After discovering Tomb, and a few personal issues with it, I decided to write a very similar program that doesn’t require root access and compiles to a single binary: Graveyard.
Additional information and source code: GitHub.
Also, sorry about the ugly terminal colors, I recently just switched to Artix and haven’t gotten around to making everything look amazing.
Edit: Cleaned up some stuff
It looks like the key-derivation function used here is just a single iteration of sha256 followed by truncating.
I’m not a security expert, but I’m pretty sure that’s insecure.
Consider using PBKDF2 or Argon2.
Gosh, I’ve really messed up. Fixing immediately, thank you for bring this to my attention – and I apologize to all y’all.
Again, I’m not a security expert, so maybe your original version was fine for this use case.
But since dedicated password-based key derivation functions exist, you should probably stick to one of those instead of rolling your own.
Thanks for fixing this quickly!