#!/bin/bash # file: gnucash_wrapper.sh # Pete Nesbitt, Jan 2013 # wrapper script to decrypt/encrypt GnuCash data files # could easily adapt to other apps # uses (requires) Xdialog for password entry ### !! SEE INITIAL SETUP (BELOW) PRIOR TO FIRST RUN ##################################################################### # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . ##################################################################### #### Initial Setup ####################################################### # Start with a working gnu_cahs account env, with your layout in place. # This app expects to be started by referencing an encrypted file, # 1) locate your gnucash data file, # usually .gnucash, like "finances.gnucash" # # 2) rename the file then encrypt it. (ex using finance book set) # mv finances.gnucash finances.gnucash_decrypted # openssl enc -e -aes-256-cbc -in finances.gnucash_decrypted -out $finances.gnucash -pass stdin # --this will prompt for a password. # --this will be your permanent password for this account set. (don't lose it!) # # 3) update the variable below to point to the new encrypted file: # DATA_FILE="/full/path/to/encrypted_file" # # 4) optionally create a 'xpm' icon from the gnucash png icon # I used gimp and /usr/share/gnucash/pixmaps/gnucash-icon-32x32.png # # -once the icon is created, update the APP_ICON variable below # # From now on, instead of starting GNUCash with it's binary, start it by running this script. # You will likely want to set your desktop menu to use this script as well. # ########################################################################## # UPDATE THIS VAR #gnucash data file (FQFN) DATA_FILE="/data/docs/gnucash/finances.gnucash" # UPDATE THIS VAR ONLY IF YOU MADE AN ICON #icon used in passwd box, must be a xpm file. (Not Required) APP_ICON="/data/media/images/app_images/icon-gnucash.xpm" ################################# APP_NAME="GnuCash" #just for display in pwd box APP="/usr/bin/gnucash" # decrypt file DECRYPTED_FILE=${DATA_FILE}_decrypted ################################ # first do a quick icon test file ${APP_ICON} |grep pixmap &> /dev/null ICON_VAL=$? if [ ${ICON_VAL} -eq 0 ];then ICON="--icon ${APP_ICON}" else ICON="" fi ##### Functions ########### get_password() { FILEPASS=`Xdialog --center ${ICON} --password --timeout 30 --stdout --inputbox "Enter ${APP_NAME} Password" 0 0` PASS_VAL=$? #timeout's will exit 255, make sure we bail now if [ ${PASS_VAL} -ne 0 ];then exit 1 fi } decrypt_file() { # decrypt the source data file openssl enc -d -aes-256-cbc -in ${DATA_FILE} -out ${DECRYPTED_FILE} -pass stdin < /dev/null ${FILEPASS} EOPW DEC_VAL=$? } decrypt_check() { REDO_PASS="no" if [ ${DEC_VAL} -ne 0 ];then # option to redo password Xdialog --center ${ICON} --stdout --yesno "Password Failed\nRetry?" 0 0 REDO_VAL=$? if [ ${REDO_VAL} -eq 0 ];then REDO_PASS="yes" else exit 1 fi fi } encrypt_file() { openssl enc -e -aes-256-cbc -in ${DECRYPTED_FILE} -out ${DATA_FILE} -pass stdin < /dev/null ${FILEPASS} EOPW SSL_VAL=$? } encrypt_check() { # remove decrypted copy and any working files (note the *) if [ ${SSL_VAL} -eq 0 ];then shred -u ${DECRYPTED_FILE}* Xdialog --center ${ICON} --infobox "Successfully (re)Encrypted Data File" 0 0 8000 # 1000's of a seconds else Xdialog --center ${ICON} --msgbox "WARNING: SSL Encryption ERROR, exit:${SSL_VAL}\n Un-Encrypted File Remains (${DECRYPTED_FILE})" 0 0 exit 1 fi } ################################ # Start of main area get_password # decrypt data file decrypt_file decrypt_check #check if we need to retry the password if [ "${REDO_PASS}" = "yes" ];then get_password decrypt_file decrypt_check fi # use the decrypted file in application ${APP} ${DECRYPTED_FILE} # once done, encrypt file and remove plain (working) file encrypt_file encrypt_check unset FILEPASS #eof