verum·v0.1

Operator-owned keys, biometric-gated

Trust is not a security model. Custody is.

verum holds your keys in hardware you control. Touch ID, Face ID, YubiKey unlock decryption inside the Secure Enclave or TPM. Threshold recovery splits the symmetric key across trusted parties. Hash-chained audit, on-chain anchored.

Install CLIbash, one lineOpen mobile appTestFlight, invite-only

Read the manifesto · See the source

Install on macOS or Linux

curl -fsSL https://verum.sh/install | bash

Or brew install ramene/tap/verum. Or build from source. The original git-crypt commands all still work; verum adds capabilities, not new vocabulary.

Hardware-backed identities

age (X25519), age-plugin-se for Apple Secure Enclave, FIDO2/WebAuthn PRF for Touch ID, Face ID, YubiKey, Windows Hello. Plus SSH, GPG, Ethereum wallet identities.

Threshold recovery

Split your symmetric key into Shamir M-of-N shares across trusted parties. No single party can reconstruct. Lose a device, recover with a quorum.

Hash-chained audit

Every access produces a SHA-256-chained entry. Tampering is detectable in a single verify call. Anchor the chain head on-chain for third-party-checkable proof.

Problems we solve

Custody, framed three ways.

What custody actually delivers — the promises verum makes and keeps.

Custody

  • Hardware-backed identity

    age (X25519) + Secure Enclave / FIDO2 PRF — keys never leave hardware.

  • Threshold recovery

    Shamir M-of-N across trusted parties — no single party can rebuild it.

  • Hash-chained audit

    SHA-256-chained entries, anchored on-chain, third-party-checkable.

Handoff

  • Signed claim release

    Biometric-gated artifact delivery with a cryptographic receipt.

  • Source protection

    Journalist and source talk end-to-end. No platform can read either side.

  • Editor pre-publish

    Share with editor, revoke with one click, audit who saw what when.

Domain

  • Healthcare PHI custody

    Clinician keys live on the device. Insurer and lab releases are signed and logged.

  • Secrets in code

    git-crypt origin use case, every unlock now biometric and chained.

  • Creator authorship

    Sign every artifact you publish. Readers verify against your public profile.

Continuity

  • Lost-device recovery

    Quorum of M-of-N parties reconstruct without trusting verum.sh.

  • Hardware migration

    Add a new YubiKey, biometric-confirm migration, quorum sign-off.

  • Estate inheritance

    Designated successors with quorum unlock. Works without you or us.

Composes with

Verum is the substrate. mae and appmaestro are what you build on it.

mae

Local-first writing CLI

Visit
  • Vault-at-rest encryption with biometric unlock. mae writes, verum encrypts, Touch ID unlocks.
  • Signed publish pipeline. mae produces the artifact. verum signs the claim. The reader verifies the signature against your public profile.
  • Redaction with cryptographic audit. mae redacts PHI from notes at rest. verum chains every redaction into the operator-owned audit log.

appmaestro

Obsidian extension and product

Visit
  • Operator-signed authorship on every published note. No platform in the trust chain.
  • Editor handoff with revocation and audit. Editor sees the manuscript without verum.sh or appmaestro.ai ever holding plaintext.
  • BAA-grade publish flow for clinician writers. PHI redacted on disk, audit chain anchored, release signed.

Forked from AGWA/git-crypt v0.8.0 in March 2026. 34 verum commits on top of 185 from upstream. The binary and command set are preserved; verum adds capabilities, not new vocabulary.