Tomb is a system to make strong encryption easy for everyday use. A tomb is like a locked folder that can be safely transported and hidden in a filesystem. Its keys can be kept separate; for example, you can keep the tomb on your computer and its key on a USB stick. Tomb is written in code that is easy to review and links shared components: it consists of a ZShell script and desktop integration apps; it uses standard GNU tools and the crypto API of the Linux kernel (dm-crypt) via cryptsetup.

Recent Releases

2.7 major feature: Fixed getent parsing of passwd and notation of conditionals normalised. A few other minor fixes and documentation improvements.

2.6 major feature: This release adds new features and provides an important fix for usage of Tomb with cryptsetup 2.1 and future versions; it also fixes a whitespace bug in KDF passwords, all fixes are documented in KNOWN_BUGS. A notable new feature is the libsphinx integration for password-authenticated key agreement (PAKE). Another feature is the integration of cloakify to support new cloak/uncloak commands that hide keys inside long text files. Also support for gpg sub-keys has been added and overall gpg asymmetric key protection is improved.

2.4 major feature: This release introduces a major new feature with support for asymmetric encryption of Tomb keys using public/private GPG key pairs. It is now possible to protect a Tomb key using a GPG key (which can also be password-less for automations) as well encrypt a Tomb key for multiple recipients (list of GPG ids). Other improvements include: a fix to the 'slam' command with better detection of running programs using 'lsof' (new optional dependency); a fix to 'forge' key creation to really use 512 bits long keys to really trigger usage of AES256; correct support for opening tombs in read-only mode; update of the Tomber python wrapper in extras. Documentation has been updated.

2.3 major bugfix: Fix to bug occurring when using ZSh version 5.3 or higher. Fix to inclusion of final newline in keys generated with 2.2, only affecting third-party software. Removed chmod/chown of tombs when open. Enhanced continuous integration script with regression tests with usage of old stable versions of Tomb and shellcheck linting. Improved parser and post-hooks to avoid usage of external binaries (grep and cat) also improving security when decrypting keys. Fix for clean execution via sudo nopasswd. Updated extras/gtomb to latest stable version. Various documentation updatesabout kdf, using images as keys, deniability and gpg-agent usage. New experimental port to Android platforms in extras.

2.2 major bugfix: New Qt5 desktop tray in extras/qt-tray. New Zenity based Gtk interface in extras/gtomb (experimental). Better resizing procedure recovers from failure without starting over with a new dig. Fixes for correct handling of bind-hooks mountpoints containing whitespaces, implying a refactoring of how the mtab is parsed, along with workaround for Debian bugs. Updated all strings to report MiB sizes. Fix to correctly show last time opened. Fix to EUID detection and to installed manpage permissions.

2.1.1 minor feature: New translations included, to Swedish and Italian languages.

2.1 minor bugfix: This new stable release including several bugfixes to smooth the user experience in various situations. Documentation is reviewed and extended and translations are updated. More in detail, fixes to: mountpoint removal, language localization, gtk-2 pinentry themeing, udisk2 compatibility (/run/media/ USER mountpoint support), handling of key failures, kdf documentation, swish-e file contents search and encrypted swap detection. Deniability is improved by allowing any filename to be used for tombs (also without .tomb extension). Code has been overall cleaned up.

2.0.1 minor bugfix: Fix for usage with GnuPG 1.4.11, a problem affecting long term GNU/Linux distribution releases like Ubuntu 12.04 and Mint 13. Minor messaging fixes.

2.0 major feature: Tomb goes international: now translated to Russian, French, Spanish and German. The usability has improved: steganographed images can now be used directly as keys using `-k`. Tomb now works also across ssh connections: it is possible to pipe cleartext secrets from stdin using `-k cleartext` but that requires the --unsafe flag. The security is also improved by avoiding most uses of temporary files. The privilege escalation model has been simplified and sudo is called only when needed. All code has been refactored for readability and integration with zsh features. Signal handlers are now in place, global arrays are used to keep track of temp files. Namespace has been revisioned and corrected.