Firstly, thanks for letting me register, and of course for AESCrupt tool, that I've been using off and on for some years now, Windows and Linux.
These days, 99.99% of the time I use Linux (currently LMDE 5 64 bit on an Intel based machine.)
I have a script (code at the end of this mail) that I use, to automate the decrypting what is in effect "my secret info", launch an editor to view/update said data file, then when that is exited, if the plaintext file has changed, to re-encrypt it again.
Then overwrite the plaintext and delete it. The PC uses classic roatating rust type mass storage...
The .aes file is a little under 50k in size at present.
All that worked well for the last few years, but now after some kernel update or whatever, I often as not get a partial decryption, with the rest of the plain text file full of "junk".
Of course I abort the process, the script checks that the plaintext file has not changed and just exits.
If I use AESCrypt manually from the command line on the SAME .aes file as the script was using, it decrypts just fine 100% of the time without issue, and I can then view/edit it as needed, etc etc...
Reading the AESCrypt online document file, I have not seen anything that indicates if or what the Linux command line executable returns to the shell in the way of result/error codes. I presume it does, but as yet, I've not found the info.
(Mind you, it wouldnt be the first time I've missed "hidden in plain view" info. Mk1 aged eyes and faded grey cell etc...)
Anyway.. Are there any recomended ways/methods to use AESCrypt in such an automated way, that prevents such wierdness.
Or specificaly what NOT to do!
In particular, to make sure the decryption process has fully completed, before launching the editor. (I am not a seasoned shell scripting type.)
As before, it all ran fine up 'till recently, as I originally created the script on Linux Mint 19.3 last year, plus it worked well at first on LMDE (Linux Mint Debian Edition) v5 up to about a month ago. Both OS's 64 bit running on an Intel i3 box. (The same hardware after upgrade due to Mint 19.3 falling out of support. The machine is maxed out at 8G RAM rarely over 50% used, and even then, no noticed performance issues.)
Any advice / hints welcome.
Regards To All.
Dave.
System details:-
Linux hp-compaq-sfdt 5.10.0-25-amd64 #1 SMP Debian 5.10.191-1 (2023-08-16) x86_64 GNU/Linux
CPU:
Info: Quad Core model: Intel Core i5-2400S bits: 64 type: MCP arch: Sandy Bridge rev: 7 L2 cache: 6 MiB
flags: avx lm nx pae sse sse2 sse3 sse4_1 sse4_2 ssse3 vmx bogomips: 19957
Speed: 2806 MHz min/max: 1600/3300 MHz Core speeds (MHz): 1: 2806 2: 2787 3: 2741 4: 2771
My script below.... (No passwords included!)
Code: Select all
#!/bin/bash
# Declare a funciton to ask for a key, encrypt and rename.
encrypt () {
aescrypt -e ~/Documents/tmp.txt
mv ~/Documents/tmp.txt.aes ~/Documents/test-text.txt.aes
}
# make backup of .aes file.
cp ~/Documents/test-text.txt.aes ~/Documents/test-text-backup.txt.aes
# decrypt original .aes file and display. AESCrypt asks for password/key
aescrypt -d -o - ~/Documents/test-text.txt.aes > ~/Documents/tmp.txt
# Calculate md5 of decrypted file
md5f1=$(md5sum ~/Documents/tmp.txt | cut -d' ' -f1)
# view and maybe edit it
xed ~/Documents/tmp.txt
# recalculate md5 again to detect any saved changes
md5f2=$(md5sum ~/Documents/tmp.txt | cut -d' ' -f1)
# warn and/or re-encrypt? Also asking for password/key
if [ "$md5f1" != "$md5f2" ]; then
echo "!!File HAS CHANGED!!"
read -e -p "Re-Encrypt with changes (y/N) ? " choice
[[ "$choice" != [Yy]* ]] && echo "do nowt" || encrypt
fi
echo "Erasing Temp File"
# overwrite temp file with random data (1 megabyte for now) then delete.
head -c 1M </dev/urandom >~/Documents/tmp.txt
# for some sort of security
rm ~/Documents/tmp.txt
exit
