alichtman / deadbolt Goto Github PK
View Code? Open in Web Editor NEWDead-simple file encryption for any OS
License: MIT License
Dead-simple file encryption for any OS
License: MIT License
Hello,
Got the following error message when I'm trying to encrypt or decrypt a file with filename containing "("
AND / OR ")"
chars.
Sample: Photos (3)
Encryption was done properly despite the error message, but decrypt was not working at all.
The action “Run AppleScript” encountered an error: “sh: -c: line 0: syntax error near unexpected token `('
sh: -c: line 0: `cd '/Users/...
Thanks
Leaking passwords in command line args is an issue: https://security.stackexchange.com/questions/70911/bash-command-argument-security
Solution: https://unix.stackexchange.com/a/76951
But, I'm not thrilled about writing the password to a file... If anyone forensically examines the drive, the files will likely come up.
EDIT: Anyone worried about forensic examination of their drive should be using TAILS, Whonix, Qubes, etc.
But, assuming any user can see the running processes, the password will be leaked, so I guess that's the lesser of two evils.
Going to figure out how to make the default opening application this quick action. Then, people will be able to double click on these icons and be prompted for the password for decryption.
Currently set up on my own taps repo.
PR to homebrew: Homebrew/homebrew-cask#81197
Call writeConfigFileSync()
to update config once done.
An AppleScript extension could be written to enable this.
So, the Automator workflow and app must stay, as those are what allow the "right-click on a file encrypt" and "double click on a file auto-decrypt" features to work, respectively.
They don't need to contain any logic besides "pass args to the electron app".
Windows release script needed.
Add fixed-size buffer at head of encrypted file for password hint.
Need a UI element, as well.
set encryptionKey to the text returned of (display dialog "Enter an encryption password for file: " & fileToBeEncrypted default answer "")
set encryptionKeyConfirmation to the text returned of (display dialog "Enter the password again: " default answer "")
Either prompt user to set the flags upon install or just call safeCreateDefaultConfig()
and leave configuration up to those that want to RTFM.
XML sucks.
This would make it so that files encrypted by other programs (that didn't include the hash) will be able to be decrypted. This would remove the guarantee that the files are decrypted properly, however.
Use it on:
set encryptionKey to the text returned of (display dialog "Enter an encryption password for file: " & fileToBeEncrypted default answer "")
set encryptionKeyConfirmation to the text returned of (display dialog "Enter the password again: " default answer "")
And remove the .zip file. Depends on #1.
Please add to snap repository. It's officially supported in Ubuntu 20.04 by default now.
➜ echo "QuickLock" | xxd
00000000: 5175 6963 6b4c 6f63 6b0a QuickLock.
Read ~/.encrypt-decrypt.conf
to set options like:
.encrypted
extension (#3)AppImage for Linux could work across all Linux distributions.
Popular applications as Bitwarden and Joplin (Open Source alternative to EverNote) have begun to offer their app for Linux as an AppImage by default.
For integration with the system, "appimaged" can be installed by users and the instructions for it are very simple.
https://github.com/AppImage/AppImageKit#appimaged-usage
https://www.booleanworld.com/creating-linux-apps-run-anywhere-appimage/
When you Quick Lock a file, it creates a .encrypted file for what you just encrypted, however the original file is still in finder.
$ sudo apt install deadbolt_1.0.0_amd64.deb
Notice: The following will be installed to satisfy deadbolt:
libappindicator3-1
============================================================================================================================================
Removing
============================================================================================================================================
Package: Version: Size:
gir1.2-ayatanaappindicator3-0.1 0.5.91-1 33 KB
libayatana-appindicator3-1 0.5.91-1 90 KB
network-manager-gnome 1.28.0-1ubuntu1 2.2 MB
polychromatic 0.8.0 40 KB
polychromatic-tray-applet 0.8.0 77 KB
psensor 1.1.5-1.3ubuntu2 378 KB
remmina 1.4.27+dfsg-2 966 KB
remmina-plugin-rdp 1.4.27+dfsg-2 179 KB
remmina-plugin-secret 1.4.27+dfsg-2 41 KB
remmina-plugin-vnc 1.4.27+dfsg-2 83 KB
transmission-gtk 3.00-2.1build1 1.1 MB
ubuntu-desktop 1.497 55 KB
ubuntu-desktop-minimal 1.497 55 KB
ubuntu-release-upgrader-gtk 1:22.10.8 217 KB
update-manager 1:22.10.4 1.1 MB
update-notifier 3.192.59.2 309 KB
============================================================================================================================================
Auto-Removing
============================================================================================================================================
Package: Version: Size:
gir1.2-snapd-2 1.63-0ubuntu1 73 KB
libavahi-ui-gtk3-0 0.8-6ubuntu1 122 KB
libfreerdp-client2-2 2.8.1+dfsg1-0ubuntu1.1 865 KB
libminiupnpc17 2.2.3-1build1 79 KB
libnatpmp1 20150609-7.1build2 30 KB
libvncclient1 0.9.13+dfsg-4 195 KB
mobile-broadband-provider-info 20220725-1 544 KB
polychromatic-cli 0.8.0 66 KB
polychromatic-common 0.8.0 1.1 MB
polychromatic-controller 0.8.0 2.4 MB
psensor-common 1.1.5-1.3ubuntu2 221 KB
python3-colour 0.1.5-3 74 KB
python3-debconf 1.5.79ubuntu1 18 KB
python3-pyqt5.qtsvg 5.15.7+dfsg-1build1 157 KB
python3-pyqt5.qtwebchannel 5.15.7+dfsg-1build1 80 KB
python3-pyqt5.qtwebengine 5.15.6-1 702 KB
remmina-common 1.4.27+dfsg-2 1.8 MB
transmission-common 3.00-2.1build1 897 KB
update-notifier-common 3.192.59.2 1.5 MB
============================================================================================================================================
Installing
============================================================================================================================================
Package: Version: Size:
libappindicator3-1 12.10.1+20.10.20200706.1-0ubuntu1 23 KB
============================================================================================================================================
Upgrading
============================================================================================================================================
Package: Old Version: New Version: Size:
deadbolt 0.1.0 1.0.0 316 KB
============================================================================================================================================
Summary
============================================================================================================================================
Remove 16 Packages
Auto-Remove 19 Packages
Install 1 Packages
Upgrade 1 Packages
Total download size 23 KB
Disk space to free 17.7 MB
Do you want to continue? [Y/n] ^C
Aborted!
https://superuser.com/a/1092184
@shobrook There should be some handler for opening a file with deadbolt. (https://www.electronjs.org/docs/api/app#event-open-file-macos)
Note that this Node.js version does not verify the length of GCM authentication tags. Such a check must be implemented by applications and is crucial to the authenticity of the encrypted data, otherwise, an attacker can use an arbitrarily short authentication tag to increase the chances of successfully passing authentication (up to 0.39%). It is highly recommended to associate one of the values 16, 15, 14, 13, 12, 8 or 4 bytes with each key, and to only permit authentication tags of that length, see NIST SP 800-38D.
http://doc.codingdict.com/nodejs-ref/crypto.html#crypto_decipher_setauthtag_buffer
Going to need to host my own tap at the beginning. https://github.com/Homebrew/brew/blob/master/docs/How-to-Create-and-Maintain-a-Tap.md
brew create https://github.com/alichtman/macOS-encrypt-decrypt-quick-actions/archive/v1.0.tar.gz
Have a default, but allow it to be overridden by an environment variable.
I guess something changed with the IPC APIs.
Uncaught TypeError: C.sendSync is not a function
at r.onEncrypt (App.js:49:41)
at onSubmitWrapper (CryptForm.js:30:4)
at Object.s (react-dom.production.min.js:14:84)
at m (react-dom.production.min.js:14:238)
at react-dom.production.min.js:14:292
at y (react-dom.production.min.js:15:72)
at ot (react-dom.production.min.js:52:170)
at nt (react-dom.production.min.js:51:255)
at st (react-dom.production.min.js:52:334)
at mt (react-dom.production.min.js:56:10)
https://www.electronjs.org/docs/latest/tutorial/ipc this probably has an answer.
Notes to self:
fix-ipc
branch on arctic
.Might have to write a QuickLook plugin. https://developer.apple.com/library/archive/documentation/UserExperience/Conceptual/Quicklook_Programming_Guide/Articles/QLProjectConfig.html#//apple_ref/doc/uid/TP40005020-CH5-SW5
?
?
If it's encrypted, open decrypt screen. Otherwise, show encryption screen.
It would be awesome to have password hints in deadbolt similar to how its implemented in Encrypto Mac App.
Potentially it could be tagged onto the unencrypted file data
$ npm run build
npm WARN config tmp This setting is no longer used. npm stores temporary files in a special
npm WARN config location in the cache, and they are managed by
npm WARN config [`cacache`](http://npm.im/cacache).
> [email protected] build
> react-scripts build
Creating an optimized production build...
Error: error:0308010C:digital envelope routines::unsupported
at new Hash (node:internal/crypto/hash:67:19)
at Object.createHash (node:crypto:133:10)
at module.exports (/home/alichtman/Desktop/Development/projects/deadbolt-source-and-packages/deadbolt/node_modules/webpack/lib/util/createHash.js:135:53)
at NormalModule._initBuildHash (/home/alichtman/Desktop/Development/projects/deadbolt-source-and-packages/deadbolt/node_modules/webpack/lib/NormalModule.js:417:16)
at handleParseError (/home/alichtman/Desktop/Development/projects/deadbolt-source-and-packages/deadbolt/node_modules/webpack/lib/NormalModule.js:471:10)
at /home/alichtman/Desktop/Development/projects/deadbolt-source-and-packages/deadbolt/node_modules/webpack/lib/NormalModule.js:503:5
at /home/alichtman/Desktop/Development/projects/deadbolt-source-and-packages/deadbolt/node_modules/webpack/lib/NormalModule.js:358:12
at /home/alichtman/Desktop/Development/projects/deadbolt-source-and-packages/deadbolt/node_modules/loader-runner/lib/LoaderRunner.js:373:3
at iterateNormalLoaders (/home/alichtman/Desktop/Development/projects/deadbolt-source-and-packages/deadbolt/node_modules/loader-runner/lib/LoaderRunner.js:214:10)
at iterateNormalLoaders (/home/alichtman/Desktop/Development/projects/deadbolt-source-and-packages/deadbolt/node_modules/loader-runner/lib/LoaderRunner.js:221:10)
/home/alichtman/Desktop/Development/projects/deadbolt-source-and-packages/deadbolt/node_modules/react-scripts/scripts/build.js:19
throw err;
^
Error: error:0308010C:digital envelope routines::unsupported
at new Hash (node:internal/crypto/hash:67:19)
at Object.createHash (node:crypto:133:10)
at module.exports (/home/alichtman/Desktop/Development/projects/deadbolt-source-and-packages/deadbolt/node_modules/webpack/lib/util/createHash.js:135:53)
at NormalModule._initBuildHash (/home/alichtman/Desktop/Development/projects/deadbolt-source-and-packages/deadbolt/node_modules/webpack/lib/NormalModule.js:417:16)
at /home/alichtman/Desktop/Development/projects/deadbolt-source-and-packages/deadbolt/node_modules/webpack/lib/NormalModule.js:452:10
at /home/alichtman/Desktop/Development/projects/deadbolt-source-and-packages/deadbolt/node_modules/webpack/lib/NormalModule.js:323:13
at /home/alichtman/Desktop/Development/projects/deadbolt-source-and-packages/deadbolt/node_modules/loader-runner/lib/LoaderRunner.js:367:11
at /home/alichtman/Desktop/Development/projects/deadbolt-source-and-packages/deadbolt/node_modules/loader-runner/lib/LoaderRunner.js:233:18
at context.callback (/home/alichtman/Desktop/Development/projects/deadbolt-source-and-packages/deadbolt/node_modules/loader-runner/lib/LoaderRunner.js:111:13)
at /home/alichtman/Desktop/Development/projects/deadbolt-source-and-packages/deadbolt/node_modules/babel-loader/lib/index.js:59:103 {
opensslErrorStack: [ 'error:03000086:digital envelope routines::initialization error' ],
library: 'digital envelope routines',
reason: 'unsupported',
code: 'ERR_OSSL_EVP_UNSUPPORTED'
}
This can be fixed by changing package.json
to:
"scripts": {
"build": "export NODE_OPTIONS=--openssl-legacy-provider; react-scripts build",
"dist": "rm -rf dist/* && electron-builder",
"eject": "react-scripts eject",
"electron-pack": "build --em.main=build/electron.js",
"electron-start": "electron .",
"pack": "electron-builder --dir",
"postinstall": "electron-builder install-app-deps",
"preelectron-pack": "yarn build",
"start": "export NODE_OPTIONS=--openssl-legacy-provider; react-scripts start",
"test": "react-scripts test"
},
Then there's an error stemming from window.require
that I don't have time to debug right now
Add a checksum into the filename when it's encrypted. After decrypting, verify the checksum. Throw an error to the user if they don't match.
Because not everyone sits in a terminal all day...
Would be cool if we could do this.
Travis, but idk if this is even possible since the files have to actually be selected in Finder to be used as input for the script...
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.