Tomb and Linux Encryption

Tomb and Linux Encryption

                        Linux and Tomb

Hi my name is Richard, and today we’ll talk about Tomb and Linux, we’ll cover a couple of other things briefly as well. Disclaimer: The site owners, and myself are in no way responsible for anything that goes wrong. When you create a Tomb, you are in essence formatting and or partitioning the drive in away it can be mounted. Anytime you’re new and try this — unsure of your actions, it can and sometimes will lead to a situation where you could possibly lose all of your data, mess up your boot record on grub, and or it might explode and possibly hurt your fingers. 🙂 With that being said, be careful how you partition your computers Hard Drive and understand what you’re doing. It would be a very good idea to practice in VM (Virtual Machine) before you attempt this live on your system.

Linux has some pretty cool encryption features already built into it. One of those features happen to help us encrypt and decrypt personal files. The folks over at Dyne created a shell script called Tomb. It consists of a shell script zsh using (GNU) and the cryptographic API from the Linux Kernel (LUKS and cryptsetup) Make sure you satisfy your dependencies before you install Tomb. Also check your hash signatures if you choose to install this script.

We’ll talk about system level dm-crypt in a bit, but for now lets create our first tomb. (Note the minimum tomb size is 10mb.)

Create a folder mkdir my_message ( cd to your chosen folder) it is better to have a firm understanding of how you’re creating the tomb within a folder to get the hang of it. Also keep in mind this will be a mounted volume, when you’re finished. The following was taken off the tomb READ.ME

cd to your my_messages directory


tomb dig -s 128 letter.tomb

tomb forge letter.tomb.key

tomb lock letter.tomb -k letter.tomb.key

tomb open letter.tomb -k letter.tomb.key

More commands can be found in the ReadME, I won’t bore you or your intelligence with copy and paste,  I will however mention this, if you’re running an Ubuntu flavor, you’ll soon find out it is not setup for much of this. You’ll need to satisfy ALL your dependencies before installing anything. Don’t even attempt any of this without satisfying ALL dependencies. Typically a “make check” after ./configure will let you know where you stand.

Cryptsetup is a utility used to setup disk encryption, it’s based on the dm-crypt module.

Dm-crypt is a device-mapper that provides transparent encryption of block devices using the Linux Kernel crypto API. LUKS volumes, loop-AES and TrueCrypt (including VeraCrypt extensions are supported ) the veritysetup utility is used to setup DMVERITY block integrity checking kernel module. Dm-crypt is typically the way a lot of encrypted containers are setup, many times people don’t even realize it.

Another software that’s really fun is ZuluCrypt, a graphical interface software with a lot of features. These scripts are always a penetration testers friend. One might be able to conceal much in a tomb.  Time is short for me so hoping this article sparks some interest.  Thank you for your time.