[Gnucash-fr] Comment sécurisez-vous vos données Gnuscash?

François Huot estb at globetrotter.net
Lun 7 Fév 17:50:27 EST 2011 

Bonjour,
je débute avec Gnucash et je voudrais savoir quel est la meilleure manière  
de chriffrer (crypter)ses données afin qu'elles demeurent confidentielles.
Je compte utiliser Truecrypt, GRsync ou SBackup pour chiffrer mes données  
dans un répertoire caché si possible, en autant que ma compréhension des  
textes anglais soit correcte.

Mes recherches sur internet mon permis de trouver quelques scripts  
intéressants mais j'aimerais avoir l'avis de connaisseurs en le dommaine,  
ce que je ne suis pas.
Pouvez-vous m'indiquer quel est la meilleure solution et pourquoi?

Voiçi donc les scripts en question:

1) Premier script
http://waronpants.net/?p=176
GnuCash Encryption  December 13th, 2010 | Scripts
Tags: encryption, gnucash, truecrypt

I created an encrypted disk image using TrueCrypt. Normally, I mount the  
image, use GnuCash along with any bank statements that I also put on the  
image, close GnuCash, then dismount the drive. I don’t leave the image  
mounted if I’m not actively using it.

Because I’m me, I scripted this.

#!/bin/sh

truecrypt $HOME/bank.tc /media/truecrypt52 && \
gnucash /media/truecrypt52/bank/GnuCash/bankstuff.gnucash && \
truecrypt -d $HOME/bank.tc

This hardly counts as a script. It’s only one line. However, this one line  
automates everything I usually do. I only have to double-click the script  
file, and everything is ready.

How It Works

The “&&” on each line means that the command after it will only run if the  
command before it runs successfully.

The first command mounts my encrypted bank image. I find that I have to  
use “/media/truecrypt??” where “??” is a one or two digit number. This  
command launches a dialog box to enter the image password. If the password  
is incorrectly entered, truecrypt returns 1 instead of 0 (success),  
exiting the script.

Then, GnuCash is opened. The script waits until I close GnuCash to  
continue. So far, I haven’t had GnuCash return anything but success.

The final line dismounts the image.

Caveats

All files relating to the encrypted image should be closed before closing  
GnuCash. Once GnuCash is closed, the script will try to dismount the  
drive. I don’t know if truecrypt will wait to dismount the drive if a file  
is currently open.

The paths to all of the files involved are hard-coded in the script. If  
you change any file names or paths, remember to update the script.
*********************************************************************************************
2) 2e script,
Celui-ci utilise Openssl en place de Truecrypt pour chiffrer les données,  
est-ce une meilleure solution?
Si non, ce script est-il meilleure que le précédent si Openssl est  
remplacé par Truecrypt?

http://pluton8.wordpress.com/2011/01/31/update-of-the-gnucash-encryption-script/

By GnuCash files encryption ... on the 31st of Jan 2011

#!/bin/bash
# This is a script to work with an encrypted gnucash file. It asks for the
# password, decrypts the file, runs gnucash, and encrypts it back. Logs and
# backups are shredded at the end.
# Author: pluton <plutonpluton at mail.ru>
# Version: 1.0 (Sat Jan 29 2011)
# License: GNU GPL 3

CP=/bin/cp
KDIALOG=/usr/bin/kdialog
OPENSSL=/usr/bin/openssl
GNUCASH=/usr/bin/gnucash
SHRED=/bin/shred
BASENAME=/usr/bin/basename
CHMOD=/bin/chmod

FILE=~/main
FILETMP="${FILE}.tmp"
TIMEOUT=2   # seconds
TITLE=$( $BASENAME $0 )

notify() {
     [ -n "$1" ] && text="$1" || text="?"
     $KDIALOG --passivepopup "$text" --title "$TITLE" $TIMEOUT
}

[ -e "$FILE" ] || { notify "File '$FILE' was not found"; exit 1; }

pass=$( $KDIALOG --password "Enter the password /GC/" )
[ "$pass" == "" ] && { notify "The password is empty"; exit 2; }

if ! $OPENSSL enc -d -aes-256-cbc -in "$FILE" -out "$FILETMP" -pass stdin  
<<EOF
${pass}
EOF
then
     notify "The password seems to be wrong"
     exit 3
fi
$CHMOD go= "$FILETMP"
$CP -f "$FILE" "${FILE}.bkp"
$GNUCASH "$FILETMP"
if ! $OPENSSL enc -e -aes-256-cbc -in "$FILETMP" -out "$FILE" -pass stdin  
<<EOF
${pass}
EOF
then
     notify "An error occured while encoding (code #$?)"
     exit 4
fi
unset pass
$SHRED -zun 2 "${FILETMP}"*
notify "Done"
******************************************************************************************
3) 3e solution proposée.
http://ubuntu-utah.ubuntuforums.org/showthread.php?p=3265493
Kilarin, August 27th, 2007, 10:28 PM

I _tried_ to register at the TrueCrypt forum. They are not exactly eager  
to help over there.
That seems odd, they have a pretty active forum over there.

I guess I'm looking for how to decrypt the volume after I encrypt it. I do  
not find anywhere the day-to-day usage instructions for this program. What  
would I do after I power up my computer? How do I put in the password? I'm  
just not finding useful documentation on TrueCrypt.

I decrypt and mount a truecrypt volume on Ubuntu FF 7 like this:
 From the terminal go into the media directory and create a new folder to  
mount the true crypt volume on. I named mine tc1 (for truecrypt1), but you  
can name it whatever you want. The commands to do this are:
cd /media <-this takes you to the media folder
sudo mkdir tc1 <-this creates the tc1 folder, you will have to enter your  
password

Now, you can mount your truecrypt volume on to tc1 using this command in  
the terminal:

truecrypt -u /media/sda1/mytruecryptvol /media/tc1

of course, change /media/sda1/mytruecryptvol to whatever the location and  
name of your encrypted truecrypt volume is.

You will now be prompted twice, once to enter your user password for root  
access, then again for the password of the encrypted volume.

Once you've typed both in, your truecrypt volume is mounted and available,  
a shortcut to it should appear on your desktop.

If the volume is formatted as ntfs so that you can also access it from  
windows, and assuming you have already installed ntfs-3g drivers for read  
write access to ntfs volumes, change your mount command to:

truecrypt -u /media/sda1/mytruecryptvol /media/tc1 --filesystem ntfs-3g

When you are ready to dismount the volume, enter the terminal command:
truecrypt -d /media/tc1

truecrypt -d
will dismount all volumes that are not currently busy.

Now then, there is another pesky and annoying detail. having to enter your  
user password every time you mount a volume, as well as the volume  
password, is quite... frustrating. you can eliminate this problem (at the  
cost of slightly lower security) by doing the following:

export EDITOR=gedit
sudo visudo

now you are editing the /etc/sudoers file. at end add:
yourusername ALL= NOPASSWD: /usr/bin/truecrypt

Save and exit and now truecrypt will not require your user password.

BUT, if you are mounting the same volume all the time, you don't really  
want to have to type in the terminal command every time you log on. So,  
you can set up a launcher like this:

right click top bar/add to panel/custom application launcher
type=application in terminal name=truecrypt-mount
command=truecrypt -u /media/sda1/mytruecryptvol /media/tc1

of course change the name to whatever you want, and the command to use the  
correct location of your encrypted volume and its mount point.

You can also create a "dismount all" launcher in a similar manner:

right click top bar/add to panel/custom application launcher
type=application in terminal name=truecrypt-dismount-all  
command=truecrypt-d


BUT, while clicking on a launcher is certainly more convenient than  
retyping the entire command into the terminal, well, you MIGHT just want  
to have the truecrypt volume mount automatically every time you log on,  
without you having to click ANYTHING, and this you can do! You just have  
to add the mount command to your session startup program list. And thats  
actually pretty easy to do:

System/Preferences/Sessions
 From the "Startup Programs" tab, click "New"
Name=truecrypt-mount
Command=/usr/bin/gnome-terminal -x /usr/bin/truecrypt -u  
media/disk/DCH/evol/dch /media/tc1

usr/bin/gnome-terminal -x /usr/bin/truecrypt -u /media/sda1/mytruecryptvol  
/media/tc1

Again using your own encrypted volume path and mount point. You need the  
gnome-terminal because you can't actually enter the password unless you  
have a terminal window to enter the password in!

One warning when using this method. If your encrypted volume is on a USB  
drive, this will probably not work because the USB drive will not be  
mounted when the startup programs run.

TrueCrypt is really a handy program. Good luck!
*******************************************************************************************
4) http://code.neil.williamsleesmill.me.uk/gnome2/gnc-gpg_8c-source.html
Ce dernier utilise GPG pour chiffrer les données
******************************************************************************************

J'en convient, c'est assez long pour un premier message, mais Gnucash  
n'est pas trop explicite à ce sujet.

Je compte sur vous pour trouver la meileure solution.

Merçi de votre collaboration.

François Huot
Montmagny, Québec

Rédigé avec M2, le client courriel révolutionnaire d'Opera :  
http://www.opera.com/mail/

Plus d'informations sur la liste de diffusion gnucash-fr