Quicken to GnuCash (Windows) (Charles Day)

Donald Allen donaldcallen at gmail.com
Mon Dec 3 10:03:45 EST 2007


Oops -- I left out a pretty important step in the script -- removing
the temporary, unencrypted file when done! Better:

#! /bin/bash

##Invoked by
##secure_gnucash <encrypted gnucash file> <recipient>

ENCRYPTED_GNUCASH_FILE=$1
TEMPORARY_WORKING_FILE=`mktemp -p /tmp`
ENCRYPTION_RECIPIENT=$2

gpg --output $TEMPORARY_WORKING_FILE $ENCRYPTED_GNUCASH_FILE

gnucash $TEMPORARY_WORKING_FILE

gpg -e -r "$ENCRYPTION_RECIPIENT" --output=$ENCRYPTED_GNUCASH_FILE
$TEMPORARY_WORKING_FILE

rm $TEMPORARY_WORKING_FILE


On Dec 3, 2007 9:57 AM, Donald Allen <donaldcallen at gmail.com> wrote:
> Regarding Charles Day's very reasonable desire to maintain his gnucash
> file(s) in encrypted form, I agree with him -- it would be a very
> useful addition to gnucash to provide an encryption option.
>
> A stopgap partial solution for Charles: maintain your gnucash file
> encrypted and use something like the following script:
>
> #! /bin/bash
>
> ENCRYPTED_GNUCASH_FILE=$1
> TEMPORARY_WORKING_FILE=`mktemp -p /tmp`
> RECIPIENT=$2
>
> gpg --output $TEMPORARY_WORKING_FILE $ENCRYPTED_GNUCASH_FILE
>
> gnucash $TEMPORARY_WORKING_FILE
>
> gpg -e -r "$RECIPIENT" --output=$ENCRYPTED_GNUCASH_FILE $TEMPORARY_WORKING_FILE
>
> If you name the script more_secure_gnucash, you would invoke it as
>
> more_secure_gnucash <encrypted gnucash file> <recipient>
>
> where 'recipient' is the identifier of your key-pair, 'Don Allen' in
> my case. gpg will ask you questions when you run the script. Don't
> forget to give it execute permission. I did some cursory testing of
> this and it seems to work, but no guarantees express or implied :-) If
> you correct it or improve it, please let us know.
>
> This is not absolutely secure, obviously, because the file exists
> unencrypted in your filesystem while gnucash is running, but it does
> so under a randomly generated name. But it would reduce the
> probability of thievery unless and until gnucash acquires the
> encryption capability done right.
>
> /Don Allen
>


More information about the gnucash-user mailing list