Creating an encrypted loopback device with Tomb

Tomb makes managing encrypted volumes easy - in fact very easy. This is a must if you're like me and want to store sensitive stuff on the cloud.

You can download Tomb from here.

1. Install some dependencies:

yum install ncurses-devel cryptsetup zsh gettext -y
yum install http://pkgs.repoforge.org/dcfldd/dcfldd-1.3.4.1-1.el6.rf.x86_64.rpm

2. Download and untar Tomb:

cd /tmp
wget https://files.dyne.org/tomb/Tomb-2.1.1.tar.gz
tar zxf Tomb-2.1.1.tar.gz

3. Make Tomb:

cd Tomb-2.1.1
make install

4. Add a user:

useradd -m weirdbricks

5. Dig a new tomb of the size you want - in this example I'm going to use 40GB (40960MB):

cd /home/weirdbricks
time tomb dig -s 40960 archived-photos.tomb

Output:

tomb  .  Commanded to dig tomb archived-photos.tomb
tomb (*) Creating a new tomb in archived-photos.tomb
tomb  .  Generating archived-photos.tomb of 40960MiB
40960+0 records in
40960+0 records out
42949672960 bytes (43 GB) copied, 8898.17 s, 4.8 MB/s
-rw------- 1 root root 40G Nov  2 07:56 archived-photos.tomb
tomb (*) Done digging archived-photos
tomb  .  Your tomb is not yet ready, you need to forge a key and lock it:
tomb  .  tomb forge archived-photos.tomb.key
tomb  .  tomb lock archived-photos.tomb -k archived-photos.tomb.key

real    148m18.280s
user    0m0.281s
sys 147m50.630s

As you can see from the output of time, creating the tomb can take a while :)

6. Create a key for the tomb - in this case we'll name the key "archived-photos.key":

tomb forge -f -k archived-photos.key

This will prompt you for the key's password twice

7. OK, now let's format the tomb and lock it - you will be asked for your password:

tomb lock -k archived-photos.key archived-photos.tomb

8. Finally let's open the tomb (mounts it!) - this will ask you for your password:

tomb open -k archived-photos.key archived-photos.tomb

9. You're good to go! Check the output of df -h to see the mounted Tomb:

df -h
Filesystem            Size  Used Avail Use% Mounted on
/dev/xvda1             50G   42G  5.7G  88% /
none                  496M     0  496M   0% /dev/shm
/dev/mapper/tomb.archived-photos.1446525515.loop0
                       40G   48M   38G   1% /media/archived-photos

10. If you want to close the tomb (aka unmount it):

tomb close all