Projects / Tomb


Tomb is a system to make strong encryption easy for everyday use. A tomb is like a locked folder that can be safely transported and hidden in a filesystem. Its keys can be kept separate; for example, you can keep the tomb on your computer and its key on a USB stick. Tomb is written in code that is easy to review and links shared components: it consists of a ZShell script and desktop integration apps; it uses standard GNU tools and the cryptographic API of the Linux kernel (dm-crypt) via cryptsetup.

Operating Systems

Recent releases

  •  09 Jun 2014 11:11

    Release Notes: This release includes various usability fixes and documentation updates. Password changing and key changing procedures have been refactored, and scripted use has been tested against a few new wrappers being developed. A .pot strings file is made available for translators.

    •  24 Feb 2014 15:13

      Release Notes: This release stops looking for a key file laying beside the Tomb. This cleans the key loading code and encourages users to separate keys from data.

      •  20 Feb 2014 10:20

        Release Notes: This release fixes a small vulnerability when trying to use keys piped from stdin: they were not correctly processed and left encrypted in RAM (tmpfs).

        •  13 Jan 2014 13:02

          Release Notes: This release includes bugfixes to error handling, support for multiple and encrypted swap partitions, and qr code engraving. It also includes some minor code refactoring of key loading and loop mount check procedures. The tray app is update to GTK 3, and works simply with a tomb name as an argument. The documentation was updated accordingly.

          •  20 Jun 2013 11:13

            Release Notes: This release fixes a critical bug affecting Tomb 1.3 which broke backward compatibility with older tombs and invalidates keys created using that version (for details, see KNOWN_BUGS). New features include indexing and search of file contents, engraving of keys into QRCode to backup on paper, and a setkey function to replace the key file locking a tomb with a new one. Symmetric encryption is key files is improved; ciphers can be selected using -o, and AES256 is default. This release restores backward compatibility with all tombs, and users are strongly encouraged to upgrade.


            Project Spotlight


            A Fluent OpenStack client API for Java.


            Project Spotlight

            TurnKey TWiki Appliance

            A TWiki appliance that is easy to use and lightweight.