What's the best way to encrypt gnucash data
David T.
sunfish62 at yahoo.com
Tue Feb 8 01:14:50 EST 2011
I use TrueCrypt (on a Mac).
Just be sure that your TrueCrypt partition is large enough to hold your data file AND all logfiles.
David
--- On Mon, 2/7/11, François Huot <estb at globetrotter.net> wrote:
> From: François Huot <estb at globetrotter.net>
> Subject: What's the best way to encrypt gnucash data
> To: gnucash-user at gnucash.org
> Date: Monday, February 7, 2011, 6:12 PM
> Hi all,
>
> I am beginning in Gnucash and i want to know the best way
> to encrypt my
> Gnucash data.
>
> I think to use Truecrypt or Axcrypt to encrypt de data and
> GRsync or
> SBackup to backup my data on USB hard disk.
>
> I have searched on the net and fund some scripts that seam
> to do the work,
> but i don't know anything about script. Is it someone can
> test the scripts
> joints and tell me what is the better and why.
>
> Any suggestion will be appreciate.
>
> Therr are the scripts:
>
> 1) First script
> http://waronpants.net/?p=176
> GnuCash Encryption December 13th, 2010 | Scripts
> Tags: encryption, gnucash, truecrypt
>
> I created an encrypted disk image using TrueCrypt.
> Normally, I mount the
> image, use GnuCash along with any bank statements that I
> also put on the
> image, close GnuCash, then dismount the drive. I don’t
> leave the image
> mounted if I’m not actively using it.
>
> Because I’m me, I scripted this.
>
> #!/bin/sh
>
> truecrypt $HOME/bank.tc /media/truecrypt52 && \
> gnucash /media/truecrypt52/bank/GnuCash/bankstuff.gnucash
> && \
> truecrypt -d $HOME/bank.tc
>
> This hardly counts as a script. It’s only one line.
> However, this one line
> automates everything I usually do. I only have to
> double-click the script
> file, and everything is ready.
>
> How It Works
>
> The “&&” on each line means that the command
> after it will only run if the
> command before it runs successfully.
>
> The first command mounts my encrypted bank image. I find
> that I have to
> use “/media/truecrypt??” where “??” is a one or two
> digit number. This
> command launches a dialog box to enter the image password.
> If the password
> is incorrectly entered, truecrypt returns 1 instead of 0
> (success),
> exiting the script.
>
> Then, GnuCash is opened. The script waits until I close
> GnuCash to
> continue. So far, I haven’t had GnuCash return anything
> but success.
>
> The final line dismounts the image.
>
> Caveats
>
> All files relating to the encrypted image should be closed
> before closing
> GnuCash. Once GnuCash is closed, the script will try to
> dismount the
> drive. I don’t know if truecrypt will wait to dismount
> the drive if a file
> is currently open.
>
> The paths to all of the files involved are hard-coded in
> the script. If
> you change any file names or paths, remember to update the
> script.
> *********************************************************************************************
> 2) Second script,
> This one use Openssl in place of Truecrypt to encrypt the
> data, is it
> better?
>
> If no, is it better than the first script if we change
> Openssl to
> Truecrypt?
>
> http://pluton8.wordpress.com/2011/01/31/update-of-the-gnucash-encryption-script/
>
> By GnuCash files encryption ... on the 31st of Jan 2011
>
> #!/bin/bash
> # This is a script to work with an encrypted gnucash file.
> It asks for the
> # password, decrypts the file, runs gnucash, and encrypts
> it back. Logs and
> # backups are shredded at the end.
> # Author: pluton <plutonpluton at mail.ru>
> # Version: 1.0 (Sat Jan 29 2011)
> # License: GNU GPL 3
>
> CP=/bin/cp
> KDIALOG=/usr/bin/kdialog
> OPENSSL=/usr/bin/openssl
> GNUCASH=/usr/bin/gnucash
> SHRED=/bin/shred
> BASENAME=/usr/bin/basename
> CHMOD=/bin/chmod
>
> FILE=~/main
> FILETMP="${FILE}.tmp"
> TIMEOUT=2 # seconds
> TITLE=$( $BASENAME $0 )
>
> notify() {
> [ -n "$1" ] &&
> text="$1" || text="?"
> $KDIALOG --passivepopup "$text"
> --title "$TITLE" $TIMEOUT
> }
>
> [ -e "$FILE" ] || { notify "File '$FILE' was not found";
> exit 1; }
>
> pass=$( $KDIALOG --password "Enter the password /GC/" )
> [ "$pass" == "" ] && { notify "The password is
> empty"; exit 2; }
>
> if ! $OPENSSL enc -d -aes-256-cbc -in "$FILE" -out
> "$FILETMP" -pass stdin
> <<EOF
> ${pass}
> EOF
> then
> notify "The password seems to
> be wrong"
> exit 3
> fi
> $CHMOD go= "$FILETMP"
> $CP -f "$FILE" "${FILE}.bkp"
> $GNUCASH "$FILETMP"
> if ! $OPENSSL enc -e -aes-256-cbc -in "$FILETMP" -out
> "$FILE" -pass stdin
> <<EOF
> ${pass}
> EOF
> then
> notify "An error occured while
> encoding (code #$?)"
> exit 4
> fi
> unset pass
> $SHRED -zun 2 "${FILETMP}"*
> notify "Done"
> ******************************************************************************************
> 3) Thirth solution
> http://ubuntu-utah.ubuntuforums.org/showthread.php?p=3265493
> Kilarin, August 27th, 2007, 10:28 PM
>
> I _tried_ to register at the TrueCrypt forum. They are not
> exactly eager
> to help over there.
> That seems odd, they have a pretty active forum over
> there.
>
> I guess I'm looking for how to decrypt the volume after I
> encrypt it. I do
> not find anywhere the day-to-day usage instructions for
> this program. What
> would I do after I power up my computer? How do I put in
> the password? I'm
> just not finding useful documentation on TrueCrypt.
>
> I decrypt and mount a truecrypt volume on Ubuntu FF 7 like
> this:
> From the terminal go into the media directory
> and create a new folder to
> mount the true crypt volume on. I named mine tc1 (for
> truecrypt1), but you
> can name it whatever you want. The commands to do this
> are:
> cd /media <-this takes you to the media folder
> sudo mkdir tc1 <-this creates the tc1 folder, you will
> have to enter your
> password
>
> Now, you can mount your truecrypt volume on to tc1 using
> this command in
> the terminal:
>
> truecrypt -u /media/sda1/mytruecryptvol /media/tc1
>
> of course, change /media/sda1/mytruecryptvol to whatever
> the location and
> name of your encrypted truecrypt volume is.
>
> You will now be prompted twice, once to enter your user
> password for root
> access, then again for the password of the encrypted
> volume.
>
> Once you've typed both in, your truecrypt volume is mounted
> and available,
> a shortcut to it should appear on your desktop.
>
> If the volume is formatted as ntfs so that you can also
> access it from
> windows, and assuming you have already installed ntfs-3g
> drivers for read
> write access to ntfs volumes, change your mount command
> to:
>
> truecrypt -u /media/sda1/mytruecryptvol /media/tc1
> --filesystem ntfs-3g
>
> When you are ready to dismount the volume, enter the
> terminal command:
> truecrypt -d /media/tc1
>
> truecrypt -d
> will dismount all volumes that are not currently busy.
>
> Now then, there is another pesky and annoying detail.
> having to enter your
> user password every time you mount a volume, as well as the
> volume
> password, is quite... frustrating. you can eliminate this
> problem (at the
> cost of slightly lower security) by doing the following:
>
> export EDITOR=gedit
> sudo visudo
>
> now you are editing the /etc/sudoers file. at end add:
> yourusername ALL= NOPASSWD: /usr/bin/truecrypt
>
> Save and exit and now truecrypt will not require your user
> password.
>
> BUT, if you are mounting the same volume all the time, you
> don't really
> want to have to type in the terminal command every time you
> log on. So,
> you can set up a launcher like this:
>
> right click top bar/add to panel/custom application
> launcher
> type=application in terminal name=truecrypt-mount
> command=truecrypt -u /media/sda1/mytruecryptvol /media/tc1
>
> of course change the name to whatever you want, and the
> command to use the
> correct location of your encrypted volume and its mount
> point.
>
> You can also create a "dismount all" launcher in a similar
> manner:
>
> right click top bar/add to panel/custom application
> launcher
> type=application in terminal name=truecrypt-dismount-all
> command=truecrypt-d
>
>
> BUT, while clicking on a launcher is certainly more
> convenient than
> retyping the entire command into the terminal, well, you
> MIGHT just want
> to have the truecrypt volume mount automatically every time
> you log on,
> without you having to click ANYTHING, and this you can do!
> You just have
> to add the mount command to your session startup program
> list. And thats
> actually pretty easy to do:
>
> System/Preferences/Sessions
> From the "Startup Programs" tab, click "New"
> Name=truecrypt-mount
> Command=/usr/bin/gnome-terminal -x /usr/bin/truecrypt -u
> media/disk/DCH/evol/dch /media/tc1
>
> usr/bin/gnome-terminal -x /usr/bin/truecrypt -u
> /media/sda1/mytruecryptvol
> /media/tc1
>
> Again using your own encrypted volume path and mount point.
> You need the
> gnome-terminal because you can't actually enter the
> password unless you
> have a terminal window to enter the password in!
>
> One warning when using this method. If your encrypted
> volume is on a USB
> drive, this will probably not work because the USB drive
> will not be
> mounted when the startup programs run.
>
> TrueCrypt is really a handy program. Good luck!
> *******************************************************************************************
> 4) http://code.neil.williamsleesmill.me.uk/gnome2/gnc-gpg_8c-source.html
> This last use GPG to encrypt the data.
> ******************************************************************************************
>
> It is my firt meesage on this mailing list and it is very
> long, sorry, but
> Gnucash don't give information about this process.
>
> Sorry for my english, i am french speaking.
> Thank in advance for your help,
> Merçi de votre collaboration.
>
> François Huot
> Montmagny, Québec
> _______________________________________________
> gnucash-user mailing list
> gnucash-user at gnucash.org
> https://lists.gnucash.org/mailman/listinfo/gnucash-user
> -----
> Please remember to CC this list on all your replies.
> You can do this by using Reply-To-List or Reply-All.
More information about the gnucash-user
mailing list