Implemented encryption mechanism for data

This commit is contained in:
Kevin Veen-Birkenbach 2019-09-30 17:19:27 +02:00
parent affcc26512
commit dc72bd5d31
8 changed files with 40 additions and 17 deletions

1
.gitignore vendored
View File

@ -1 +1,2 @@
data/
.encrypted/

View File

@ -4,7 +4,7 @@
This repository contains scripts to set up an working client system, maintain it and to save the data on an USB stick.
It's adapted to the needs of Kevin Veen-Birkenbach aka. Frantz.
## Requirements
This script is optimized for a [Manjaro Linux](https://manjaro.org) with [GNOME desktop](https://www.gnome.org/?).
This script is optimized for a [Manjaro Linux](https://manjaro.org) with [GNOME desktop](https://www.gnome.org/?).
Specific system requirements are described in the [.travis file](./.travis).
## Functions
@ -23,15 +23,21 @@ To export configuration files to the system you have to execute:
```bash
bash ./scripts/export-data-to-system.sh
```
### Decrypt Data
### Unlock Data
To decrypt the data you have to execute:
```bash
bash ./scripts/decrypt-data.sh
bash ./scripts/unlock.sh
```
### Encrypt Data
### Lock Data
To encrypt the data you have to execute:
```bash
bash ./scripts/encrypt-data.sh
bash ./scripts/lock.sh
```
### Change Data Password
To change the encryption password you have to type in:
```bash
encfsctl passwd .encrypted
```
## License
The ["GNU GENERAL PUBLIC LICENSE Version 3"](./LICENSE.txt) applies to this project.

View File

@ -1 +0,0 @@
#!/bin/bash

View File

@ -1 +0,0 @@
#!/bin/bash

View File

@ -3,6 +3,11 @@
# @author Kevin Veen-Birkenbach [aka. Frantz]
# @param $1 If the first parameter is "reverse" the data will be exported to the system
DATA_FOLDER=$(readlink -f "$(dirname "$(readlink -f "${0}")")/../data");
if [ -z $(mount | grep $DATA_FOLDER) ]
then
echo "The data folder $DATA_FOLDER is locked. You need to unlock it!"
bash "$(dirname "$(readlink -f "${0}")")/unlock.sh" || exit 1;
fi
declare -a BACKUP_LIST=("$HOME/.ssh/" "$HOME/.gitconfig");
for system_item_path in "${BACKUP_LIST[@]}";
do
@ -31,11 +36,11 @@ do
cp -vi "$source" "$destination"
else
if [ -d "$source" ]
then
echo "Copy data from directory $source to directory $destination_dir..."
cp -vir "$source" "$destination_dir"
else
echo "$source doesn't exist. Copying data is not possible."
fi
then
echo "Copy data from directory $source to directory $destination_dir..."
cp -vir "$source" "$destination_dir"
else
echo "$source doesn't exist. Copying data is not possible."
fi
fi
done

6
scripts/lock.sh Normal file
View File

@ -0,0 +1,6 @@
#!/bin/bash
# Locks the data
# @author Kevin Veen-Birkenbach [aka. Frantz]
DECRYPTED=$(readlink -f "$(dirname "$(readlink -f "${0}")")/../data");
echo "Locking directory: $DECRYPTED"
fusermount -u $DECRYPTED && echo "Data is now encrypted."

View File

@ -1,13 +1,13 @@
#!/bin/bash
echo "--------------------------------------------"
echo "Customized Pacman Core Software"
echo "--------------------------------------------"
echo ""
echo "Start setup of customized core software..."
echo "Synchronising packages..."
echo "Synchronizing programing languages..."
sudo pacman --needed -S jdk11-openjdk python php
echo "Synchronizing administration tools..."
sudo pacman --needed -S htop tree git base-devel yay make gcc cmake
echo "Synchronizing security tools..."
sudo pacman --needed -S ecryptfs-utils encfs
echo "Setup SSH key"
ssh_key_path="$HOME/.ssh/id_rsa"
if [ ! -f "$ssh_key_path" ]; then
echo "SSH key $ssh_key_path doesn't exists!"

7
scripts/unlock.sh Normal file
View File

@ -0,0 +1,7 @@
#!/bin/bash
# Unlocks the data
# @author Kevin Veen-Birkenbach [aka. Frantz]
ENCRYPTED=$(readlink -f "$(dirname "$(readlink -f "${0}")")/../.encrypted");
DECRYPTED=$(readlink -f "$(dirname "$(readlink -f "${0}")")/../data");
echo "Unlocking directory: $DECRYPTED"
encfs $ENCRYPTED $DECRYPTED && echo "ATTENTION: DATA IS NOW DECRYPTED!"