mti's "Crypto Suite" 2014: Data Leakage

mti's Avatar

mti

13 Nov, 2014 10:43 PM

Hallo!

In addition to 'nCryptarm' and 'nDecryptar' (http://support.gpgtools.org/discussions/problems/8483-mtis-crypto-s...) there is now:

'nClear' which might help against data leakage.

Unlike the well known command 'clear' it will really remove leaked data securely and forever. Handle with care.
(Every application should behave as well as Spotlight in this respect but up until that point you have 'nClear' with you.)

Other changes in the crypto suite:
- 'nCryptarm' politely informs you about 'nClear' - 'nDecryptar' now reveals the decrypted file or folder in the Finder right on your Desktop

Regards,
Michael

May the source be with you:

#!/bin/sh

mti's Crypto Suite

2014-11-13: inform user about nClear

2012-05-23: use gpg-zip's command

ME="nCryptarm"

SOURCE="$1"
if [ -z "$SOURCE" ]; then
echo "$ME: error: no source file specified" > /dev/stderr exit 1 fi

TARGET=basename "$SOURCE".tar.gpg
if [ -f "$TARGET" ]; then
echo "$ME: error: target exists; won't overwrite: $TARGET" > /dev/stderr exit 1 fi

echo "$ME: tar c $SOURCE | gpg -veo $TARGET && srm -sRv $SOURCE"
tar c "$SOURCE" | gpg -veo "$TARGET" && srm -sRv "$SOURCE" \
&& echo "$ME: Done. Consider running 'nClear'."

#!/bin/sh

mti's Crypto Suite

2014-11-13: use the open / reveal command

2012-05-23: use gpg-zip

ME="nDecryptar"

SOURCE="$1"
if [ -z "$SOURCE" ]; then
echo "$ME: error: no source file specified" > /dev/stderr exit 1 fi

echo "$ME: gpg-zip --decrypt $SOURCE"
gpg-zip --decrypt "$SOURCE" || exit 1

#

Open the decrypted folder if it exists as expected.

# OPEN_NAME=basename "$SOURCE" .tar.gpg
if [ -d "$OPEN_NAME" ]; then
open -R "$OPEN_NAME" fi

#!/bin/sh

mti's Crypto Suite

ME="nClear"

###

nClear: Clear temporary application files and other data leaks.

### #

Incomplete and Imperfect by Design

#

Probably unusable until you adapt it to your needs.

#

The following might contain per application data leaks:

- application preferences

- log files

- caches and swap files

- temporary files

- backup files

#

Many applications use third party libraries which might store data

in yet other places.

# ###

#

#

Spotlight (Mac OS X 10.6.8)

#

Spotlight seems to store its search index locally. Using

'nCryptarm' as usual on a directory should automagically remove the

corresponding Spotlight index.

Time Machine (Mac OS X 10.6.8) TURNED OFF

#

Use 'gpg-zip' or the corresponding /tar | gpg/ pipeline instead.

Save your key chain.

echo "$ME: N/A Time Machine"

Bash / Shell / Terminal (Mac OS X 10.6.8)

#

The shell records entered commands here: ~/.bash_history

This could be considered data leakage.

echo "$ME: N/A Terminal Command History"

Cups / Printing (Mac OS X 10.6.8) UNKNOWN

#

Check "~/.cups/" for possible data leaks.

There might be more.

echo "$ME: N/A Cups"

XCode UNKNOWN

echo "$ME: N/A XCode"

Apple Mail MANUAL CLEARING

#

E-Mail communcation might be part of projects whose data should be

stored encrypted. The following workflow is not yet implemented in

this script:

#

1) Drag the e-mail one by one to the folder of its

corresponding project.

#

2) Use 'nCryptarm' on that folder.

#

3) Delete the e-mails in Apple Mail.

#

4) Empty the trash of Apple Mail.

4a) Repeat #4 until the trash appears empty.

#

TODO: Apple Mail doesn't really remove deleted messages until ???

echo "$ME: N/A Apple Mail: E-mails have to be cleared manually."

GTK/GDK-style Thumbnails

#

This is used by Blender 2.72b. It should be safe to delete this

hidden directory anytime.

if [ -d "$HOME/.thumbnails" ]; then
echo "$ME: Clearing Thumbnails: srm -sr $HOME/.thumbnails" srm -sr "$HOME/.thumbnails" else
echo "$ME: OK N/A Thumbnails: $HOME/.thumbnails not a directory." fi

GEGL 0.2 cache / swap

#

Probably used by the Gimp 2.8 only on demand or not at all.

NC_GEGL_D="$HOME/.cache/gegl-0.2/swap"
if [ -d "$NC_GEGL_D" ]; then
echo "$ME: Clearing GEGL swap: srm -sr $NC_GEGL_D" srm -sr $NC_GEGL_D else
echo "$ME: OK N/A GEGL swap: $NC_GEGL_D not a directory." fi

Blender

#

TODO: Blender uses temporary directories like /tmp/blender*, too.

if [ -f "/tmp/quit.blend" ]; then
echo "$ME: Clearing Blender: srm -i /tmp/quit.blend" srm -i "/tmp/quit.blend" else
echo "$ME: OK N/A Blender: /tmp/quit.blend not a file." fi

Gimp 2.8

#

The application support folder might contain other data leaks,

e.g. user created brushes.

NC_GIMP_D="$HOME/Library/Application Support/GIMP/2.8/tmp/"
if [ -d "$NC_GIMP_D" ]; then
NC_GIMP_L=ls "$NC_GIMP_D" if [ ! -z "$NC_GIMP_L" ]; then echo "$ME: Clearing Gimp 2.8: srm -sir $NC_GIMP_D && mkdir $NC_GIMP_D" srm -sir "$NC_GIMP_D" && mkdir "$NC_GIMP_D" else echo "$ME: OK N/A The Gimp 2.8: empty directory: $NC_GIMP_D is empty." fi else
echo "$ME: OK N/A The Gimp 2.8: $NC_GIMP_D not found." fi

  1. 1 Posted by mti on 13 Nov, 2014 10:46 PM

    mti's Avatar

    Sorry, formatting problem. Source in plain text without formatting again:

    #!/bin/sh
    # mti's Crypto Suite
    # 2014-11-13: inform user about nClear
    # 2012-05-23: use gpg-zip's command
    ME="nCryptarm"

    SOURCE="$1"
    if [ -z "$SOURCE" ]; then
      echo "$ME: error: no source file specified" > /dev/stderr
      exit 1
    fi

    TARGET=`basename "$SOURCE"`.tar.gpg
    if [ -f "$TARGET" ]; then
      echo "$ME: error: target exists; won't overwrite: $TARGET" > /dev/stderr
      exit 1
    fi

    echo "$ME: tar c $SOURCE | gpg -veo $TARGET && srm -sRv $SOURCE"
    tar c "$SOURCE" | gpg -veo "$TARGET" && srm -sRv "$SOURCE" \
        && echo "$ME: Done. Consider running 'nClear'."

    #!/bin/sh
    # mti's Crypto Suite
    # 2014-11-13: use the open / reveal command
    # 2012-05-23: use gpg-zip
    ME="nDecryptar"

    SOURCE="$1"
    if [ -z "$SOURCE" ]; then
      echo "$ME: error: no source file specified" > /dev/stderr
      exit 1
    fi

    echo "$ME: gpg-zip --decrypt $SOURCE"
    gpg-zip --decrypt "$SOURCE" || exit 1

    #
    # Open the decrypted folder if it exists as expected.
    #
    OPEN_NAME=`basename "$SOURCE" .tar.gpg`
    if [ -d "$OPEN_NAME" ]; then
        open -R "$OPEN_NAME"
    fi

    #!/bin/sh
    # mti's Crypto Suite
    ME="nClear"

    ###
    ### nClear: Clear temporary application files and other data leaks.
    ###
    #
    # *Incomplete and Imperfect by Design*
    #
    # Probably unusable until you adapt it to your needs.
    #
    # The following might contain per application data leaks:
    # - application preferences
    # - log files
    # - caches and swap files
    # - temporary files
    # - backup files
    #
    # Many applications use third party libraries which might store data
    # in yet other places.
    #
    ###

    ## <Leakage Name / Application Name>
    #
    # <description>
    #
    # <clearing commands as applicable>

    ## Spotlight (Mac OS X 10.6.8)
    #
    # Spotlight *seems* to store its search index locally. Using
    # 'nCryptarm' as usual on a directory should automagically remove the
    # corresponding Spotlight index.

    ## Time Machine (Mac OS X 10.6.8) TURNED OFF
    #
    # Use 'gpg-zip' or the corresponding /tar | gpg/ pipeline instead.
    # Save your key chain.

    echo "$ME: N/A Time Machine"

    ## Bash / Shell / Terminal (Mac OS X 10.6.8)
    #
    # The shell records entered commands here: ~/.bash_history
    # This *could be* considered data leakage.

    echo "$ME: N/A Terminal Command History"

    ## Cups / Printing (Mac OS X 10.6.8) UNKNOWN
    #
    # Check "~/.cups/" for possible data leaks.
    # There might be more.

    echo "$ME: N/A Cups"

    ## XCode UNKNOWN

    echo "$ME: N/A XCode"

    ## Apple Mail MANUAL CLEARING
    #
    # E-Mail communcation might be part of projects whose data should be
    # stored encrypted. The following workflow is not yet implemented in
    # this script:
    #
    # 1) Drag the e-mail one by one to the folder of its
    # corresponding project.
    #
    # 2) Use 'nCryptarm' on that folder.
    #
    # 3) Delete the e-mails in Apple Mail.
    #
    # 4) Empty the trash of Apple Mail.
    # 4a) Repeat #4 until the trash appears empty.
    #
    # TODO: Apple Mail doesn't really remove deleted messages until ???

    echo "$ME: N/A Apple Mail: E-mails have to be cleared manually."

    ## GTK/GDK-style Thumbnails
    #
    # This is used by Blender 2.72b. It should be safe to delete this
    # hidden directory anytime.

    if [ -d "$HOME/.thumbnails" ]; then
        echo "$ME: Clearing Thumbnails: srm -sr $HOME/.thumbnails"
        srm -sr "$HOME/.thumbnails"
    else
        echo "$ME: OK N/A Thumbnails: $HOME/.thumbnails not a directory."
    fi

    ## GEGL 0.2 cache / swap
    #
    # Probably used by the Gimp 2.8 only on demand or not at all.

    NC_GEGL_D="$HOME/.cache/gegl-0.2/swap"
    if [ -d "$NC_GEGL_D" ]; then
        echo "$ME: Clearing GEGL swap: srm -sr $NC_GEGL_D"
        srm -sr $NC_GEGL_D
    else
        echo "$ME: OK N/A GEGL swap: $NC_GEGL_D not a directory."
    fi

    ## Blender
    #
    # TODO: Blender uses temporary directories like /tmp/blender*, too.

    if [ -f "/tmp/quit.blend" ]; then
        echo "$ME: Clearing Blender: srm -i /tmp/quit.blend"
        srm -i "/tmp/quit.blend"
    else
        echo "$ME: OK N/A Blender: /tmp/quit.blend not a file."
    fi
        

    ## Gimp 2.8
    #
    # The application support folder might contain other data leaks,
    # e.g. user created brushes.

    NC_GIMP_D="$HOME/Library/Application Support/GIMP/2.8/tmp/"
    if [ -d "$NC_GIMP_D" ]; then
        NC_GIMP_L=`ls "$NC_GIMP_D"`
        if [ ! -z "$NC_GIMP_L" ]; then
    echo "$ME: Clearing Gimp 2.8: srm -sir $NC_GIMP_D && mkdir $NC_GIMP_D"
    srm -sir "$NC_GIMP_D" && mkdir "$NC_GIMP_D"
        else
    echo "$ME: OK N/A The Gimp 2.8: empty directory: $NC_GIMP_D is empty."
        fi
    else
        echo "$ME: OK N/A The Gimp 2.8: $NC_GIMP_D not found."
    fi

  2. Steve closed this discussion on 09 Jan, 2015 01:23 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac