Tomb, the Crypto Undertaker 2.10

Tomb is a system to make strong encryption easy for everyday use. A tomb is like a locked folder that can be safely transported and hidden in a filesystem. Its keys can be kept separate; for example, you can keep the tomb on your computer and its key on a USB stick. Tomb is written in code that is easy to review and links shared components: it consists of a ZShell script and desktop integration apps; it uses standard GNU tools and the crypto API of the Linux kernel (dm-crypt) via cryptsetup.

Tags dyne-org security cryptography archiving shell terminal console linux
License GNU GPLv3
State mature

Recent Releases

2.1020 Sep 2023 15:16 minor feature: This release adds optional support for Argon2 KDF brute-force protection and introduces support for doas as an alternative to sudo for privilege escalation. It also improves support for BTRFS formatted Tombs, adds zram detection as swap memory, updates documentation and translations and cleans up the script code.
2.904 Jan 2021 21:04 minor feature: This release fixes all bugs introduced by the unfortunate 2.8 release series in 2020 as well introduces support for BTRFS formatted Tombs. The fixes are for password insertion to work on all desktops, as well the fix to a regression when using old Zsh versions. The new feature is activated by the '--filesystem' flag on 'lock' commands. It only supports BTRFS as internal filesystem of a Tomb instead of the default EXT4; resizing works as well to create and send or receive subvolumes and snapshots inside a Tomb. There are also some cleanups, small error handling improvements and no more need for suid actions by 'forge' and 'dig' commands.
2.8.127 Nov 2020 17:44 minor bugfix: This is a minor bugfix release. It fixes two bugs introduced by the previous release: the release of loopback devices and a typo affecting password insertion in text-only mode. It also provides a cosmetic fix for the output of 'tomb list' that now displays correct sizes. At last, the docker wrapper has been included in extras/ to be shipped in Tomb. The span of CVE-2020-28638 has been assessed with more precision and KNOWN_BUGS updated accordingly.
2.817 Nov 2020 13:23 major feature: This new release updates the documentation, improves usability and fixes two bugs. A bug has been found (CVE-2020-28638) to corrupt passwords entered using pinentry-curses on desktops using a X11 DISPLAY, the documentation in KNOWN_BUGS outlines how to fix regressions. Another bug has been fixed to prevent mounting tombs that are already opened, a situation leading to potential data loss. Changes mentioned lead to a small internal refactoring and cleanup, leading to a change in the way volumes appear in /dev/mapper. Along the usability improvements are the support of GNUPGHOME environment variable to support non-standard GnuPG home locations as well updated translations and the fact that debug messages are now written to stderr, making it easier to parse stdout.
2.711 Oct 2019 20:17 major feature: This new release updates the documentation, improves usability and fixes two bugs. A bug has been found (CVE-2020-28638) to corrupt passwords entered using pinentry-curses on desktops using a X11 DISPLAY, the documentation in KNOWN_BUGS outlines how to fix regressions. Another bug has been fixed to prevent mounting tombs that are already opened, a situation leading to potential data loss. Changes mentioned lead to a small internal refactoring and cleanup, leading to a change in the way volumes appear in /dev/mapper. Along the usability improvements are the support of GNUPGHOME environment variable to support non-standard GnuPG home locations as well updated translations and the fact that debug messages are now written to stderr, making it easier to parse stdout.
2.630 May 2019 17:05 major feature: This release adds new features and provides an important fix for usage of Tomb with cryptsetup 2.1 and future versions; it also fixes a whitespace bug in KDF passwords, all fixes are documented in KNOWN_BUGS. A notable new feature is the libsphinx integration for password-authenticated key agreement (PAKE). Another feature is the integration of cloakify to support new cloak/uncloak commands that hide keys inside long text files. Also support for gpg sub-keys has been added and overall gpg asymmetric key protection is improved.
2.416 Apr 2017 15:42 major feature: This release introduces a major new feature with support for asymmetric encryption of Tomb keys using public/private GPG key pairs. It is now possible to protect a Tomb key using a GPG key (which can also be password-less for automations) as well encrypt a Tomb key for multiple recipients (list of GPG ids). Other improvements include: a fix to the 'slam' command with better detection of running programs using 'lsof' (new optional dependency); a fix to 'forge' key creation to really use 512 bits long keys to really trigger usage of AES256; correct support for opening tombs in read-only mode; update of the Tomber python wrapper in extras. Documentation has been updated.
2.302 Jan 2017 12:08 major bugfix: Fix to bug occurring when using ZSh version 5.3 or higher. Fix to inclusion of final newline in keys generated with 2.2, only affecting third-party software. Removed chmod/chown of tombs when open. Enhanced continuous integration script with regression tests with usage of old stable versions of Tomb and shellcheck linting. Improved parser and post-hooks to avoid usage of external binaries (grep and cat) also improving security when decrypting keys. Fix for clean execution via sudo nopasswd. Updated extras/gtomb to latest stable version. Various documentation updatesabout kdf, using images as keys, deniability and gpg-agent usage. New experimental port to Android platforms in extras.
2.230 Dec 2015 16:55 major bugfix: New Qt5 desktop tray in extras/qt-tray. New Zenity based Gtk interface in extras/gtomb (experimental). Better resizing procedure recovers from failure without starting over with a new dig. Fixes for correct handling of bind-hooks mountpoints containing whitespaces, implying a refactoring of how the mtab is parsed, along with workaround for Debian bugs. Updated all strings to report MiB sizes. Fix to correctly show last time opened. Fix to EUID detection and to installed manpage permissions.
2.1.106 Aug 2015 15:57 minor feature: New translations included, to Swedish and Italian languages.
2.123 Jul 2015 16:45 minor bugfix: This new stable release including several bugfixes to smooth the user experience in various situations. Documentation is reviewed and extended and translations are updated. More in detail, fixes to: mountpoint removal, language localization, gtk-2 pinentry themeing, udisk2 compatibility (/run/media/ USER mountpoint support), handling of key failures, kdf documentation, swish-e file contents search and encrypted swap detection. Deniability is improved by allowing any filename to be used for tombs (also without .tomb extension). Code has been overall cleaned up.
2.0.125 Dec 2014 01:54 minor bugfix: Fix for usage with GnuPG 1.4.11, a problem affecting long term GNU/Linux distribution releases like Ubuntu 12.04 and Mint 13. Minor messaging fixes.
2.026 Nov 2014 21:34 major feature: Tomb goes international: now translated to Russian, French, Spanish and German. The usability has improved: steganographed images can now be used directly as keys using `-k`. Tomb now works also across ssh connections: it is possible to pipe cleartext secrets from stdin using `-k cleartext` but that requires the --unsafe flag. The security is also improved by avoiding most uses of temporary files. The privilege escalation model has been simplified and sudo is called only when needed. All code has been refactored for readability and integration with zsh features. Signal handlers are now in place, global arrays are used to keep track of temp files. Namespace has been revisioned and corrected.
1.5.304 Aug 2014 07:05 minor feature: