Tomb - Minimalistic CLI Tool to Manage Encrypted Volumes
Tomb is an 100% free and open source system for file encryption on GNU/Linux, facilitating the backup of secret files. Tomb is written in code that is easy to review and links commonly shared components. Tomb generates encrypted storage folders to be opened and closed using their associated keyfiles, which are also protected with a password chosen by the user. A tomb is like a locked folder that can be safely transported and hidden in a filesystem; its keys can be kept separate, for instance keeping the tomb file on your computer harddisk and the key files on a USB stick.
Tomb aims to be a free and open source system for easy encryption and backup of personal files, written in code that is easy to review and links well reliable GNU/Linux components.
Tomb’s ambition is to provide military-grade security by way of:
- a minimalist design consisting in small and well readable code
- facilitation of good practices, i.e: key/storage physical separation
- adoption of a few standard and well tested implementations.
At present, Tomb consists of a simple shell script (Zsh) using standard filesystem tools (GNU) and the cryptographic API of the Linux kernel (cryptsetup and LUKS). Tomb can also produce machine parsable output to facilitate its use inside graphical applications.
What is this for, exactly?
This tool can be used to dig .tomb files (LUKS volumes), forge keys protected by a password (GnuPG encryption) and use the keys to lock the tombs. Tombs are like single files whose contents are inaccessible in the absence of the key they were locked with and its password.
Once open, the tombs are just like normal folders and can contain different files, plus they offer advanced functionalities like bind and execution hooks and fast search, or they can be slammed close even if busy. Keys can be stored on separate media like USB sticks, NFC, on-line SSH servers or bluetooth devices to make the transport of data safer: one always needs both the tomb and the key, plus its password, to access it.
The tomb script takes care of several details to improve user’s behaviour and the security of tombs in everyday usage: protects the typing of passwords from keyloggers, facilitates hiding keys inside images, indexes and search a tomb’s contents, mounts directories in place, lists open tombs and selectively closes them, warns the user about free space and last time usage, etc.
How secure is this?
Death is the only sure thing in life. That said, Tomb is a pretty secure tool especially because it is kept minimal, its source is always open to review (even when installed) and its code is easy to read with a bit of shell script knowledge.
All encryption tools being used in Tomb are included as default in many GNU/Linux operating systems and therefore are regularly peer reviewed: we don’t add anything else to them really, just a layer of usability.
The file KNOWN_BUGS.md contains some notes on known vulnerabilities and threat model analysis.
In absence or malfunction of the Tomb script it is always possible to access the contents of a Tomb only using a dm-crypt enabled Linux kernel, cryptsetup, GnuPG and any shell interpreter issuing the following commands as root:
lo=$(losetup -f)losetup -f secret.tombpass="$(gpg -d secret.key)"echo -n -e "$pass" | cryptsetup --key-file - luksOpen $lo secretmount /dev/mapper/secret /mntunset pass
One can change the last argument /mnt
to where the Tomb has to be mounted and made accessible. To close the tomb then use:
umount /mntcryptsetup luksClose /dev/mapper/secret
Tomb qualifies as sound for use on information rated as “top secret” when used on an underlying stack of carefully reviewed hardware (random number generator and other components) and software (Linux kernel build, crypto modules, device manager, compiler used to built, shell interpreter and packaged dependencies).
Post a Comment