Implemented encryption mechanism for data

This commit is contained in:
Kevin Veen-Birkenbach 2019-09-30 17:19:27 +02:00
parent affcc26512
commit dc72bd5d31
8 changed files with 40 additions and 17 deletions

1
.gitignore vendored
View File

@ -1 +1,2 @@
data/ data/
.encrypted/

View File

@ -4,7 +4,7 @@
This repository contains scripts to set up an working client system, maintain it and to save the data on an USB stick. This repository contains scripts to set up an working client system, maintain it and to save the data on an USB stick.
It's adapted to the needs of Kevin Veen-Birkenbach aka. Frantz. It's adapted to the needs of Kevin Veen-Birkenbach aka. Frantz.
## Requirements ## Requirements
This script is optimized for a [Manjaro Linux](https://manjaro.org) with [GNOME desktop](https://www.gnome.org/?). This script is optimized for a [Manjaro Linux](https://manjaro.org) with [GNOME desktop](https://www.gnome.org/?).
Specific system requirements are described in the [.travis file](./.travis). Specific system requirements are described in the [.travis file](./.travis).
## Functions ## Functions
@ -23,15 +23,21 @@ To export configuration files to the system you have to execute:
```bash ```bash
bash ./scripts/export-data-to-system.sh bash ./scripts/export-data-to-system.sh
``` ```
### Decrypt Data ### Unlock Data
To decrypt the data you have to execute: To decrypt the data you have to execute:
```bash ```bash
bash ./scripts/decrypt-data.sh bash ./scripts/unlock.sh
``` ```
### Encrypt Data ### Lock Data
To encrypt the data you have to execute: To encrypt the data you have to execute:
```bash ```bash
bash ./scripts/encrypt-data.sh bash ./scripts/lock.sh
```
### Change Data Password
To change the encryption password you have to type in:
```bash
encfsctl passwd .encrypted
``` ```
## License ## License
The ["GNU GENERAL PUBLIC LICENSE Version 3"](./LICENSE.txt) applies to this project. The ["GNU GENERAL PUBLIC LICENSE Version 3"](./LICENSE.txt) applies to this project.

View File

@ -1 +0,0 @@
#!/bin/bash

View File

@ -1 +0,0 @@
#!/bin/bash

View File

@ -3,6 +3,11 @@
# @author Kevin Veen-Birkenbach [aka. Frantz] # @author Kevin Veen-Birkenbach [aka. Frantz]
# @param $1 If the first parameter is "reverse" the data will be exported to the system # @param $1 If the first parameter is "reverse" the data will be exported to the system
DATA_FOLDER=$(readlink -f "$(dirname "$(readlink -f "${0}")")/../data"); DATA_FOLDER=$(readlink -f "$(dirname "$(readlink -f "${0}")")/../data");
if [ -z $(mount | grep $DATA_FOLDER) ]
then
echo "The data folder $DATA_FOLDER is locked. You need to unlock it!"
bash "$(dirname "$(readlink -f "${0}")")/unlock.sh" || exit 1;
fi
declare -a BACKUP_LIST=("$HOME/.ssh/" "$HOME/.gitconfig"); declare -a BACKUP_LIST=("$HOME/.ssh/" "$HOME/.gitconfig");
for system_item_path in "${BACKUP_LIST[@]}"; for system_item_path in "${BACKUP_LIST[@]}";
do do
@ -31,11 +36,11 @@ do
cp -vi "$source" "$destination" cp -vi "$source" "$destination"
else else
if [ -d "$source" ] if [ -d "$source" ]
then then
echo "Copy data from directory $source to directory $destination_dir..." echo "Copy data from directory $source to directory $destination_dir..."
cp -vir "$source" "$destination_dir" cp -vir "$source" "$destination_dir"
else else
echo "$source doesn't exist. Copying data is not possible." echo "$source doesn't exist. Copying data is not possible."
fi fi
fi fi
done done

6
scripts/lock.sh Normal file
View File

@ -0,0 +1,6 @@
#!/bin/bash
# Locks the data
# @author Kevin Veen-Birkenbach [aka. Frantz]
DECRYPTED=$(readlink -f "$(dirname "$(readlink -f "${0}")")/../data");
echo "Locking directory: $DECRYPTED"
fusermount -u $DECRYPTED && echo "Data is now encrypted."

View File

@ -1,13 +1,13 @@
#!/bin/bash #!/bin/bash
echo "--------------------------------------------" echo "Start setup of customized core software..."
echo "Customized Pacman Core Software"
echo "--------------------------------------------"
echo ""
echo "Synchronising packages..." echo "Synchronising packages..."
echo "Synchronizing programing languages..." echo "Synchronizing programing languages..."
sudo pacman --needed -S jdk11-openjdk python php sudo pacman --needed -S jdk11-openjdk python php
echo "Synchronizing administration tools..." echo "Synchronizing administration tools..."
sudo pacman --needed -S htop tree git base-devel yay make gcc cmake sudo pacman --needed -S htop tree git base-devel yay make gcc cmake
echo "Synchronizing security tools..."
sudo pacman --needed -S ecryptfs-utils encfs
echo "Setup SSH key"
ssh_key_path="$HOME/.ssh/id_rsa" ssh_key_path="$HOME/.ssh/id_rsa"
if [ ! -f "$ssh_key_path" ]; then if [ ! -f "$ssh_key_path" ]; then
echo "SSH key $ssh_key_path doesn't exists!" echo "SSH key $ssh_key_path doesn't exists!"

7
scripts/unlock.sh Normal file
View File

@ -0,0 +1,7 @@
#!/bin/bash
# Unlocks the data
# @author Kevin Veen-Birkenbach [aka. Frantz]
ENCRYPTED=$(readlink -f "$(dirname "$(readlink -f "${0}")")/../.encrypted");
DECRYPTED=$(readlink -f "$(dirname "$(readlink -f "${0}")")/../data");
echo "Unlocking directory: $DECRYPTED"
encfs $ENCRYPTED $DECRYPTED && echo "ATTENTION: DATA IS NOW DECRYPTED!"