Open source data encryption with Tomb

In this blog, I will show how you can utilise open-source data encryption software Tomb to protect your private data on your Linux server. This can be used to create a private folder than only you can open, which can be used as a Samba file share mount, to host your private data for OwnCloud/Nextcloud, or whatever you fancy (hey, no judgement here child).

Firstly, you need to install some pre-reqs:

Once install, grab the latest Tomb (this has probably changed, but 2.3 was the latest when i wrote this) and extract it:

Next, lets go ahead and make Tomb, and test its working:

You should see an output showing you the commands of Tomb, such as:

Next, we need to create a key that will be used to protect our data:

This will ask for a password as below:

Now that our key is created, we need to create our ‘tomb’. The tomb is basically a container for your files that can only be mounted if the key (and thus password) and provided, meaning its super secure. To create the tomb, the ‘-s’ flag is used – and takes an integer as an input. This integer is the size of the tomb in MiB, so 100GB would be 95367MiB, for example. Below i’m just creating a small example to display what happens:

Now, as it says above, we need to now associate our created key with our newly created tomb, meaning only our key can open the tomb once locked:

Success! We can now open and close our Tomb, as below:

In the above, I’ve gone into our tomb and created a file called ‘hello’ to show you can write to it. Now, if you want to close all off the tombs, simply use the command ‘tomb close all’, or alternatively if you are in a hurry, use ‘tomb slam’ – which is the equivalent of kicking the power out of the back.

The above shows the closing of the tomb, and a ‘ls’ shows that there is no trace remaining.

Now, if you want to use this for production purposes, i’d recommending further reading – you can do a LOT of cool things with Tomb such as QR Codes for authentication, hiding PIN numbers in images (steganography, oo), etc. You’ll also want to move your tomb from /tmp 🙂 Enjoy, and i hope this stokes some creative fires.

Leave a Reply