Creating an encrypted loopback device with Tomb

02 November, 2015 | CentOS

Tomb makes managing encrypted volumes easy - in fact very easy. This is a must if you're like me and want to store sensitive stuff on the cloud.

You can download Tomb from here.

1. Install some dependencies:

yum install ncurses-devel cryptsetup zsh gettext -y
2. Download and untar Tomb

cd /tmp
tar zxf Tomb-2.1.1.tar.gz

3. Make Tomb

cd Tomb-2.1.1
make install

4. Add a user

useradd -m weirdbricks

5. Dig a new tomb of the size you want - in this example I'm going to use 40GB (40960MB)

cd /home/weirdbricks
time tomb dig -s 40960 archived-photos.tomb


tomb  .  Commanded to dig tomb archived-photos.tomb
tomb (*) Creating a new tomb in archived-photos.tomb
tomb  .  Generating archived-photos.tomb of 40960MiB
40960+0 records in
40960+0 records out
42949672960 bytes (43 GB) copied, 8898.17 s, 4.8 MB/s
-rw------- 1 root root 40G Nov  2 07:56 archived-photos.tomb
tomb (*) Done digging archived-photos
tomb  .  Your tomb is not yet ready, you need to forge a key and lock it:
tomb  .  tomb forge archived-photos.tomb.key
tomb  .  tomb lock archived-photos.tomb -k archived-photos.tomb.key

real	148m18.280s
user	0m0.281s
sys	147m50.630s

As you can see from the output of time, creating the tomb can take a while :) 7. Create a key for the tomb - in this case we'll name the key "archived-photos.key"

tomb forge -f -k archived-photos.key

This will prompt you for the key's password twice 8. OK, now let's format the tomb and lock it - you will be asked for your password

tomb lock -k archived-photos.key archived-photos.tomb

9. Finally let's open the tomb (mounts it!) - this will ask you for your password

tomb open -k archived-photos.key archived-photos.tomb

10. You're good to go! Check the output of df -h to see the mounted Tomb

df -h
Filesystem            Size  Used Avail Use% Mounted on
/dev/xvda1             50G   42G  5.7G  88% /
none                  496M     0  496M   0% /dev/shm
                       40G   48M   38G   1% /media/archived-photos

11. If you want to close the tomb (aka unmount it)

tomb close all