Man page of tomb
Section: User Commands (1)
Updated: Sept 26, 2011
Return to Main Contents
Tomb - the Crypto Undertaker
- tomb [options] command [arguments]
Tomb is an application to manage the creation and access of encrypted
storage files: it can be operated from commandline and it can
integrate with a user's graphical desktop.
Tomb generates encrypted storage files to be opened and closed using
their associated keys, which are also protected with a password chosen
by the user. To create, open and close tombs a user will need super
user rights to execute the tomb commandline utility.
A tomb is like a locked folder that can be safely transported and
hidden in a filesystem; it encourages users to keep their keys
separate from tombs, for instance keeping a tomb file on your computer
harddisk and its key file on a USB stick.
For simplified use, the command tomb-open starts a wizard that
guides users in the creation of a new tomb or, if a tomb file is
specified as argument, it opens it and makes it accessible in a
default location under the /media folder, starting the status tray
applet (tomb-status) if a desktop is present.
Creates a new encrypted storage tomb and its key, named as specified
by the given argument.
Opens an existing tomb file specified in the first argument. If
a second argument is given it will indicate the mountpoint
where the tomb should be made accessible, if not then the tomb is
mounted in a directory named after the filename and inside /media.
List all the tombs found open, including information about the time
they were opened and the hooks that they mounted. If the first
argument is present, then shows only the tomb named that way or
returns an error if its not found.
Closes a currently open tomb. When an argument is specified, it
should be the name of a mounted tomb; if not specified and only one
tomb is open then it will be closed; if multiple tombs are open, the
command will list them on the terminal. The special
argument 'all' will close all currently open tombs. This command
fails if the tomb is in use by running processes, the command
slam can be used to force close.
Closes a tomb like the command close does, but in case it is in
use looks for all the processes accessing its files and violently
kills them using -9.
Hides a tomb key (first argument) inside a jpeg image (second
argument) using steganography: the image will change in a way that
cannot be noticed by human eyes and the presence of the key inside it
isn't detectable without the right password. This option is useful to
backup tomb keys in unsuspected places; it uses steghide and the
serpent encryption algorithm.
Extracts a named tomb key (first argument) from a (jpeg) image file
(second argument) known to be containing it, if the right password is
given. This is used to recoved buried keys from unsuspected places.
When creating a tomb, this option MUST be used to specify the size of
the new file to be created, in megabytes.
When opening a tomb, this option can be used to specify the location
of the key to use. Keys are created with the same name of the tomb
file adding a '.gpg' suffix, but can be later renamed and transported
on other media. When a key is not found, the program asks to insert a
USB storage device and it will look for the key file inside it.
If <keyfile> is "-" (dash), it will read stdin
When creating a tomb, this option can be used to specify the name (and
location) of the key you are creating. For example, you could use
tomb create -s 100 tombname -k /media/usb/tombname
to put the key on a usb pendrive
Skip processing of post-hooks and bind-hooks if found inside the tomb.
See the HOOKS section in this manual for more information.
Manually specify mount options to be used when opening a tomb instead
of the default rw,noatime,nodev. This option can be used to
mount a tomb read-only (ro) to prevent any modification of its data,
or to experiment with other settings (if you really know what you are
doing) see the mount(8) man page.
By default, Tomb will abort any create and open operation if swap is used (see
SWAP section for details). This flag will disable this behaviour. NOTE: it is
not secure to do so, unless you know that your swap is encrypted
Display a help text and quit
Display version and quit
Run more quietly
Print more information while running, for debugging purposes
Hooks are special files that can be placed inside the tomb and trigger
actions when it is opened and closed; there are two kinds of such
files: bind-hooks and post-hooks can be placed in the
base root of the tomb.
This hook file consists of a simple two column list of files or
directories inside the tomb to be made directly accessible inside the
current user's home directory. Tomb will use the "mount -o bind"
command to bind locations inside the tomb to locations found in $HOME
so in the first column are indicated paths relative to the tomb and in
the second column are indicated paths relative to $HOME contents, for
This hook file gets executed as user by tomb right after opening it;
it can consist of a shell script of a binary executable that performs
batch operations every time a tomb is opened.
The tomb commandline tool needs to acquire super user rights to
execute most of its operations: to do so it uses sudo(8), while
pinentry(1) is adopted to collect passwords from the user.
Tomb executes as super user only those commands requiring it, while it
executes desktop applications as processes owned by the user.
During "create" and "open" operation, swap will complain and abort if
your system has swap activated. This can be annoying, and you can disable this
behaviour using --ignore-swap. Before doing that, however, you may be
interested in knowing the risks of doing so:
During both creation and opening it could write your secret key on the disk
After having opened the tomb, an application you're using could swap file
contents. So you'll put file contents in clear on your disk
If you don't need swap, execute swapoff -a. If you really need it, you
could encrypt it. Tomb doesn't detect if your swap is encrypted, and will
complain anyway. In that case, using --ignore-swap is safe. Otherwise, use
--ignore-swap at your own risk
Please report bugs on the tracker at
Get in touch with developers via mail using this
or via chat on
Tomb is designed and written by Denis Roio aka Jaromil.
Tomb includes code by Hellekin O. Wolf, Anathema and Boyska.
Tomb's artwork is contributed by Jordi aka Mon Mort
Testing and reviews are contributed by Dreamer, Shining, Mancausoft,
Cryptsetup is developed by Christophe Saout and Clemens Fruhwirth
This manual is Copyleft (c) 2011 Denis Roio <[email protected]>
It includes contributions by Boyska
Permission is granted to copy, distribute and/or modify this manual
under the terms of the GNU Free Documentation License, Version 1.1 or
any later version published by the Free Software Foundation.
Permission is granted to make and distribute verbatim copies of this
manual page provided the above copyright notice and this permission
notice are preserved on all copies.
The most recent version of Tomb sourcecode and up to date
documentation is available for download from its website on
GnuPG website on http://www.gnupg.org
DM-Crypt website on http://www.saout.de/misc/dm-crypt
LUKS website, http://code.google.com/p/cryptsetup
- PRIVILEGE ESCALATION
- SEE ALSO
This document was created by
using the manual pages.
Time: 10:33:09 GMT, September 26, 2011