mti's "Crypto Suite" 2014: Data Leakage
Hallo!
In addition to 'nCryptarm' and 'nDecryptar' (http://support.gpgtools.org/discussions/problems/8483-mtis-crypto-s...) there is now:
'nClear' which might help against data leakage.
Unlike the well known command 'clear' it will really remove
leaked data securely and forever. Handle with care.
(Every application should behave as well as Spotlight in this
respect but up until that point you have 'nClear' with you.)
Other changes in the crypto suite:
- 'nCryptarm' politely informs you about 'nClear' - 'nDecryptar'
now reveals the decrypted file or folder in the Finder right on
your Desktop
Regards,
Michael
May the source be with you:
#!/bin/sh
mti's Crypto Suite
2014-11-13: inform user about nClear
2012-05-23: use gpg-zip's command
ME="nCryptarm"
SOURCE="$1"
if [ -z "$SOURCE" ]; then
echo "$ME: error: no source file specified" > /dev/stderr exit 1
fi
TARGET=basename "$SOURCE"
.tar.gpg
if [ -f "$TARGET" ]; then
echo "$ME: error: target exists; won't overwrite: $TARGET" >
/dev/stderr exit 1 fi
echo "$ME: tar c $SOURCE | gpg -veo $TARGET && srm -sRv
$SOURCE"
tar c "$SOURCE" | gpg -veo "$TARGET" && srm -sRv "$SOURCE"
\
&& echo "$ME: Done. Consider running 'nClear'."
#!/bin/sh
mti's Crypto Suite
2014-11-13: use the open / reveal command
2012-05-23: use gpg-zip
ME="nDecryptar"
SOURCE="$1"
if [ -z "$SOURCE" ]; then
echo "$ME: error: no source file specified" > /dev/stderr exit 1
fi
echo "$ME: gpg-zip --decrypt $SOURCE"
gpg-zip --decrypt "$SOURCE" || exit 1
#
Open the decrypted folder if it exists as expected.
# OPEN_NAME=basename "$SOURCE" .tar.gpg
if [ -d "$OPEN_NAME" ]; then
open -R "$OPEN_NAME" fi
#!/bin/sh
mti's Crypto Suite
ME="nClear"
###
nClear: Clear temporary application files and other data leaks.
### #
Incomplete and Imperfect by Design
#
Probably unusable until you adapt it to your needs.
#
The following might contain per application data leaks:
- application preferences
- log files
- caches and swap files
- temporary files
- backup files
#
Many applications use third party libraries which might store data
in yet other places.
# ###
#
#
Spotlight (Mac OS X 10.6.8)
#
Spotlight seems to store its search index locally. Using
'nCryptarm' as usual on a directory should automagically remove the
corresponding Spotlight index.
Time Machine (Mac OS X 10.6.8) TURNED OFF
#
Use 'gpg-zip' or the corresponding /tar | gpg/ pipeline instead.
Save your key chain.
echo "$ME: N/A Time Machine"
Bash / Shell / Terminal (Mac OS X 10.6.8)
#
The shell records entered commands here: ~/.bash_history
This could be considered data leakage.
echo "$ME: N/A Terminal Command History"
Cups / Printing (Mac OS X 10.6.8) UNKNOWN
#
Check "~/.cups/" for possible data leaks.
There might be more.
echo "$ME: N/A Cups"
XCode UNKNOWN
echo "$ME: N/A XCode"
Apple Mail MANUAL CLEARING
#
E-Mail communcation might be part of projects whose data should be
stored encrypted. The following workflow is not yet implemented in
this script:
#
1) Drag the e-mail one by one to the folder of its
corresponding project.
#
2) Use 'nCryptarm' on that folder.
#
3) Delete the e-mails in Apple Mail.
#
4) Empty the trash of Apple Mail.
4a) Repeat #4 until the trash appears empty.
#
TODO: Apple Mail doesn't really remove deleted messages until ???
echo "$ME: N/A Apple Mail: E-mails have to be cleared manually."
GTK/GDK-style Thumbnails
#
This is used by Blender 2.72b. It should be safe to delete this
hidden directory anytime.
if [ -d "$HOME/.thumbnails" ]; then
echo "$ME: Clearing Thumbnails: srm -sr $HOME/.thumbnails" srm -sr
"$HOME/.thumbnails" else
echo "$ME: OK N/A Thumbnails: $HOME/.thumbnails not a directory."
fi
GEGL 0.2 cache / swap
#
Probably used by the Gimp 2.8 only on demand or not at all.
NC_GEGL_D="$HOME/.cache/gegl-0.2/swap"
if [ -d "$NC_GEGL_D" ]; then
echo "$ME: Clearing GEGL swap: srm -sr $NC_GEGL_D" srm -sr
$NC_GEGL_D else
echo "$ME: OK N/A GEGL swap: $NC_GEGL_D not a directory." fi
Blender
#
TODO: Blender uses temporary directories like /tmp/blender*, too.
if [ -f "/tmp/quit.blend" ]; then
echo "$ME: Clearing Blender: srm -i /tmp/quit.blend" srm -i
"/tmp/quit.blend" else
echo "$ME: OK N/A Blender: /tmp/quit.blend not a file." fi
Gimp 2.8
#
The application support folder might contain other data leaks,
e.g. user created brushes.
NC_GIMP_D="$HOME/Library/Application Support/GIMP/2.8/tmp/"
if [ -d "$NC_GIMP_D" ]; then
NC_GIMP_L=ls "$NC_GIMP_D"
if [ ! -z "$NC_GIMP_L" ];
then echo "$ME: Clearing Gimp 2.8: srm -sir $NC_GIMP_D &&
mkdir $NC_GIMP_D" srm -sir "$NC_GIMP_D" && mkdir
"$NC_GIMP_D" else echo "$ME: OK N/A The Gimp 2.8: empty directory:
$NC_GIMP_D is empty." fi else
echo "$ME: OK N/A The Gimp 2.8: $NC_GIMP_D not found." fi
Comments are currently closed for this discussion. You can start a new one.
Keyboard shortcuts
Generic
? | Show this help |
---|---|
ESC | Blurs the current field |
Comment Form
r | Focus the comment reply box |
---|---|
^ + ↩ | Submit the comment |
You can use Command ⌘
instead of Control ^
on Mac
1 Posted by mti on 13 Nov, 2014 10:46 PM
Sorry, formatting problem. Source in plain text without formatting again:
#!/bin/sh
# mti's Crypto Suite
# 2014-11-13: inform user about nClear
# 2012-05-23: use gpg-zip's command
ME="nCryptarm"
SOURCE="$1"
if [ -z "$SOURCE" ]; then
echo "$ME: error: no source file specified" > /dev/stderr
exit 1
fi
TARGET=`basename "$SOURCE"`.tar.gpg
if [ -f "$TARGET" ]; then
echo "$ME: error: target exists; won't overwrite: $TARGET" > /dev/stderr
exit 1
fi
echo "$ME: tar c $SOURCE | gpg -veo $TARGET && srm -sRv $SOURCE"
tar c "$SOURCE" | gpg -veo "$TARGET" && srm -sRv "$SOURCE" \
&& echo "$ME: Done. Consider running 'nClear'."
#!/bin/sh
# mti's Crypto Suite
# 2014-11-13: use the open / reveal command
# 2012-05-23: use gpg-zip
ME="nDecryptar"
SOURCE="$1"
if [ -z "$SOURCE" ]; then
echo "$ME: error: no source file specified" > /dev/stderr
exit 1
fi
echo "$ME: gpg-zip --decrypt $SOURCE"
gpg-zip --decrypt "$SOURCE" || exit 1
#
# Open the decrypted folder if it exists as expected.
#
OPEN_NAME=`basename "$SOURCE" .tar.gpg`
if [ -d "$OPEN_NAME" ]; then
open -R "$OPEN_NAME"
fi
#!/bin/sh
# mti's Crypto Suite
ME="nClear"
###
### nClear: Clear temporary application files and other data leaks.
###
#
# *Incomplete and Imperfect by Design*
#
# Probably unusable until you adapt it to your needs.
#
# The following might contain per application data leaks:
# - application preferences
# - log files
# - caches and swap files
# - temporary files
# - backup files
#
# Many applications use third party libraries which might store data
# in yet other places.
#
###
## <Leakage Name / Application Name>
#
# <description>
#
# <clearing commands as applicable>
## Spotlight (Mac OS X 10.6.8)
#
# Spotlight *seems* to store its search index locally. Using
# 'nCryptarm' as usual on a directory should automagically remove the
# corresponding Spotlight index.
## Time Machine (Mac OS X 10.6.8) TURNED OFF
#
# Use 'gpg-zip' or the corresponding /tar | gpg/ pipeline instead.
# Save your key chain.
echo "$ME: N/A Time Machine"
## Bash / Shell / Terminal (Mac OS X 10.6.8)
#
# The shell records entered commands here: ~/.bash_history
# This *could be* considered data leakage.
echo "$ME: N/A Terminal Command History"
## Cups / Printing (Mac OS X 10.6.8) UNKNOWN
#
# Check "~/.cups/" for possible data leaks.
# There might be more.
echo "$ME: N/A Cups"
## XCode UNKNOWN
echo "$ME: N/A XCode"
## Apple Mail MANUAL CLEARING
#
# E-Mail communcation might be part of projects whose data should be
# stored encrypted. The following workflow is not yet implemented in
# this script:
#
# 1) Drag the e-mail one by one to the folder of its
# corresponding project.
#
# 2) Use 'nCryptarm' on that folder.
#
# 3) Delete the e-mails in Apple Mail.
#
# 4) Empty the trash of Apple Mail.
# 4a) Repeat #4 until the trash appears empty.
#
# TODO: Apple Mail doesn't really remove deleted messages until ???
echo "$ME: N/A Apple Mail: E-mails have to be cleared manually."
## GTK/GDK-style Thumbnails
#
# This is used by Blender 2.72b. It should be safe to delete this
# hidden directory anytime.
if [ -d "$HOME/.thumbnails" ]; then
echo "$ME: Clearing Thumbnails: srm -sr $HOME/.thumbnails"
srm -sr "$HOME/.thumbnails"
else
echo "$ME: OK N/A Thumbnails: $HOME/.thumbnails not a directory."
fi
## GEGL 0.2 cache / swap
#
# Probably used by the Gimp 2.8 only on demand or not at all.
NC_GEGL_D="$HOME/.cache/gegl-0.2/swap"
if [ -d "$NC_GEGL_D" ]; then
echo "$ME: Clearing GEGL swap: srm -sr $NC_GEGL_D"
srm -sr $NC_GEGL_D
else
echo "$ME: OK N/A GEGL swap: $NC_GEGL_D not a directory."
fi
## Blender
#
# TODO: Blender uses temporary directories like /tmp/blender*, too.
if [ -f "/tmp/quit.blend" ]; then
echo "$ME: Clearing Blender: srm -i /tmp/quit.blend"
srm -i "/tmp/quit.blend"
else
echo "$ME: OK N/A Blender: /tmp/quit.blend not a file."
fi
## Gimp 2.8
#
# The application support folder might contain other data leaks,
# e.g. user created brushes.
NC_GIMP_D="$HOME/Library/Application Support/GIMP/2.8/tmp/"
if [ -d "$NC_GIMP_D" ]; then
NC_GIMP_L=`ls "$NC_GIMP_D"`
if [ ! -z "$NC_GIMP_L" ]; then
echo "$ME: Clearing Gimp 2.8: srm -sir $NC_GIMP_D && mkdir $NC_GIMP_D"
srm -sir "$NC_GIMP_D" && mkdir "$NC_GIMP_D"
else
echo "$ME: OK N/A The Gimp 2.8: empty directory: $NC_GIMP_D is empty."
fi
else
echo "$ME: OK N/A The Gimp 2.8: $NC_GIMP_D not found."
fi
Steve closed this discussion on 09 Jan, 2015 01:23 PM.