PrivacyTools.io
Tomb logo

Tomb

Open SourceFor expertsLinux
Official website dyne.org/software/tomb
GitHub ★ 1.6k Website
Screenshot of the Tomb website

Tomb is an open-source Linux CLI tool that creates and manages encrypted volumes using dm-crypt and LUKS. It wraps the standard kernel encryption stack in a simple shell script, with optional steganographic key hiding and FIDO2 support.

Our take

Tomb’s key strength is simplicity of implementation: the main program is a readable shell script built on top of dm-crypt and LUKS, which are the same primitives that underpin most Linux disk encryption. The optional steganographic key storage (hiding the key file inside a JPEG) is a genuinely useful operational security feature for adversarial scenarios. It is Linux-only and requires root access to mount volumes, so it does not fit casual desktop use. Reach for Tomb if you want auditable, composable encryption containers on Linux without adding new cryptographic dependencies.

GitHub at a glance
dyne/Tomb
Stars
1,567
+ 0 this week
Last commit
6mo ago
slowing
License
GPL-3.0
Stars, last 9d

Listed in

File Encryption

Tomb alternatives

VERNAM A free, fully client-side file encryptor that runs in your browser. Drop in any file, set or generate a passphrase, and it seals the result into its own .vrn format. Nothing is ever uploaded, and it works offline.
VeraCrypt It can create a virtual encrypted disk that works just like a regular disk but within a file. It can also encrypt a partition or the entire storage device with pre-boot…
Cryptomator Cryptomator encrypts your data quickly and easily. Afterwards you upload them protected to a cloud service.
7-Zip File archiver with a high compression ratio and built-in encryption functionality.
GnuPG GnuPG (GNU Privacy Guard) is the free, GPL-licensed implementation of the OpenPGP standard. A command-line tool for Linux, macOS, and Windows, it encrypts and signs files and email, and manages public-key directories.
Gpg4win Gpg4win is the official Windows installer for GnuPG, bundling the Kleopatra certificate manager and GpgOL for Outlook integration. It provides OpenPGP and S/MIME encryption for files and email on Windows.
Tomb license, in plain English
GPL-3.0
Strong copyleft

Free to use and modify, but anything you distribute that is built on it must also be open under the same license.

Permits

  • Commercial use
  • Modification
  • Distribution
  • Patent use
  • Private use

Requires

  • Disclose source
  • Same license
  • State changes
  • License and copyright notice

Does not provide

  • Liability cover
  • Warranty

Why it matters: Strong copyleft keeps every distributed version open. A vendor cannot fold this into a closed product and ship it without releasing their changes.

Plain-language summary of the project's license, not legal advice. Read the full text for the exact terms.