Graveyard

Graveyard is dead-simple portable encryption application and library. It manages “graves,” encrypted file archives, meaning it requires to elevated permissions.

Graveyard has a single goal: Encrypt files securely. It does not try to provide a way to send, sync, or back them up, granted all graves are stored in one directory — so backups should be pretty simple.

Installation

From GitHub Releases (Recommend)

On Linux, and macOS, this can be done with the curl and install commands:

curl -LO https://github.com/BetaPictoris/graveyard/releases/latest/download/grave

# For a global install
sudo install -Dt /usr/local/bin -m 755 ./grave

# For a user install
install -Dt ~/.local/bin -m 755 ./grave

On Windows you’ll need to download the grave.exe file from releases and store it in a location that PATH can find.

From Source

In order to build and install Graveyard from source you’ll need:

• Go (1.21.0+)
• Make (optional)

Afterwards, clone the repository:

git clone https://github.com/betapictoris/graveyard.git
cd ./graveyard/

Then, you can build and install globally on UNIX systems with one of the following commands:

# Using Make
sudo make install

# Using Go directly
mkdir build
go build -o ./build/grave ./cmd/main.go
sudo install -Dt /usr/local/bin -m 755 ./build/grave

If you don’t have permissions to modify /usr/local/bin or to run commands as root you can do a user install:

# Using Make
make usrinstall

# Using Go directly
mkdir build
go build -o ./build/grave ./cmd/main.go
install -Dt ~/.local/bin -m 755 ./build/grave

Usage

Usage of grave:
  -bury string
        Close an open grave under the given name.
  -dig string
        Dig a new grave under the given name.
  -exhume string
        Open a buried grave under the give name.
  -list
        Show all graves that the superintendent has keys for.
  -obituary
        Show all open graves.
  -path string
        Set the app path. (default "~/.graveyard" or "$XDG_DATA_HOME/graveyard")

Advanced Usage & Understanding

There are two components that most users interact with Graveyard:

• The graveyard library, which provides building blocks for applications to encrypt files.
• The grave command line utility, which is an simple interface for the library.

There are only three concepts which you need to form an advanced understanding of Graveyard:

• Super intendent: The super intendent runs at the graveyard library level. It manages everything that Graveyard needs to run.
• Grave: A grave is a location where the a user’s files that the super intendent will manage are stored.
• Keys: These are stored in the keys file as Argon2 hashes, and store information that the super intendent needs to decrypt the files.

Additionally, there are three states to a grave:

• Buried: the graves are encrypted tar gunzips (ending in .buried), this is when your files are secured.
• Compressed: these are unencrypted tar gunzips (ending in .tar.gz), this is an intermediate stage between being exhumed and buried – if all goes well you should not see this stage as an end-user.
• Exhumed: these are unencrypted directories of all files stored, this is the stage where you can modify the files.