Encrypt your important files using Tomb

Conclusions

Tomb makes dealing with encrypted containers really easy. The well-conceived syntax is restricted to a few commands and buttons in everyday life. The approach of using standard Linux tools ensures trusted underpinnings – thus avoiding the need for Tomb to reinvent the encryption wheel.

As is so often true with encryption, the devil is in the details. Bad practices all too often thwart good approaches. Avoid keeping keys and containers on the same system – or at least store the key on a USB flash drive. You also need to make sure that the shell history doesn't reveal anything about the use of an encrypted container.

There are also restrictions in terms of portability: Kernel 2.6 or later are now available on almost all Linux systems. However, you will need administrative privileges on the computer for most Tomb actions, even to open a Tomb for example.

This means users who work with Linux but do not manage the system themselves cannot use the tool. Users with Mac OS X or Windows remain completely sidelined. However, on the project page, the developers carefully imply that there are at least plans for a Windows version.

Some users may miss a graphical interface for mounting and managing Tombs. There are currently many useful approaches, such as a small GTK program for the system tray or a GUI written using Python. They were not totally impressive in the test, however. zuluCrypt [9], which – based on the information provided by the developer – at least supports opening and closing Tombs, currently makes the best impression (Figure 3).

Figure 3: zuluCrypt supports use of containers and partitions encrypted with TrueCrypt and VeraCrypt as well as dm-crypt and LUKS.

It supports the use of containers and partitions encrypted with TrueCrypt and VeraCrypt as well as dm-crypt and LUKS. However, it is pretty easy to integrate Tomb into your own scripts and thus make operations more intuitive, without needing graphical programs.