Tomb is an excellent command line tool for maintaining encrypted files. Tomb files can be stored on an Internet-facing server so that they can be accessed from anywhere in the world using any SSH client. An adversary would have to compromise said server, gain administrative privileges, and brute force the Tombs (if they have the key files) in order to recover the contents of said Tombs. Someone that is more “at risk” than me should invoke an air gap between the Internet and their Tombs. Managing your Tomb’s key files is a different matter that I’ll discuss later.
Read about Tomb here: http://www.dyne.org/software/tomb/
Download Tomb onto your Ubuntu server.
Rename the downloaded file.
mv .xsend.php?file=tomb%2Freleases%2FTomb-1.4.tar.gz Tomb-1.4.tar.gz
Download the SHA hash/checksum file.
View the Tomb tar file’s SHA hash.
View the Tomb tar file’s SHA checksum and compare it to the above hash–if they’re the same, continue with installation.
Unzip the Tomb tar file.
sudo tar -zxvf Tomb-1.4.tar.gz
Change into the newly created Tomb Directory.
sudo make install
Check that Tomb installed by checking its version.
Tomb 1.4 – a strong and gentle undertaker for your secrets
Copyright (C) 2007-2013 Dyne.org Foundation, License GNU GPL v3+
This is free software: you are free to change and redistribute it
The latest Tomb sourcecode is published on
This source code is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Please refer to the GNU Public License for more details.
Sudo version 1.8.6p3
gpg (GnuPG) 1.4.14 – key forging algorithms (GnuPG symmetric ciphers):
IDEA 3DES CAST5 BLOWFISH AES AES192 AES256 TWOFISH CAMELLIA128 CAMELLIA192 CAMELLIA256
Be sure to “shred” your Tombs or Tomb key files if you ever want to move them or delete them. If you’re moving your files, copy them first then shred the unwanted files. Do not simply move them.
sudo shred -f -v -z -u tomb.tomb.key