Implemented encryption mechanism for data

This commit is contained in:
Kevin Veen-Birkenbach 2019-09-30 17:19:27 +02:00
parent affcc26512
commit dc72bd5d31
8 changed files with 40 additions and 17 deletions

1
.gitignore vendored
View File

@ -1 +1,2 @@
data/ data/
.encrypted/

View File

@ -23,15 +23,21 @@ To export configuration files to the system you have to execute:
```bash ```bash
bash ./scripts/export-data-to-system.sh bash ./scripts/export-data-to-system.sh
``` ```
### Decrypt Data ### Unlock Data
To decrypt the data you have to execute: To decrypt the data you have to execute:
```bash ```bash
bash ./scripts/decrypt-data.sh bash ./scripts/unlock.sh
``` ```
### Encrypt Data ### Lock Data
To encrypt the data you have to execute: To encrypt the data you have to execute:
```bash ```bash
bash ./scripts/encrypt-data.sh bash ./scripts/lock.sh
```
### Change Data Password
To change the encryption password you have to type in:
```bash
encfsctl passwd .encrypted
``` ```
## License ## License
The ["GNU GENERAL PUBLIC LICENSE Version 3"](./LICENSE.txt) applies to this project. The ["GNU GENERAL PUBLIC LICENSE Version 3"](./LICENSE.txt) applies to this project.

View File

@ -1 +0,0 @@
#!/bin/bash

View File

@ -1 +0,0 @@
#!/bin/bash

View File

@ -3,6 +3,11 @@
# @author Kevin Veen-Birkenbach [aka. Frantz] # @author Kevin Veen-Birkenbach [aka. Frantz]
# @param $1 If the first parameter is "reverse" the data will be exported to the system # @param $1 If the first parameter is "reverse" the data will be exported to the system
DATA_FOLDER=$(readlink -f "$(dirname "$(readlink -f "${0}")")/../data"); DATA_FOLDER=$(readlink -f "$(dirname "$(readlink -f "${0}")")/../data");
if [ -z $(mount | grep $DATA_FOLDER) ]
then
echo "The data folder $DATA_FOLDER is locked. You need to unlock it!"
bash "$(dirname "$(readlink -f "${0}")")/unlock.sh" || exit 1;
fi
declare -a BACKUP_LIST=("$HOME/.ssh/" "$HOME/.gitconfig"); declare -a BACKUP_LIST=("$HOME/.ssh/" "$HOME/.gitconfig");
for system_item_path in "${BACKUP_LIST[@]}"; for system_item_path in "${BACKUP_LIST[@]}";
do do
@ -31,11 +36,11 @@ do
cp -vi "$source" "$destination" cp -vi "$source" "$destination"
else else
if [ -d "$source" ] if [ -d "$source" ]
then then
echo "Copy data from directory $source to directory $destination_dir..." echo "Copy data from directory $source to directory $destination_dir..."
cp -vir "$source" "$destination_dir" cp -vir "$source" "$destination_dir"
else else
echo "$source doesn't exist. Copying data is not possible." echo "$source doesn't exist. Copying data is not possible."
fi fi
fi fi
done done

6
scripts/lock.sh Normal file
View File

@ -0,0 +1,6 @@
#!/bin/bash
# Locks the data
# @author Kevin Veen-Birkenbach [aka. Frantz]
DECRYPTED=$(readlink -f "$(dirname "$(readlink -f "${0}")")/../data");
echo "Locking directory: $DECRYPTED"
fusermount -u $DECRYPTED && echo "Data is now encrypted."

View File

@ -1,13 +1,13 @@
#!/bin/bash #!/bin/bash
echo "--------------------------------------------" echo "Start setup of customized core software..."
echo "Customized Pacman Core Software"
echo "--------------------------------------------"
echo ""
echo "Synchronising packages..." echo "Synchronising packages..."
echo "Synchronizing programing languages..." echo "Synchronizing programing languages..."
sudo pacman --needed -S jdk11-openjdk python php sudo pacman --needed -S jdk11-openjdk python php
echo "Synchronizing administration tools..." echo "Synchronizing administration tools..."
sudo pacman --needed -S htop tree git base-devel yay make gcc cmake sudo pacman --needed -S htop tree git base-devel yay make gcc cmake
echo "Synchronizing security tools..."
sudo pacman --needed -S ecryptfs-utils encfs
echo "Setup SSH key"
ssh_key_path="$HOME/.ssh/id_rsa" ssh_key_path="$HOME/.ssh/id_rsa"
if [ ! -f "$ssh_key_path" ]; then if [ ! -f "$ssh_key_path" ]; then
echo "SSH key $ssh_key_path doesn't exists!" echo "SSH key $ssh_key_path doesn't exists!"

7
scripts/unlock.sh Normal file
View File

@ -0,0 +1,7 @@
#!/bin/bash
# Unlocks the data
# @author Kevin Veen-Birkenbach [aka. Frantz]
ENCRYPTED=$(readlink -f "$(dirname "$(readlink -f "${0}")")/../.encrypted");
DECRYPTED=$(readlink -f "$(dirname "$(readlink -f "${0}")")/../data");
echo "Unlocking directory: $DECRYPTED"
encfs $ENCRYPTED $DECRYPTED && echo "ATTENTION: DATA IS NOW DECRYPTED!"