informs you the commands you must run next. Look for these in the bottom two lines in the block.
The tomb forge command is used to create a key for the specified tomb. The keyfile has a . key extension, but otherwise retains the same name as the tombs you create using the tomb dig command. The forge command will create a key using the AES256 cipher algorithm. The process may take some time, depending on the size of the tomb. It also helps if you keep using the machine to generate sufficient entropy. After some time, you’ll be prompted to provide a password. Depending on the pinentry tool installed on your distribution, this may be either through a graphical dialog box, or a cursesdriven interface.
When generating a keyfile, tomb will complain and terminate if it detects swap space on your hard disk. You must either use the -f command switch to force the tool to generate a keyfile, or alternatively run the sudo swapoff -a command to turn off swap. You can then run the tomb forge command again to generate the keyfile.
But wait, we’re still not done. Now that you have a key, you must lock your tomb with the tomb lock hide-hole.tomb -k hidey-hole. tomb.key . This command formats your encrypted tomb with the Ext4 filesystem.
By default, all tombs are mounted in the /media directory. To open a tomb, you must run the sudo tomb open -k hidey-hole.tomb.key hidey-hole.tomb .
You can now add all the files you wish to keep secret into the mounted tomb directory. You can use common file operations such as copy or move to place files into your mounted tomb. When done, remember to close the tomb with the tomb close command.
WORKING WITH TOMBS
You can run the tomb list command to list all open tombs. In addition to providing a list of open tombs, this command will also inform you how long a tomb has been open, its total size and available free space.
With time, your tombs will grow to contain different files. While the tombs are still open, run the tomb index command, which will create or update the search index if one already exists. Once you create an index, you’ll be able to use the tomb search <pattern> command to search for files within the open tombs. The pattern can be any string, and the tool will attempt to match it against the filenames in the index for all open tombs.
If you don’t want to index any particular tomb, you must first open it and then run the touch .noindex command from within the tomb’s directory. Tomb will automatically skip indexing all tombs where it detects a . noindex file:
$ tomb index
tomb (*) Creating and updating search indexes.
tomb . Indexing [hideyhole] filenames...
tomb . Search index updated.
tomb . Skipping [hole] (. noindex found).
tomb . Indexing [secrets] filenames...
tomb . Search index updated.
While fairly straightforward, the project also ships with various additional tools such as GTK tray icon, and gtomb, which is a script that launches a graphical frontend of the tool. You’ll find these, and more, sitting in the extras directory that lies within the extracted Tomb-2.5 directory.