Tomb :: The Crypto Undertaker

Introduction

 

Tomb aims to be an 100% free and open source system for easy encryption and backup of personal files, written in code that is easy to review and links commonly shared components.

All I know is what the words know, and dead things, and that makes a handsome little sum, with a beginning and a middle and an end, as in the well-built phrase and the long sonata of the dead.” Samuel Beckett

Tomb generates encrypted storage files to be opened and closed using their associated keyfiles, which are also protected with a password chosen by the user.

A tomb is like a locked folder that can be safely transported and hidden in a filesystem; its keys can be kept separate, for instance keeping the tomb file on your computer harddisk and the key files on a USB stick.

Tomb is a simple tool to manage encrypted storage on GNU/Linux, from the hashes of the dyne:bolic nesting mechanism.

How does it works

Tombs are operated from a normal file browser or from the commandline.

To open a tomb is sufficient to click on it, or use the command tomb-open

When a tomb is open your panel will have a little icon in the tray reminding you that a tomb is open, offering to explore it or close it.

To make safety copies of your keys, tomb lets you “bury a key” inside an image (using steganography techniques) and of course “exhume” buried keys from pictures where they are hidden. Actually it is very hard to guess when something is hidden inside a picture without knowing the password used in steganography.

See the manpage for more information on how to operate Tomb from the text terminal.

Tomb 1.2 - a strong and gentle undertaker for your secrets

Syntax: tomb [options] command [file] [place]

Commands:

 create     create a new tomb FILE and its keys
 open       open an existing tomb FILE on PLACE
 list       list all open tombs or the one called FILE
 close      close the open tomb called FILE (or all)
 slam       close tomb FILE and kill all pids using it
 passwd     change the password of a tomb key FILE

Options:

 -s     size of the tomb file when creating one (in MB)
 -k     path to the key to use for opening a tomb
 -n     don't process the hooks found in tomb
 -o     mount options used to open (default: rw,noatime,nodev)

 -h     print this help
 -v     version information for this tool
 -q     run quietly without printing informations
 -D     print debugging information at runtime
More sources of information

Tomb’s documentation is being actively written as we speak, you will find some more informations about it on the wiki found on github.com/dyne/Tomb/wiki.

Who needs Tomb

Democracy requires Privacy as much as Freedom of Expression.” Anonymous

Our target community are desktop users with no time to click around, sometimes using old or borrowed computers, operating in places endangered by conflict where a leak of personal data can be a threat.

If you can’t own a laptop then it’s possible to go around with a USB stick and borrow computers, still leaving no trace and keeping your data safe during transports. Tomb aims to facilitate all this and to be interoperable across popular GNU/Linux operating systems.

The internet offers plenty of free services, on the wave of the Web2.0 fuzz and the community boom, while all private informations are hosted on servers owned by global corporations and monopolies.

“The distinction between what is public and what is private is becoming more and more blurred with the increasing intrusiveness of the media and advances in electronic technology. While this distinction is always the outcome of continuous cultural negotiation, it continues to be critical, for where nothing is private, democracy becomes impossible.”
(from Privacy Conference, Social Research, New School University)

It is important to keep in mind that no-one else better than you can ensure the privacy of your personal data. Server hosted services and web integrated technologies gather all data into huge information pools that are made available to established economical and cultural regimes.

This software urges you to reflect on the importance of your privacy. World is full of prevarication and political imprisonments, war rages in several places and media is mainly used for propaganda by the powers in charge. Some of us face the dangers of being tracked by oppressors opposing our self definition, independent thinking and resistance to omologation.

Aren’t there enough encryption tools?

We’ve felt the urgency of publishing Tomb for other operating systems than dyne:bolic since the current situation in personal desktop encryption is far from optimal.

TrueCrypt makes use of statically linked libraries so that its code is hard to audit, plus is not considered free by free operating system distributors because of liability reasons, see DebianUbuntuSuseGentooand Fedora.

Cryptkeeper is the best alternative to Tomb out there and its main advantage consists in not needing root access on the machine it’s being used. But Cryptkeeper still has drawbacks: it uses EncFS which implements weaker encryption than dm-crypt and it doesn’t promotes the separated storage of keys.

At last, the Encrypted home mechanisms on operating systems as Debian and Ubuntu adopt encryption algorithms as strong as Tomb does, but they need to be configured when the machine is installed, they cannot be easily transported and again they don’t promote separated storage of keys.

Where do we learn from

Here below some articles that are useful to understand Tomb more in detail and to get in touch with the difficult job of a Crypto Undertaker:

With Tomb we try to overcome all these limitations providing strong encryption, encouraging users to separate keys from data and letting them transport tombs around easily. Also to facilitate auditing and customization we intend to:

  • write short and readable code, linking shared libs
  • provide easy to use graphical interfaces and desktop integration
  • keep the development process open and distributed using GIT
  • distribute Tomb under the GNU General Public License v3

If you believe this is a worthy effort, you are welcome to support it.

Downloads

Plain text docs


For licensing information see the GNU General Public License

Below a list of formats you can download this application: ready to be run with some of the interfaces developed, as a library you can use to build your own application and as source code you can study.

Source Code

Latest stable release is 1.2 (November 2011), see the ChangeLog, our announcement and the Freecode announcement, there is something even in Chinese about it.

Source releases are signed by Jaromil using GnuPG and MD5 hashes.

On ftp.dyne.org/tomb you can find all present and past Tomb releases, plus binaries that are occasionally built for various architectures.

The bleeding edge version is developed on GitHub/dyne/Tomb: you can clone the repository free and anonymously, as well contribute to development interacting with us via GitHub (fork, code and then request a pull).

To compile fresh code out of Git you first have to generate the auto-tools build environment giving the command:

       autoreconf -i

and then you can proceed with the usual configure && make mantra, may the source be with you.

On crypto.is as well on our wiki there are short instructions on how to compile Tomb from source or install it from apt.dyne.org

Debian and Ubuntu

Visit our brand new APT.dyne.org repository, there you can tune into our software channel via an easy to use installer, so you can always stay up to date with our freshly brewed software, from the upstream tap!

Arch and derivatives

Tomb is packaged in AUR, check it out !

App1e/O$X

There are several possibilities of porting Tomb to run on those expensive and fancy-schmancy toys.

A good plan can be that of using TrueCrypt’s version of cryptsetup which seems to be already ported for the purpose, with a bit of desktop integration and shell scripting it should be all set, let us know if you like to join our team on this task.

Win$loth

There are rumored plans to port Tomb on Win or at least make it possible to open tomb files under Win: this could be possible especially using FReeOTFE or adding compatibility in SecureTrayUtil and contributions are welcome in those directions.

However we strongly encourage people in need of strong encryption to not use Winslows, or at least to not generate encrypted partitions with it, since it can contain backdoors in the random number generation, as pointed by Bruce Schneier and Niels Ferguson in this short essay about the Dual_EC_DRBG.

Usage

Tomb can be adapted for ad-hoc use and scripted inside bigger systems of applications, here below a few usage scenarios.

Private data in daily use

With a simple mount and unmount command, plus the configuration of bind-hooks, your home can change in a snap to include your secrets in the right position for your application paths, like that secret door behind the library you always dreamed of.

Secure cloud storage

Tomb works well over the cloud to grant the privacy of the information you upload and store in systems like EC2, UbuntuOne or Dropbox. Just create a tomb inside such storage solutions: it will be like a file for them, while you can see its contents by opening it with your key. No information contained inside the Tomb is visible to the cloud service, not even while it is open on your computer.  Also filesystem operations within the tomb are not causing more traffic over the network. On our wiki you will find more recommendations on how to create a tomb for cloud storage.

If you like to go more in detail, this MA thesis in computer science mentions the successful usage of Tomb over cloud filesystem storage and possible new horizons for its development.

Safe incremental backup

Tomb works well to keep your backups safe and, when used in conjunction with rdiff-backup, it can store incremental backups that are easy to reach and store modifications in time.

All you need is open the tomb, update the backup and close the tomb. Opening the backup tomb as normal will give you access to all your files directly.

Deniable, but easy to remember, key storage

When securing your private data one of the bigger problems is represented by the fallacy of your memory: in some future you might forget where you left the keys. Tomb can help to prevent this by using steganography: if the steghide is found to be installed then using Tomb you’ll be able to “bury” and “exhume” keys in and out of JPEG images.

This feature lets you keep in mind a certain picture rather than a position in a filesystem, much easy to remember. It also helps in hiding well the key and eventually communicating it without being suspicious, as it is very difficult to detect the presence of a key inside an image without knowing the password you used to seal it.

Dangerous information transport

When transporting delicate information the risk of interception is high: even using encryption, if the courier is captured then the key can be found on him and the password can be obtained under torture. The solution we propose is that of separating keys from storage, so that a courier alone cannot be the single point of failure: hence separation between keys and data.

Plus a new feature we have in development is that of splitting Tomb keys using Shamir’s Secret Sharing algorithm.

Development

Tomb is an evolution of the mknest tool developed for the dyne:bolic GNU/Linux distribution, which is used by its ‘nesting’ mechanism to encrypt the Home directory of users.

As such, it uses well tested and reviewed routines and its shell code is pretty readable. The name transition from ‘mknest’ to ‘tomb’ is marked by the adaptation of mknest to work on Debian based operating systems.

Stage of development

At present time Tomb is easy to install and use, it mainly consists of a Shell script and some auxiliary C code for desktop integration (GTK), making use of GNU tools and the cryptographic API of the Linux kernel. We are a nice team of less than 10 people and we coordinate mostly using Issues on GitHub.

You are welcome to join especially to help with porting to more operating systems, distribution packaging and GUI integration, translation and documentation. The golden rule for us is: write short code and make it readable. Transparency and ease of code review is one of the strong points for an encryption tool we all intend to rely on.

A cheerful picture of Tomb developers crew at Hackmeeting 2011 in Firenze

People involved

Tomb is originally designed and written by Jaromil, it includes code by Hellekin O. Wolf, Anathema and Boyska, its artwork is contributed by Món Mort.

Testing, reviews and documentation are contributed by Dreamer, Shining the Translucent, Mancausoft, Asbesto Molesto and Nignux.

Most research we refer to is documented by Clemens Fruhwirth who also developed Cryptsetup together with Christophe Saout.

How can you help

If you do have money then the simple thing is just make a donation to dyne.org, which is officially registered as a non-profit foundation and it will help to keep up our development effort on the long term, with your help.

Code is pretty short and readable: start looking around it and the materials found in doc/ which are good pointers at security measures to be further implemented.

Read the short tomb tester howto to have some directions on hot to start testing.

If you are a developer then the short tomb developer howto is for you.

To get in touch with us use this contact form or join our chat on hinezumi.im (using IRC, Jabber, Telnet etc.) on channel #tomb – or even better, participate in person to one of the yearly italian hackmeeting, usually held during summer on the peninsula.

We do have a mailinglist too, but its mostly in Italian language, contact us if you like to subscribe…