How to use the command 'tomb' (with examples)
- Linux
- December 17, 2024
Tomb is a command-line utility that allows users to manage encrypted storage directories known as tombs. A tomb is essentially a secure, portable container that can be safely hidden within a filesystem, transported, and accessed as needed. It’s particularly useful for users who require a secure way to store sensitive information on disk, ensuring it is only accessible to authorized individuals. Tomb uses strong encryption practices, making it an excellent choice for maintaining data privacy.
Use case 1: Create a new tomb with an initial size of 100 MB
Code:
tomb dig -s 100 encrypted_directory.tomb
Motivation:
Creating a new tomb is the first step in securing sensitive data. By specifying an initial size, you define how much encrypted storage space is allocated for the tomb. This is useful for planning storage capacities and ensuring your tomb size meets your requirements.
Explanation:
tomb dig
: This is the command used to create a new tomb.-s 100
: This argument specifies the size in megabytes (MB) for the tomb. In this case, 100 MB will be allocated.encrypted_directory.tomb
: This is the name of the file that will represent your tomb.
Example Output:
Upon executing the command, you may see a message like:
Creating a new tomb at encrypted_directory.tomb with a size of 100 MB...
Tomb created successfully.
Use case 2: Create a new key file that can be used to lock a tomb
Code:
tomb forge encrypted_directory.tomb.key
Motivation:
Keys are essential for securing a tomb. Creating a new key file provides the encryption key needed to lock and unlock the tomb. This process also prompts you to set a password, adding another layer of security.
Explanation:
tomb forge
: This command generates a new key file.encrypted_directory.tomb.key
: The name of the key file being created. It is essential to remember this key is required to access or lock the tomb.
Example Output:
You might see:
Enter a password for the new key:
Re-enter the password:
Key created and saved to encrypted_directory.tomb.key
Use case 3: Forcefully create a new key, even if the tomb isn’t allowing key forging
Code:
tomb forge encrypted_directory.tomb.key -f
Motivation:
Sometimes, systems may prevent key forging due to specific configurations or swap space usage. In such cases, the -f
flag forces the creation of a key, ensuring that you can progress with securing your tomb.
Explanation:
tomb forge
: Initiates the creation of a key file.encrypted_directory.tomb.key
: References the targeted key file for creation.-f
: This force flag allows the key to be generated even when certain conditions might normally prevent it.
Example Output:
Output similar to:
Forcing key creation due to swap interference...
Enter a password for the new key:
Re-enter the password:
Forced key creation complete, saved to encrypted_directory.tomb.key
Use case 4: Initialize and lock an empty tomb using a key
Code:
tomb lock encrypted_directory.tomb -k encrypted_directory.tomb.key
Motivation:
Once a tomb is created, it must be initialized and locked with a key to secure its contents. This step is crucial as it encrypts the tomb, ensuring that unauthorized users cannot access its data.
Explanation:
tomb lock
: This command initializes the tomb, linking it with the provided key.encrypted_directory.tomb
: Indicates the tomb to be locked.-k encrypted_directory.tomb.key
: Specifies the key file used to lock the tomb.
Example Output:
Output observed may be:
Initializing and locking the tomb...
Tomb encrypted and locked with key: encrypted_directory.tomb.key
Use case 5: Mount a tomb making it usable as a regular filesystem directory
Code:
tomb open encrypted_directory.tomb -k encrypted_directory.tomb.key
Motivation:
Mounting a tomb allows you to access and use the encrypted storage space as if it were a regular directory. This is practical for manipulating files within the secure container without compromising their security.
Explanation:
tomb open
: Command used to mount and open a tomb.encrypted_directory.tomb
: The tomb file you wish to access.-k encrypted_directory.tomb.key
: Designates the key file necessary to unlock the tomb.
Example Output:
Expected output:
Opening tomb encrypted_directory.tomb...
Tomb has been mounted and is accessible at /media/encrypted_directory
Use case 6: Close a tomb
Code:
tomb close encrypted_directory.tomb
Motivation:
After working with the files in an open tomb, it is essential to close it to ensure continued data security and free system resources. This prevents unauthorized access and maintains the integrity of the encrypted container.
Explanation:
tomb close
: Command to close and unmount the specified tomb.encrypted_directory.tomb
: The specific tomb file to be closed.
Example Output:
Typical output might be:
Closing tomb encrypted_directory.tomb...
Tomb closed successfully.
Use case 7: Forcefully close all open tombs
Code:
tomb slam all
Motivation:
There might be scenarios where a user needs to close all open tombs immediately, regardless of whether they are being used by a process. This command is instrumental in swiftly securing all open tombs in emergency situations.
Explanation:
tomb slam
: Command used to forcefully close all tombs.all
: Specifies that the operation should be applied to all open tombs.
Example Output:
Sample output:
Forcefully closing all open tombs...
All tombs have been slammed shut.
Use case 8: List all open tombs
Code:
tomb list
Motivation:
Listing open tombs provides a quick overview of which tombs are currently accessible. This is useful for management and ensuring that no unnecessary tombs remain open, potentially exposing sensitive information.
Explanation:
tomb list
: This command displays a list of all currently open tombs on the system.
Example Output:
Results might show:
Open tombs:
- /media/encrypted_directory
Conclusion:
Tomb is a robust encryption tool that empowers users to seamlessly create, manage, and secure their sensitive data within encrypted containers. By mastering these commands, users can enhance their data privacy, ensuring that sensitive information remains inaccessible to unauthorized parties while also being conveniently portable across different systems.