Permalink
Fetching contributors…
Cannot retrieve contributors at this time
executable file 845 lines (758 sloc) 26.4 KB
### File: LUKSUS.functions ####
### Purpose: Contains all functions needed for LUKSUS ######
### Sourced by LUKSUS ###
function DEVICESET()
{
device=$($dialogapp $DIALOGAPPOPTIONS --inputbox "Enter the device to
create encrypted volume on.\nExample:\n/dev/sdd1\n\nTo create an encrypted filecontainer
use a LOOPBACKDEVICE.\nExample:\n/dev/loop0 (Linux) $linuxloopbackmessage\n/dev/vn0
(DragonFlyBSD)\n
/dev/md0 (FreeBSD)\n
/dev/vnd0 (NetBSD)\n" 0 0 3>&1 1>&2 2>&3)
}
function ENCRYPTIONENGINE()
{
DIALOGAPP=${DIALOG=dialog}
$DIALOGAPP --clear --title "Select your preferred encryption engine" \
--menu "Please choose encryption engine" 20 51 8 \
"LUKS" "Linux or DragonFlyBSD" \
"TRUECRYPT" "Linux or DragonFlyBSD" \
"GELI" "FreeBSD" \
"GNUPGP" "ENCRYPT A FILE WITH GNUPG OPENPGP" \
"OPENSSL" "ENCRYPT A FILE WITH OPENSSL" \
"CGD" "NetBSD (NOT IMPLEMENTED YET)" \
"BIOCTL" "OpenBSD (NOT IMPLEMENTED YET)" 2> $tempfile.enginemode
retval=$?
choice=$(cat $tempfile.enginemode)
ENCRYPTION=$(cat $tempfile.enginemode)
case $retval in
0)
$dialogapp --msgbox "Encryption engine chosen: $choice" 0 0;;
1)
echo "Cancel pressed.";;
255)
echo "ESC pressed.";;
esac
# ENCRYPTION DEPENDENCY CHECKS WILL BE RUN STRAIGHT AFTER THE USER HAS
#CHOSEN THE ENGINE FROM NOW ON
# SINCE THE GNUPGP MODE IS A BIT CHEEKY I MUST RUN IT FROM HERE AS WELL
GNUPGPCHECK
OPENSSLCHECK
}
function GOODBYE()
{
$dialogapp --msgbox "Thank you for using $programname $version\nA session summary was saved in $keydir/$name.information" 0 0;
}
function SECURITYMODE()
{
DIALOGAPP=${DIALOG=dialog}
tempfile=`tempfile 2>/dev/null` || tempfile=/tmp/test$$
trap "rm -f $tempfile.securitymode" 0 1 2 5 15
$DIALOGAPP --clear --title "Please choose security mode" \
--menu "Do you wish to use a passphrase or a keyfile" 20 51 4 \
"PASSPHRASE" "PASSPHRASE" \
"KEYFILE" "KEYFILE (WILL BE GENERATED FOR YOU)" 2> $tempfile.securitymode
retval=$?
choice=$(cat $tempfile.securitymode)
SECURITYMODE=$(cat $tempfile.securitymode)
case $retval in
0)
$dialogapp --msgbox "You chose the following security for your volume: $choice" 0 0;;
1)
echo "Cancel pressed.";;
255)
echo "ESC pressed.";;
esac
}
function TRAPERR()
{
echo "$programname HAS STOPPED: ${BASH_SOURCE[1]} "" \
""at about line ${BASH_LINENO[0]}"
rm *.$$
}
function EXITHOUSEKEEPING()
{
rm *.$$
}
function NAMESET()
{
name=$($dialogapp $DIALOGAPPOPTIONS --inputbox "Enter the volume name (nickname of the volume).\nExample: Mystuff\nNote no special characters or spaces" 0 0 3>&1 1>&2 2>&3)
}
function LUKSFILESET()
{
if [[ $LOOPBACKDEVICE == false ]]
then
echo Okay. This is a physical device.
else
$dialogapp $DIALOGAPPOPTIONS --title $programname --msgbox "Loopbackdevice has been detected!\nYou have specified a loopbackdevice and want to create a filecontainer." 0 0
luksfile=$($dialogapp $DIALOGAPPOPTIONS --title $programname --inputbox "LUKSUS has detected that you are creating an encrypted file container.\n\nPlease specify the full path where the encrypted volume should be created. No spaces or special characters. \n\nExample: /home/mystuff.archive" $dialogsize 3>&1 1>&2 2>&3)
fi
}
function LUKSFILESIZESET()
{
if [[ $LOOPBACKDEVICE == false ]]
then
echo ..
else
luksfilesize=$($dialogapp $DIALOGAPPOPTIONS --inputbox "What is the
desired size of the encrypted file container. \n\nExample: 100M or 25G" $dialogsize 3>&1 1>&2 2>&3)
fi
}
function NEXT()
{
NEXT=true
echo CONTINUING
}
function WELCOMEINFORMATION()
{
"$dialogapp" --cancel-label "EXIT LUKSUS" --title $programname --msgbox "Welcome to $programname $version \n\n
This program lets you create an encrypted volume on a physical media such
as a hardrive or usb stick, or it can be in the form of a file
container. The program will now ask you to specify which device you
wish to create the volume on. If you are creating a file container
then you must choose a loopback device as device. You can also choose
between using a password or a keyfile if the encryption mechanism
supports it. The default is to use a password.\n\n
When you click OK the wizard will start and ask you which device you
wish to proceed with. You can re-run the wizard and you can exit the
program before $programname does any heavywork and makes any changes." 0 0
}
function WIZARD()
{
# RUN THROUGH THE LUKSUS-WIZARD
ENCRYPTIONENGINE
SECURITYMODE
DEVICESET
LOOPBACKTEST
LUKSFILESET
LUKSFILESIZESET
NAMESET
}
function MENUSYSTEM()
{
trap "rm -f menuchoices.*" 0 1 2 5 15
trap "rm -f securitymode.*" 0 1 2 5 15
trap "rm -f welcomelogo.*" 0 1 2 5 15
while [ $NEXT == false ] ;
do
# Dialog utility to display options list
$dialogapp --cancel-label "EXIT LUKSUS" --clear --backtitle "$programname $version" --title "" \
--menu "Choose next to proceed or run the wizard again" $dialogsize 10 \
"NEXT" "CONTINUE LUKSUS, REVIEW AND BEGIN VOLUME CREATION" \
"WIZARD" "RUN THE WIZARD AGAIN TO SET UP LUKSUS" \
"REVIEW" "REVIEW THE USERSPECIFIED OPTIONS" \
"-" "" \
"-" "" \
"DEVICE" "ENTER DEVICE TO USE (PHYSICAL OR LOOPBACK)" \
"NAME" "NICK NAME FOR ENCRYPTED CONTAINER" \
"LOCATION" "SPECIFY WHERE TO STORE ENCRYPTED VOLUME (FIXED SIZE)" \
"SIZE" "SPECIFY HOW LARGE THE CONTAINER SHOULD BE" \
"ENCRYPTIONENGINE" "CHOOSE ENCRYPTION ENGINE" \
"SECURITYMODE" "CHOOSE TO USE PASSPHRASE OR KEYFILE" 2> menuchoices.$$
retopt=$?
choice=`cat menuchoices.$$`
case $retopt in
0) case $choice in
WIZARD) WIZARD ;;
DEVICE) DEVICESET ;;
NAME) NAMESET ;;
LOCATION) LUKSFILESET ;;
SIZE) LUKSFILESIZESET;;
SECURITYMODE) SECURITYMODE ;;
ENCRYPTIONENGINE) ENCRYPTIONENGINE ;;
SUMMARY) SUMMARY ;;
NEXT) NEXT ;;
REVIEW) GRAPHICALVERIFYCHOICES ;;
esac ;;
*)clear ; exit ;;
esac
done
# need to repopulate these variables again at this point
keyfile=/keys/$name.key
headerbackup=/keys/$name.header
mountpoint=/mnt/$name
}
function ASKUSERVERIFYCONSOLE ()
{
echo;
echo THE FOLLOWING DETAILS HAS BEEN SET BY THE USER;
echo PLEASE VERIFY THAT THESE ARE CORRECT;
echo ENCRYPTION USED: $ENCRYPTION;
echo DRIVE: $device;
echo NAME: $name;
echo MOUNTPOINT: $mountpoint;
echo HEADER BACKUP: $headerbackup;
echo SECURITY MODE: $SECURITYMODE;
echo KEYFILE: $keyfile;
echo LOOPBACK: $LOOPBACKDEVICE;
echo OS: $UNAME;
echo;
echo JUST TO MAKE DOUBLY SURE THAT YOU ARE FORMATTING THE CORRECT DRIVE;
echo LUKSUS ASKS AGAIN. IS THIS THE CORRECT DEVICE TO FORMAT AND ENCRYPT?;
echo YOU WILL NUKE THE FOLLOWING DEVICE: $device;
echo HIT CTRL+C NOW TO QUIT, OR HIT ANY KEY TO CONTINUE;
echo "";
echo SERIOUSLY - LAST CHANCE;
read || exit
}
function GRAPHICALLASTCHANCE()
{
"$dialogapp" --title $programname --msgbox "
JUST TO MAKE DOUBLY SURE THAT YOU ARE FORMATTING THE CORRECT DRIVE
LUKSUS ASKS AGAIN. IS THIS THE CORRECT DEVICE TO FORMAT AND ENCRYPT?
YOU WILL NUKE THE FOLLOWING DEVICE: $device\n\n\n
HIT CTRL+C NOW OR HIT ESCAPE TO QUIT, OR HIT ANY KEY TO CONTINUE" 0 0
}
function CGD()
{
if [[ $ENCRYPTION == CGD ]] && [[ $SECURITYMODE == PASSPHRASE ]]; then
echo Initializing $device with $ENCRYPTION;
cgdconfig -g -o /etc/cgd/$name aes-cbc 256
cgdconfig -g -V $name -o $keydir/$name aes-cbc 256;
cgdconfig -g -o $keydir/$name aes-cbc 256;
cgdconfig $name $device;
cgdconfig -V re-enter $name $device;
cgdconfig $name $device
else
echo "";
fi
}
function CGDKEYFILE()
{
if [[ $ENCRYPTION == CGD ]] && [[ $SECURITYMODE == KEYFILE ]]; then
echo Initializing $device with $ENCRYPTION;
cgdconfig -g -V $name -o $keydir/$name aes-cbc 256;
cgdconfig -g -o $keydir/$name aes-cbc 256;
cgdconfig $name $device;
cgdconfig -V re-enter $name $device;
else
echo "";
fi
}
function CREATEANDMOUNTFS ()
{
mkdir -p $mountpoint;
mkdir -p $keydir;
if [[ $UNAME == DragonFly ]]; then
echo DragonFlyBSD mode;
newfs /dev/mapper/$name;
mount /dev/mapper/$name /mnt/$name;
mounthelp="mount /dev/mapper/$name /mnt/$name";
else
if [[ $UNAME == FreeBSD ]]; then
newfs $device.eli;
mount $device.eli /mnt/$name;
mounthelp="mount $device.eli /mnt/$name";
else
if [[ $UNAME == NetBSD ]]; then
newfs -O 2 $device;
mount $device /mnt/$name;
mounthelp="mount $device /mnt/$name";
else
if [[ $UNAME == Linux ]]; then
mkfs.ext4 /dev/mapper/$name;
e2label /dev/mapper/$name $name;
mount -t ext4 /dev/mapper/$name $mountpoint > /dev/null 2>&1;
mounthelp="mount -t ext4 /dev/mapper/$name $mountpoint";
else
echo No Idea What To Do;
fi;
fi;
fi;
fi
}
function CREATEKEYFILE ()
{
if [[ $SECURITYMODE == KEYFILE ]]; then
echo Creating key;
dd if=/dev/urandom of=$keyfile bs=512 count=256;
else
echo ...;
fi
}
function GNUPGPCHECK ()
{
if [[ $ENCRYPTION == GNUPGP ]]; then
source LUKSUS.gnupgp;
else
echo .;
fi
}
function OPENSSLCHECK ()
{
if [[ $ENCRYPTION == OPENSSL ]]; then
source LUKSUS.openssl;
else
echo .;
fi
}
function DEVICEEXISTS ()
{
if [ -e "$device" ]; then
echo "OK, $device exists";
else
echo "$device was not found. $programname is now exiting";
exit 1;
fi
}
function DISPLAYLOGO ()
{
if [ $width -gt 119 ]; then
$TAILAPP -n 12 LUKSUS.logo 2> /dev/null || tail -n 12 LUKSUS.logo;
$TAILAPP -n 12 LUKSUS.logo 1>welcomelogo.$$ 2> /dev/null || tail -n 12 LUKSUS.logo >welcomelogo.$$
dialogsize="17 123"
else
$HEADAPP -n 6 LUKSUS.logo 2> /dev/null || head -n 6 LUKSUS.logo;
$HEADAPP -n 6 LUKSUS.logo 1>welcomelogo.$$ 2> /dev/null || head -n 6 LUKSUS.logo >welcomelogo.$$
dialogsize="12 60"
fi
}
function DISPLAYSUMMARY ()
{
echo Timestamp:
date;
echo Results of LUKSUS:;
echo DRIVE: $device;
echo NAME: $name;
echo SECURITYMODE: $SECURITYMODE;
echo KEYFILE: $keyfile;
echo MOUNTPOINT: $mountpoint;
echo HEADER BACKUP: $headerbackup;
echo ENCRYPTION USED: $ENCRYPTION;
echo CONTAINER $luksfile $luksfilesize;
echo MOUNTPOINT: `mount | grep $name`;
echo `df -h | head -n 1`;
echo `df -h | grep $name`;
echo "";
echo Volumestatus:;
echo $VOLUMESTATUS 1>> $keydir/$name.information 2>> $keydir/$name.information;
echo "################################################";
time2="$(date +%s.%N)";
ls -l $device
}
function DISPLAYSUMMARYGRAPHICAL ()
{
$dialogapp --msgbox "Volume creation procedure is complete. Press enter to view a summary. All the following information can also be found in\n$keydir/$name.information" 0 0;
$dialogapp --title "Showing the contents of file: $keydir/$name.information" --textbox $keydir/$name.information 0 0;
}
function DONTSHREDIFLOOPBACK ()
{
if [[ $LOOPBACKDEVICE == false ]] && [[ $UNAME == Linux ]]; then
echo "Okay we are using a physical device $device ...";
echo Shredding ...;
shred -f -v -n1 $device || gshred -f -v -n1 $device;
else
if [[ $LOOPBACKDEVICE == false ]] && [[ UNAME == DragonFly ]]; then
echo On DragonFlyBSD. Okay cool.;
echo in the middle of the shredding.place;
gshred -f -v -n1 $device;
else
if [[ $LOOPBACKDEVICE == false ]] && [[ $UNAME == FreeBSD ]]; then
echo On FreeBSD. Okay cool.;
echo in the middle of the shredding.place;
gshred -f -v -n1 $device;
else
echo "$device is a loopback device.";
fi;
fi;
fi
}
function DRAGONFLYHOUSEKEEPING ()
{
if [[ $UNAME == DragonFly ]]; then
echo We are on DragonFlyBSD here.;
alias ghead=head;
alias gshred=shred;
kldload dm;
vnconfig > /dev/null 2> /dev/null;
else
echo "";
fi
}
function FREEBSDHOUSEKEEPING ()
{
if [ $UNAME == FreeBSD ]; then
echo Doing FreeBSD specific housekeeping...;
HEADAPP=ghead
TAILAPP=gtail
SHREDAPP=gshred
kldload geom_eli 2>/dev/null;
freebsdloopnumber=$(echo $device|{ read; echo "${REPLY#${REPLY%?}}";})
echo $luksfilesize
keyfile=/keys/$name.key
headerbackup=/keys/$name.header
mountpoint=/mnt/$name
else
echo "";
fi
}
function GELI ()
{
if [[ $ENCRYPTION == GELI ]] && [[ $SECURITYMODE == PASSPHRASE ]]; then
echo Initializing $device with $ENCRYPTION;
geli init -B $headerbackup -s 4096 $device;
else
echo "";
fi
}
function GELIKEYFILE ()
{
if [[ $ENCRYPTION == GELI ]] && [[ $SECURITYMODE == KEYFILE ]]; then
echo Initializing $device with $ENCRYPTION with a keyfile
geli init -B $headerbackup -s 4096 -P -K $keyfile $device;
else
echo "";
fi
}
function GELIOPEN ()
{
if [[ $ENCRYPTION == GELI ]] && [[ $SECURITYMODE == KEYFILE ]]; then
echo Attempting to open the newly created $ENCRYPTION volume $name with $keyfile;
geli attach -p -k $keyfile $device;
cryptoinithelp="geli attach -k $keyfile $device";
VOLUMESTATUS=$(geli dump $device);
else
if [[ $ENCRYPTION == GELI ]] && [[ $SECURITYMODE == PASSPHRASE ]]; then
echo Attempting to open the newly created $ENCRYPTION volume $name;
geli attach $device;
cryptoinithelp="geli attach $device";
VOLUMESTATUS=$(geli dump $device);
else
echo "";
fi;
fi
}
function GRAPHICALVERIFYCHOICES ()
{
if [[ $GOGRAPHICAL = 1 ]]; then
$dialogapp --title "$programname $version" --yesno "\nDETAILS AS SUBMITTED BY THE USER
\n \n \n
ENCRYPTION USED: $ENCRYPTION
\n
NAME: $name \n
DRIVE: $device \n
MOUNTPOINT: $mountpoint \n
KEYFILE: $keyfile \n
HEADER BACKUP: $headerbackup\n
FILECONTAINER LOCATION: $luksfile\n
FILECONTAINER SIZE: $luksfilesize\n
SECURITYMODE: $SECURITYMODE\n
LOOPBACKDEVICE: $LOOPBACKDEVICE\n
OS: $UNAME\n\n
ARE THESE VALUES CORRECT? \n\nIF UNSURE SAY NO.
" 0 0;
case $? in
0)
;;
1)
echo "You have pressed NO. Exit LUKSUS.";
exit 1
;;
255)
echo "Box closed"
;;
esac;
else
echo "";
fi
}
function GRAPHICALWELCOME ()
{
if [[ $dialog == true ]]; then
$dialogapp --backtitle "$programname $version" \
--title "WELCOME" \
--exit-label "BEGIN" --textbox welcomelogo.$$ $dialogsize;
fi
}
function LOOPBACKMETHOD ()
{
if [[ $LOOPBACKDEVICE == true ]] && [[ $UNAME == Linux ]]; then
echo Beginning loopbackmethod on $device;
# enogh of this head nonsense
# head -c $luksfilesize /dev/zero > $luksfile;
dd if=/dev/zero of=$luksfile bs=$luksfilesize count=1
losetup -f 1>/dev/null 2> /dev/null;
losetup $device $luksfile;
loopbackhelp="losetup $device $luksfile";
else
if [[ $LOOPBACKDEVICE == true ]] && [[ $UNAME == DragonFly ]]; then
echo DragonFlyBSD - Nice...;
echo Beginning loopbackmethod on $device;
# ENOUGH OF THIS HEAD NONSENSE, GOING TO USE DD FROM NOW ON
#$HEADAPP -c $luksfilesize /dev/zero > $luksfile;
dd if=/dev/zero of=$luksfile bs=$luksfilesize count=1
vnconfig > /dev/null 2> /dev/null;
vnconfig $device $luksfile;
loopbackhelp="vnconfig $device $luksfile";
else
if [[ $LOOPBACKDEVICE == true ]] && [[ $UNAME == FreeBSD ]]; then
echo FreeBSD - Nice...;
echo $HEADAPP /dev/zero -c $luksfilesize > $luksfile;
echo mdconfig -a -t vnode -f $luksfile -u $freebsdloopnumber;
echo loopbackhelp="mdconfig -a -t vnode -f $luksfile -u $freebsdloopnumber";
## # No more head nonsense
## $HEADAPP /dev/zero -c $luksfilesize > $luksfile;
dd if=/dev/zero of=$luksfile bs=$luksfilesize count=1
echo dd if=/dev/zero of=$luksfile bs=$luksfilesize count=1
mdconfig -a -t vnode -f $luksfile -u $freebsdloopnumber;
loopbackhelp="mdconfig -a -t vnode -f $luksfile -u $freebsdloopnumber";
else
echo "Okay, not using a loopback device, proceeding in normal mode";
fi;
fi;
fi
}
function LOOPBACKTEST ()
{
if [[ $device == *loop* ]]; then
LOOPBACKDEVICE=true;
else
if [[ $device == *vn* ]]; then
LOOPBACKDEVICE=true;
else
if [[ $device == *md* ]]; then
LOOPBACKDEVICE=true;
else
if [[ $device == *vnd* ]]; then
LOOPBACKDEVICE=true;
else
LOOPBACKDEVICE=false;
fi;
fi;
fi;
fi
}
function LUKS ()
{
# Runtime Verification Checking
if [[ $ENCRYPTION == LUKS ]] && [[ $SECURITYMODE == PASSPHRASE ]]; then
dialog --msgbox "Proceeding with $ENCRYPTION" 0 0;
else
echo .
fi
if [[ $ENCRYPTION == LUKS ]] && [ -z `which cryptsetup` ] ; then
echo "Missing cryptsetup. Cannot continue using LUKS. Please install cryptsetup (cryptsetup package)";
exit 1
fi
if [[ $ENCRYPTION == LUKS ]] && [[ $SECURITYMODE == PASSPHRASE ]]; then
echo LUKS with passphrase mode
echo LUKS will now as you to provide a password for the encrypted container.
echo You will only be prompted for a password once. Type carefully.;
cryptsetup --batch-mode --verbose --cipher=aes-xts-plain64 luksFormat $device;
else
echo "";
fi
}
function LUKSKEYFILE ()
{
# Runtime Verification Checking
if [[ $ENCRYPTION == LUKS ]] && [[ $SECURITYMODE == KEYFILE ]]; then
dialog --msgbox "Proceeding with $ENCRYPTION" 0 0;
else
echo .
fi
if [[ $ENCRYPTION == LUKS ]] && [ -z `which cryptsetup` ] ; then
echo "Missing cryptsetup. Cannot continue using LUKS. Please install cryptsetup (cryptsetup package)";
exit 1
fi
if [[ $ENCRYPTION == LUKS ]] && [[ $SECURITYMODE == KEYFILE ]]; then
echo LUKS with keyfile;
cryptsetup --batch-mode --verbose --key-size=512 --cipher=aes-xts-plain64 luksFormat $device $keyfile;
else
echo "";
fi
}
function LUKSOPEN ()
{
if [[ $ENCRYPTION == LUKS ]] && [[ $SECURITYMODE == KEYFILE ]]; then
echo Attempting to open the newly created $ENCRYPTION volume $name with $keyfile;
cryptsetup luksOpen $device $name --key-file=$keyfile;
cryptoinithelp="cryptsetup luksOpen $device $name --key-file=$keyfile";
VOLUMESTATUS=$(cryptsetup status $name);
else
if [[ $ENCRYPTION == LUKS ]] && [[ $SECURITYMODE == PASSPHRASE ]]; then
echo Attempting to open the newly created $ENCRYPTION volume $name;
cryptsetup luksOpen $device $name;
cryptoinithelp="cryptsetup luksOpen $device $name";
VOLUMESTATUS=$(cryptsetup status $name);
else
echo "";
fi;
fi
}
function LUKSVERIFY ()
{
if [[ $ENCRYPTION = LUKS ]]; then
echo "Verifying LUKS volume";
cryptsetup isLuks $device || "echo "The device does not contain a LUKS volume. This is a problem since it should have a LUKS volume by now. Please check commandline arguments and try again" && exit 1";
echo "The device positively contains a LUKS volume.";
echo "Great!";
echo "Taking a backup of the LUKS container header";
cryptsetup luksHeaderBackup --header-backup-file=$headerbackup $device --verbose || "echo Something went wrong and LUKSUS failed to backup the LUKS header. Please check commandline arguments and try again. && exit 1";
echo "The LUKS container header has been backed up successfully";
echo "Great!";
else
echo "";
fi
}
function NETBSDHOUSEKEEPING ()
{
if [ $UNAME == NetBSD ]; then
echo We are on NetBSD here. Cool.;
alias ghead=head;
alias gshred=shred;
else
echo "";
fi
}
function OSTEST ()
{
if [[ $UNAME = Linux ]]; then
ENCRYPTION=LUKS;
echo On $UNAME, defaulting to $ENCRYPTION;
else
if [[ $UNAME = DragonFly ]]; then
ENCRYPTION=LUKS;
echo On $UNAME, defaulting to $ENCRYPTION;
else
if [[ $UNAME = FreeBSD ]]; then
ENCRYPTION=GELI;
echo On $UNAME, Encryption set to $ENCRYPTION;
else
if [[ $UNAME = NetBSD ]]; then
ENCRYPTION=CGD;
else
ENCRYPTION=LUKSUS;
echo No idea what I am running on $UNAME, defaulting to $ENCRYPTION;
fi;
fi;
fi;
fi
}
function TRUECRYPT ()
{
# Runtime Verification Checking
if [[ $ENCRYPTION == TRUECRYPT ]] && [[ $SECURITYMODE == PASSPHRASE ]]
then
dialog --msgbox "Proceeding with $ENCRYPTION" 0 0;
else
echo .
fi
if [[ $ENCRYPTION == TRUECRYPT ]] && [ -z `which tcplay` ] ; then
echo "Missing tcplay. Cannot continue. Please install Truecrypt (tcplay package). Note that you need the Libre Open Source tcplay Truecrypt package and not the Truecrypt package downloaded from the Truecrypt.com website" ;
exit 1
fi
if [[ $ENCRYPTION == TRUECRYPT ]] && [[ $SECURITYMODE == PASSPHRASE ]]; then
echo TrueCrypt mode;
tcplay --create --device=$device --cipher=AES-256-XTS;
else
echo "";
fi
}
function TRUECRYPTKEYFILE ()
{
# Runtime Verification Checking
if [[ $ENCRYPTION == TRUECRYPT ]] && [[ $SECURITYMODE == KEYFILE ]]
then
dialog --msgbox "Proceeding with $ENCRYPTION" 0 0;
else
echo .
fi
if [[ $ENCRYPTION == TRUECRYPT ]] && [ -z `which tcplay` ] ; then
echo "Missing tcplay. Cannot continue. Please install Truecrypt (tcplay package). Note that you need the Libre Open Source GPL tcplay Truecrypt package and not the Truecrypt package downloaded from the Truecrypt.com website" ;
exit 1
fi
if [[ $ENCRYPTION == TRUECRYPT ]] && [[ $SECURITYMODE == KEYFILE ]]; then
echo TrueCrypt mode;
tcplay --create --device=$device --cipher=AES-256-XTS --keyfile=$keyfile;
else
echo "";
fi
}
function TRUECRYPTOPEN ()
{
if [[ $ENCRYPTION == TRUECRYPT ]] && [[ $SECURITYMODE == PASSPHRASE ]]; then
echo Attempting to open and mount the newly created Truecrypt encrypted volume;
tcplay -m $name -d $device;
cryptoinithelp="tcplay -m $name -d $device";
VOLUMESTATUS=$(cryptsetup status $name);
else
if [[ $ENCRYPTION == TRUECRYPT ]] && [[ $SECURITYMODE == KEYFILE ]]; then
echo Attempting to open newly created Truecrypt volume $name;
tcplay -m $name -d $device -k $keyfile;
cryptoinithelp="tcplay -m $name -d $device -k $keyfile";
VOLUMESTATUS=$(cryptsetup status $name);
else
echo "";
fi;
fi
}
function WRITEINFORMATIONFILE ()
{
DISPLAYLOGO > $keydir/$name.information 2> $keydir/$name.information;
DISPLAYSUMMARY >> $keydir/$name.information 2>> $keydir/$name.information;
ls -l $keydir/$name* >> $keydir/$name.information 2>> $keydir/$name.information;
echo "" >> $keydir/$name.information 2>> $keydir/$name.information;
echo "In order to mount your newly encrypted volume, run the following:" >> $keydir/$name.information 2>> $keydir/$name.information;
echo "###" >> $keydir/$name.information 2>> $keydir/$name.information;
echo $loopbackhelp >> $keydir/$name.information 2>> $keydir/$name.information;
echo $cryptoinithelp >> $keydir/$name.information 2>> $keydir/$name.information;
echo $mounthelp >> $keydir/$name.information 2>> $keydir/$name.information;
echo "###" >> $keydir/$name.information 2>> $keydir/$name.information;
cp $keydir/$name.information $mountpoint
}
function GNUPGP(){
## adapted from Cyberciti: http://bash.cyberciti.biz/guide/The_file_selection_box
local f="$1"
local m="$0: file $f GPG Failed to encrypt file. Most probably due to password mismatch. Try again."
if [ -f $f ]
then
gpg -o $FILE.gpg --cipher-algo AES256 --symmetric $FILE && m="
\n Encryption completed successfully!
\n\n The file newly encrypted file is $FILE.gpg
\n Original file: $f
\n Cipher: AES-256
\n To decrypt file run: gpg $FILE.gpg
\n
\n Stay safe! :)"
else
m="$0: $f is not a file. You probably forgot to select file with the spacebar or specify the correct complete path to the file."
fi
dialog --title "$programname has encrypted $f with $ENCRYPTION" --msgbox "$m" $dialogsize
}
function OPENSSLDIRECTORY(){
# OpenSSL function
local f="$1"
local m="$0: file $f OpenSSL Failed to encrypt directory. Most probably due to password mismatch. Try again."
if [ -d $f ]
then
tar -zcf - $FILE | openssl aes-256-cbc -a -salt -out $FILE.encrypted.openssl && m="
\n Encryption completed successfully!
\n\n The directory encrypted file is $FILE.encrypted.openssl
\n Original file: $f
\n Cipher: AES-256
\n To decrypt the file run: openssl aes-256-cbc -d -a -in $FILE.encrypted.openssl -out $FILE.decrypted.openssl
\n Stay safe :)"
else
m="$0: $f is not a file. You probably forgot to select file with the spacebar or specify the correct complete path to the file."
fi
dialog --title "$programname has encrypted $f with $ENCRYPTION" --msgbox "$m" $dialogsize
}
function OPENSSL(){
# OpenSSL function
local f="$1"
local m="$0: file $f OpenSSL Failed. Most probably due to password mismatch. Try again."
if [ -f $f ]
then
openssl aes-256-cbc -a -salt -in $FILE -out $FILE.encrypted.openssl && m="
\n Encryption completed successfully!
\n\n The file newly encrypted file is $FILE.encrypted.openssl
\n Original file: $f
\n Cipher: AES-256
\n To decrypt the file run: openssl aes-256-cbc -d -a -in $FILE.encrypted.openssl -out $FILE.decrypted.openssl
\n Stay safe :)"
else
m="$0: $f is not a file. You probably forgot to select file with the spacebar or specify the correct complete path to the file."
fi
dialog --title "$programname has encrypted $f with $ENCRYPTION" --msgbox "$m" $dialogsize
}