Implemented encryption mechanism for data

.gitignore

@@ -1 +1,2 @@
 data/
+.encrypted/

README.md

@@ -4,7 +4,7 @@
 This repository contains scripts to set up an working client system, maintain it and to save the data on an USB stick.
 It's adapted to the needs of Kevin Veen-Birkenbach aka. Frantz.
 ## Requirements
-This script is optimized for a [Manjaro Linux](https://manjaro.org) with [GNOME desktop](https://www.gnome.org/?). 
+This script is optimized for a [Manjaro Linux](https://manjaro.org) with [GNOME desktop](https://www.gnome.org/?).
 Specific system requirements are described in the [.travis file](./.travis).
 
 ## Functions
@@ -23,15 +23,21 @@ To export configuration files to the system you have to execute:
 ```bash
 bash ./scripts/export-data-to-system.sh
 ```
-### Decrypt Data
+### Unlock Data
 To decrypt the data you have to execute:
 ```bash
-bash ./scripts/decrypt-data.sh
+bash ./scripts/unlock.sh
 ```
-### Encrypt Data
+### Lock Data
 To encrypt the data you have to execute:
 ```bash
-bash ./scripts/encrypt-data.sh
+bash ./scripts/lock.sh
+```
+
+### Change Data Password
+To change the encryption password you have to type in:
+```bash
+encfsctl passwd .encrypted
 ```
 ## License
 The ["GNU GENERAL PUBLIC LICENSE Version 3"](./LICENSE.txt) applies to this project.

scripts/decrypt-data.sh

@@ -1 +0,0 @@
-#!/bin/bash

scripts/encrypt-data.sh

@@ -1 +0,0 @@
-#!/bin/bash

scripts/import-data-from-system.sh

@@ -3,6 +3,11 @@
 # @author Kevin Veen-Birkenbach [aka. Frantz]
 # @param $1 If the first parameter is "reverse" the data will be exported to the system
 DATA_FOLDER=$(readlink -f "$(dirname "$(readlink -f "${0}")")/../data");
+if [ -z $(mount | grep $DATA_FOLDER) ]
+  then
+    echo "The data folder $DATA_FOLDER is locked. You need to unlock it!"
+    bash "$(dirname "$(readlink -f "${0}")")/unlock.sh" || exit 1;
+fi
 declare -a BACKUP_LIST=("$HOME/.ssh/" "$HOME/.gitconfig");
 for system_item_path in "${BACKUP_LIST[@]}";
 do
@@ -31,11 +36,11 @@ do
         cp -vi "$source" "$destination"
       else
         if [ -d "$source" ]
-        then
+          then
-          echo "Copy data from directory $source to directory $destination_dir..."
+            echo "Copy data from directory $source to directory $destination_dir..."
-          cp -vir "$source" "$destination_dir"
+            cp -vir "$source" "$destination_dir"
-        else
+          else
-          echo "$source doesn't exist. Copying data is not possible."
+            echo "$source doesn't exist. Copying data is not possible."
-      fi
+        fi
     fi
 done

scripts/lock.sh

@@ -0,0 +1,6 @@
+#!/bin/bash
+# Locks the data
+# @author Kevin Veen-Birkenbach [aka. Frantz]
+DECRYPTED=$(readlink -f "$(dirname "$(readlink -f "${0}")")/../data");
+echo "Locking directory: $DECRYPTED"
+fusermount -u $DECRYPTED && echo "Data is now encrypted."

scripts/system-setup.sh

@@ -1,13 +1,13 @@
 #!/bin/bash
-echo "--------------------------------------------"
+echo "Start setup of customized core software..."
-echo "Customized Pacman Core Software"
-echo "--------------------------------------------"
-echo ""
 echo "Synchronising packages..."
 echo "Synchronizing programing languages..."
 sudo pacman --needed -S jdk11-openjdk python php
 echo "Synchronizing administration tools..."
 sudo pacman --needed -S htop tree git base-devel yay make gcc cmake
+echo "Synchronizing security tools..."
+sudo pacman --needed -S ecryptfs-utils encfs
+echo "Setup SSH key"
 ssh_key_path="$HOME/.ssh/id_rsa"
 if [ ! -f "$ssh_key_path" ]; then
 	echo "SSH key $ssh_key_path doesn't exists!"

scripts/unlock.sh

@@ -0,0 +1,7 @@
+#!/bin/bash
+# Unlocks the data
+# @author Kevin Veen-Birkenbach [aka. Frantz]
+ENCRYPTED=$(readlink -f "$(dirname "$(readlink -f "${0}")")/../.encrypted");
+DECRYPTED=$(readlink -f "$(dirname "$(readlink -f "${0}")")/../data");
+echo "Unlocking directory: $DECRYPTED"
+encfs $ENCRYPTED $DECRYPTED && echo "ATTENTION: DATA IS NOW DECRYPTED!"