Tomb can be adapted for ad-hoc use and scripted inside bigger systems of applications, here below a few usage scenarios. With a simple mount and unmount command, plus the configuration of bind-hooks , your home can change in a snap to include your secrets in the right position for your application paths, like that secret door behind the library you always dreamed of.
When transporting delicate information the risk of interception is high: even using encryption, if the courier is captured then the key can be found on him or her and the password can be obtained using torture. The solution we propose is that of separating keys from storage, so that a courier alone cannot be the single point of failure. Never keep your keys where your tomb is!
Steganography helps here. Tomb offers the possibility to bury and exhume keys from jpeg images: if steghide is installed on a system then Tomb will offer this commands in its command-line help.
This feature lets you keep in mind a certain picture rather than a position in a filesystem, much easy to remember. It also helps in hiding well the key and eventually communicating it without being suspicious, as it is very difficult to detect the presence of a key inside an image without knowing the password you used to seal it. Another possibility to keep track of keys is to backup them in a physical form: for that we have the command engrave which will make a QRCode out of a key which can then be printed, but still must be kept secret, like between the pages of your favourite book or so.
To recover an engraved key one can simply scan it with any QR decoder mobile application, save the resulting plain text file and use it as a key in Tomb. Security can be improved by eliminating the single point of failure, especially if a network connection is available.
A tomb can be stored and used on a machine while its keys are far away: they get copied and immediately deleted every time, but never stored on the same machine. Ssh is used for the key transport, which can happen also without passwords by using ssh public keys. A neat setup is that of keeping the tomb on your laptop and the key on your mobile phone, being fairly sure that they are never kept in the same place, pocket or bag. A simple script to make that happen follows, substitute the ESSID with that of your device:.
Keeping tombs on remote server shells can be a good deterrent to avoid physical break-ins when travelling, not having to carry anything related to your data. To a certain degree, using Tomb also makes it difficult to steal the data from servers, even for providers that have physical access to them.
For server based usage one has to take care of some things: creating a tomb key is usually very slow on a remote server or VPS, the best is to create the key forge locally on your desktop and then upload it. Last but not least, it is also possible to mount tombs locally in a way that the remote server will never have anything to do with the clear data contained into them.
This is achieved using sshfs :. If you like to go more in detail, this MA thesis in computer science mentions the successful usage of Tomb over cloud filesystem storage and possible new horizons for its development.
Security guide great distro BTW! Developers are welcome to interact with us via issues, pull requests or directly on the crypto mailinglist on lists. Also make sure to read the short tomb tester howto to have some directions on how to do troubleshooting. If you plan to write code then the short tomb developer howto is for you.
To get in touch with us you can also join our chat on irc. Your passphrase should have sufficient information entropy. This option is mainly intended for sending binary data through email, not via transfer commands such as bbftp or ftp.
There are three options for the compression algorithm: none , zip , and zlib. The zlib option is not compatible with PGP 6. The MB file was a text file. These runs were performed on a CXFS filesystem when many other users' jobs were running. The performance reported here is for reference only, and not the best or worst performance you can expect. We welcome your input on features and topics that you would like to see included on this website.
Please send us email with your wish list and other feedback. Ask a Question. New User Orientation. Logging In. It works pretty much the same, and for example to encrypt a file named images. Only difference being the -a option is removed, along with the name of the output file. Then as before, if prompted to confirm use of the public key, simply press the Y key to agree. A new file named images. They can then decrypt the ZIP file using their private key.
You also need a way to decrypt messages that are sent to you. Please remember, in order for someone to send you an encrypted message, you must first share your public PGP key with them. You will get an encrypted block of text, which looks the same as encrypting a message, such as:. Save this block of text to a file such as message. You will be prompted to enter your password, which is the same password you supplied when initially generating your PGP key-pair.
Upon successful entry of your password, a message. That's all there is to it! Through this guide you've learned everything necessary to properly secure your communications via PGP encryption.
You've learned how to generate a PGP key-pair, export your public key to share to others, import the public keys of others, plus how to encrypt and decrypt messages. Next time you need to send sensitive information via email, you can now rest assured only the intended recipient will be able to see the contents of the message, keeping it away from unwanted guests. Happy encrypting! There are many ways to share files between people and devices.
With these 15 tools, you can share files quickly without app downloads, account registrations, or any cloud storage setups. Install gnupg If you've never heard of PGP before, check out an excellent PGP primer and explanation , which contains various details we won't get into here for brevity's sake. Otherwise, you can install gnupg by running: sudo apt-get install gnupg2 Once finished, check to ensure it's installed: gnupg -- version Assuming gnupg was properly installed, this will display the version number.
Share Share Tweet Email.
0コメント