Tomb, the Crypto Undertaker 2.4

Tomb is a system to make strong encryption easy for everyday use. A tomb is like a locked folder that can be safely transported and hidden in a filesystem. Its keys can be kept separate; for example, you can keep the tomb on your computer and its key on a USB stick. Tomb is written in code that is easy to review and links shared components: it consists of a ZShell script and desktop integration apps; it uses standard GNU tools and the crypto API of the Linux kernel (dm-crypt) via cryptsetup.

Tags dyne-org security cryptography archiving shell terminal console linux
License GNU GPLv3
State mature

Recent Releases

2.416 Apr 2017 15:42 major feature: This release introduces a major new feature with support for asymmetric encryption of Tomb keys using public/private GPG key pairs. It is now possible to protect a Tomb key using a GPG key (which can also be password-less for automations) as well encrypt a Tomb key for multiple recipients (list of GPG ids). Other improvements include: a fix to the 'slam' command with better detection of running programs using 'lsof' (new optional dependency); a fix to 'forge' key creation to really use 512 bits long keys to really trigger usage of AES256; correct support for opening tombs in read-only mode; update of the Tomber python wrapper in extras. Documentation has been updated.
2.302 Jan 2017 12:08 major bugfix: Fix to bug occurring when using ZSh version 5.3 or higher. Fix to inclusion of final newline in keys generated with 2.2, only affecting third-party software. Removed chmod/chown of tombs when open. Enhanced continuous integration script with regression tests with usage of old stable versions of Tomb and shellcheck linting. Improved parser and post-hooks to avoid usage of external binaries (grep and cat) also improving security when decrypting keys. Fix for clean execution via sudo nopasswd. Updated extras/gtomb to latest stable version. Various documentation updatesabout kdf, using images as keys, deniability and gpg-agent usage. New experimental port to Android platforms in extras.
2.230 Dec 2015 16:55 major bugfix: New Qt5 desktop tray in extras/qt-tray. New Zenity based Gtk interface in extras/gtomb (experimental). Better resizing procedure recovers from failure without starting over with a new dig. Fixes for correct handling of bind-hooks mountpoints containing whitespaces, implying a refactoring of how the mtab is parsed, along with workaround for Debian bugs. Updated all strings to report MiB sizes. Fix to correctly show last time opened. Fix to EUID detection and to installed manpage permissions.
2.1.106 Aug 2015 15:57 minor feature: New translations included, to Swedish and Italian languages.
2.123 Jul 2015 16:45 minor bugfix: This new stable release including several bugfixes to smooth the user experience in various situations. Documentation is reviewed and extended and translations are updated. More in detail, fixes to: mountpoint removal, language localization, gtk-2 pinentry themeing, udisk2 compatibility (/run/media/ USER mountpoint support), handling of key failures, kdf documentation, swish-e file contents search and encrypted swap detection. Deniability is improved by allowing any filename to be used for tombs (also without .tomb extension). Code has been overall cleaned up.
2.0.125 Dec 2014 01:54 minor bugfix: Fix for usage with GnuPG 1.4.11, a problem affecting long term GNU/Linux distribution releases like Ubuntu 12.04 and Mint 13. Minor messaging fixes.
2.026 Nov 2014 21:34 major feature: Tomb goes international: now translated to Russian, French, Spanish and German. The usability has improved: steganographed images can now be used directly as keys using `-k`. Tomb now works also across ssh connections: it is possible to pipe cleartext secrets from stdin using `-k cleartext` but that requires the --unsafe flag. The security is also improved by avoiding most uses of temporary files. The privilege escalation model has been simplified and sudo is called only when needed. All code has been refactored for readability and integration with zsh features. Signal handlers are now in place, global arrays are used to keep track of temp files. Namespace has been revisioned and corrected.
1.5.304 Aug 2014 07:05 minor feature: