From dc72bd5d31fec8dc052ca50fef8b6a80b36dd042 Mon Sep 17 00:00:00 2001 From: "Kevin Veen-Birkenbach [aka. Frantz]" Date: Mon, 30 Sep 2019 17:19:27 +0200 Subject: [PATCH] Implemented encryption mechanism for data --- .gitignore | 1 + README.md | 16 +++++++++++----- scripts/decrypt-data.sh | 1 - scripts/encrypt-data.sh | 1 - scripts/import-data-from-system.sh | 17 +++++++++++------ scripts/lock.sh | 6 ++++++ scripts/system-setup.sh | 8 ++++---- scripts/unlock.sh | 7 +++++++ 8 files changed, 40 insertions(+), 17 deletions(-) delete mode 100644 scripts/decrypt-data.sh delete mode 100644 scripts/encrypt-data.sh create mode 100644 scripts/lock.sh create mode 100644 scripts/unlock.sh diff --git a/.gitignore b/.gitignore index 8fce603..79efc04 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ data/ +.encrypted/ diff --git a/README.md b/README.md index af96a6f..fd83a82 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,7 @@ This repository contains scripts to set up an working client system, maintain it and to save the data on an USB stick. It's adapted to the needs of Kevin Veen-Birkenbach aka. Frantz. ## Requirements -This script is optimized for a [Manjaro Linux](https://manjaro.org) with [GNOME desktop](https://www.gnome.org/?). +This script is optimized for a [Manjaro Linux](https://manjaro.org) with [GNOME desktop](https://www.gnome.org/?). Specific system requirements are described in the [.travis file](./.travis). ## Functions @@ -23,15 +23,21 @@ To export configuration files to the system you have to execute: ```bash bash ./scripts/export-data-to-system.sh ``` -### Decrypt Data +### Unlock Data To decrypt the data you have to execute: ```bash -bash ./scripts/decrypt-data.sh +bash ./scripts/unlock.sh ``` -### Encrypt Data +### Lock Data To encrypt the data you have to execute: ```bash -bash ./scripts/encrypt-data.sh +bash ./scripts/lock.sh +``` + +### Change Data Password +To change the encryption password you have to type in: +```bash +encfsctl passwd .encrypted ``` ## License The ["GNU GENERAL PUBLIC LICENSE Version 3"](./LICENSE.txt) applies to this project. diff --git a/scripts/decrypt-data.sh b/scripts/decrypt-data.sh deleted file mode 100644 index a9bf588..0000000 --- a/scripts/decrypt-data.sh +++ /dev/null @@ -1 +0,0 @@ -#!/bin/bash diff --git a/scripts/encrypt-data.sh b/scripts/encrypt-data.sh deleted file mode 100644 index a9bf588..0000000 --- a/scripts/encrypt-data.sh +++ /dev/null @@ -1 +0,0 @@ -#!/bin/bash diff --git a/scripts/import-data-from-system.sh b/scripts/import-data-from-system.sh index 23d42d0..e140b3c 100644 --- a/scripts/import-data-from-system.sh +++ b/scripts/import-data-from-system.sh @@ -3,6 +3,11 @@ # @author Kevin Veen-Birkenbach [aka. Frantz] # @param $1 If the first parameter is "reverse" the data will be exported to the system DATA_FOLDER=$(readlink -f "$(dirname "$(readlink -f "${0}")")/../data"); +if [ -z $(mount | grep $DATA_FOLDER) ] + then + echo "The data folder $DATA_FOLDER is locked. You need to unlock it!" + bash "$(dirname "$(readlink -f "${0}")")/unlock.sh" || exit 1; +fi declare -a BACKUP_LIST=("$HOME/.ssh/" "$HOME/.gitconfig"); for system_item_path in "${BACKUP_LIST[@]}"; do @@ -31,11 +36,11 @@ do cp -vi "$source" "$destination" else if [ -d "$source" ] - then - echo "Copy data from directory $source to directory $destination_dir..." - cp -vir "$source" "$destination_dir" - else - echo "$source doesn't exist. Copying data is not possible." - fi + then + echo "Copy data from directory $source to directory $destination_dir..." + cp -vir "$source" "$destination_dir" + else + echo "$source doesn't exist. Copying data is not possible." + fi fi done diff --git a/scripts/lock.sh b/scripts/lock.sh new file mode 100644 index 0000000..eb99670 --- /dev/null +++ b/scripts/lock.sh @@ -0,0 +1,6 @@ +#!/bin/bash +# Locks the data +# @author Kevin Veen-Birkenbach [aka. Frantz] +DECRYPTED=$(readlink -f "$(dirname "$(readlink -f "${0}")")/../data"); +echo "Locking directory: $DECRYPTED" +fusermount -u $DECRYPTED && echo "Data is now encrypted." diff --git a/scripts/system-setup.sh b/scripts/system-setup.sh index 6f84ece..d21b74b 100644 --- a/scripts/system-setup.sh +++ b/scripts/system-setup.sh @@ -1,13 +1,13 @@ #!/bin/bash -echo "--------------------------------------------" -echo "Customized Pacman Core Software" -echo "--------------------------------------------" -echo "" +echo "Start setup of customized core software..." echo "Synchronising packages..." echo "Synchronizing programing languages..." sudo pacman --needed -S jdk11-openjdk python php echo "Synchronizing administration tools..." sudo pacman --needed -S htop tree git base-devel yay make gcc cmake +echo "Synchronizing security tools..." +sudo pacman --needed -S ecryptfs-utils encfs +echo "Setup SSH key" ssh_key_path="$HOME/.ssh/id_rsa" if [ ! -f "$ssh_key_path" ]; then echo "SSH key $ssh_key_path doesn't exists!" diff --git a/scripts/unlock.sh b/scripts/unlock.sh new file mode 100644 index 0000000..cecda5b --- /dev/null +++ b/scripts/unlock.sh @@ -0,0 +1,7 @@ +#!/bin/bash +# Unlocks the data +# @author Kevin Veen-Birkenbach [aka. Frantz] +ENCRYPTED=$(readlink -f "$(dirname "$(readlink -f "${0}")")/../.encrypted"); +DECRYPTED=$(readlink -f "$(dirname "$(readlink -f "${0}")")/../data"); +echo "Unlocking directory: $DECRYPTED" +encfs $ENCRYPTED $DECRYPTED && echo "ATTENTION: DATA IS NOW DECRYPTED!"