Sunday, April 17, 2011

Calcurse, a compact Linux organizer, now with encryption ...

I bumped into calcurse a while ago, but I didn't take the use of it seriously. When I started using it, I was also using Gnome's Evolution. But than, times changed, and I didn't need a calender anymore, so I gradually quit using Evolution. When two weeks ago I decide to organize my life on the computer again, I decided I would like to have a portable application I could carry on a USB stick. There was calcurse, which produces a very compact executable which I can carry around. Since it uses plain text files which are easily editable, I can also edit them on other operating systems without any problem.
So there you have it. A small great lightweight calendar application: Calcurse !

As a bonus to myself I decided to play with the idea, that I would like to encrypt the data I have on my disk on key, since it is possible that I loose my USB with lots of customers private data. So I wrote the following script, which launches the binary from the USB, decrypts the data folder, and then upon closing Calcurse would archive the data directory, encrypt it, and move it back to the USB.

Notice the following things:
1. I use OpenSSL, this is probably lame, and I should use GPG key.
2. You have to do a few steps manually before you can use the script, you will find them in
the body of the script below as comments.




#!/bin/bash

# ENCRYPTCALCURSE.SH

# Written by Oz Nahum 
# This script is distributed under the terms of the GNU Public License 
# Version 3 or later.
# You can obtaion copies of this license at:
# http://www.gnu.org/licenses/gpl.html

# A script to decrypt the calcurse_date dir, open it in 
# /home//calcurse_data
# then launch calcurse pointing to it, 
# and upon closing calcurse, encrypt the data, move it to usb stick, 
# and delete all data from /home//calcurse_data

# these commands needs to be run manually at first
# 1. make calcurse files only readable by owner
# $ chmod -vR 600 calcurse_data
# 2. creat a tar archive of the data:
# $ tar -cf calcurse_data.tar calcurse_data
# 3. encrypt the archive:
# $ openssl aes-256-cbc -salt -in calcurse_data.tar -out calcurse_d.tar.enc
# 4. copy calcurse binary from your system to the USB key
# $ cp -v `which calcurse` 
# 5. copy the encrypted archive to the USB
# $ cp -v calcurse_d.tar.enc 
# 6. finally, copy the script itself to your USB, and launch:
# $ bash encryptCalcurse.sh

### Begin of Script
#make files readable only by owner
umask 077
trap "find /dev/shm/calcurse_data -type f | xargs shred -fuz;
      shred -u -n 3 -z /dev/shm/calcurse_data_tmp.tar
     " SIGHUP SIGINT SIGQUIT SIGABRT SIGKILL SIGTERM
# first decrypt the data:
openssl enc -d -aes-256-cbc -salt -in calcurse_d.tar.enc -out /dev/shm/calcurse_data_tmp.tar

echo "extracting data"
#silently extract data, no need for verbose output (v flag)
tar -C /dev/shm -xf /dev/shm/calcurse_data_tmp.tar
echo "removing temporary data"
#remvoe the temporary archive
shred  -u -n 3 -z /dev/shm/calcurse_data_tmp.tar
sleep 3
#launce calcurse
calcurse -D /dev/shm/calcurse_data
# when calcurse is done tar the direcotry

tar -cf /dev/shm/calcurse_data_tmp.tar -C /dev/shm calcurse_data
#tar -cf calcurse_data_tmp.tar calcurse_data/

# then encrypt
#if encryption failed $? == 1 so repeat it again ...
openssl aes-256-cbc -salt -in /dev/shm/calcurse_data_tmp.tar -out calcurse_d.tar.enc
es=$?
while [ "$es" = "1" ]; do 
    echo "encrypting data"
    openssl aes-256-cbc -salt -in /dev/shm/calcurse_data_tmp.tar -out calcurse_d.tar.enc
    es=$?    
done
#if encryption succeeded remove the tar file
find /dev/shm/calcurse_data -type f | xargs shred -u -n 3 -z 

rm -rf /dev/shm/calcurse_data
shred -u -n 3 -z /dev/shm/calcurse_data_tmp.tar
#copy the encrypted file back to the USB
#mv ~/calcurse_d.tar.enc .

#note about the salt option note found in openssl man page[1],[2]
#note about lack of compresion with ssl [3]

#sources:
#[1]http://ubuntuforums.org/showpost.php?p=8287351&postcount=9
#[2]http://linux.die.net/man/1/enc
#[3]http://serverfault.com/questions/17855/can-i-compr:ess-an-encrypted-file

No comments: