Encrypted Journal Files?

Discussion:

Andy L

2018-10-07 15:39:47 UTC

I'd like to encrypt my journal files. Desired features:
- individual file encryption
- ability to check encrypted files into GitHub
- works with vim
- works with CSV import tools
- works with ledger's `import` feature

Yes I can always encrypt the whole directory...

But I prefer file-level encryption. Is anyone doing this? Does ledger or
hledger support plugins that would allow me to embed custom file I/O?

Thanks in advance.

--
---
You received this message because you are subscribed to the Google Groups "Ledger" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ledger-cli+***@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Martin Michlmayr

2018-10-07 15:41:28 UTC

Permalink

Post by Andy L
But I prefer file-level encryption. Is anyone doing this? Does
ledger or hledger support plugins that would allow me to embed
custom file I/O?

I'm not sure about ledger/hledger but beancount supports decryption
with GnuPG out of the box.
--
Martin Michlmayr
https://www.cyrius.com/

John Wiegley

2018-10-07 17:09:31 UTC

Permalink

Dániel Fancsali

2018-10-07 19:17:40 UTC

Permalink

Hello,

Have a look at git-crypt, I am experimenting with that. It looks promising.
Perhaps, I'll even put together a HOWTO in the near future.

Regards,
Dan

AL> But I prefer file-level encryption. Is anyone doing this? Does
ledger or
AL> hledger support plugins that would allow me to embed custom file I/O?
That's been on the feature list for ledger for a while (at least in my mind),
but loopback encryption is so cheap in terms of solution that it was never
worth the effort.
John
--
---
You received this message because you are subscribed to the Google Groups "Ledger" group.
To unsubscribe from this group and stop receiving emails from it, send an
For more options, visit https://groups.google.com/d/optout.

John Wiegley

2018-10-07 19:57:20 UTC

Permalink

DF> Have a look at git-crypt, I am experimenting with that. It looks
DF> promising. Perhaps, I'll even put together a HOWTO in the near future.

Hey, great idea! We're using that at work to store passwords.

John

Andy L

2018-10-09 02:04:22 UTC

Permalink

I use git-crypt and it's a nice tool. But my desire is for the files to be
encrypted on disk, not just in the git repo. Best would be for the files
to be decrypted on-demand.

Something like this.

cat <encrypted journal file> | my_decrypt_script | ledger ...

But AFAIK this can't work with journal files that have 'include' statements.

So instead I'm doing whole-folder encryption with eCryptfs (on ubuntu...)

This works OK. But IMO it would be better if there was an IO plugin system
like beancount...

Post by DÃ¡niel Fancsali
Hello,
Have a look at git-crypt, I am experimenting with that. It looks
promising. Perhaps, I'll even put together a HOWTO in the near future.
Regards,
Dan

jungle boogie

2018-10-07 19:56:47 UTC

Permalink

Thus said Andy L on Sun, 7 Oct 2018 08:39:47 -0700 (PDT)

Scrypt can encrypt individual files without the need for all the GPG mess:
https://github.com/Tarsnap/scrypt

Of course you won't be able to open an encrypted file with vim.

Post by Andy L
But I prefer file-level encryption. Is anyone doing this? Does ledger or
hledger support plugins that would allow me to embed custom file I/O?
Thanks in advance.

Lifepillar

2018-10-07 20:41:12 UTC

Permalink

Post by jungle boogie
Thus said Andy L on Sun, 7 Oct 2018 08:39:47 -0700 (PDT)

https://github.com/Tarsnap/scrypt
Of course you won't be able to open an encrypted file with vim.

Vim supports encrypted files transparently (see `:help encryption`),
if you are happy with Blowfish. Otherwise, there are plugins for
transparently editing GPG-encrypted files.

Life.

Simon Michael

2018-10-09 21:58:00 UTC

Permalink

Post by Andy L
- individual file encryption
- ability to check encrypted files into GitHub
- works with vim
- works with CSV import tools
- works with ledger's `import` feature
Yes I can always encrypt the whole directory...
But I prefer file-level encryption. Is anyone doing this? Does ledger or
hledger support plugins that would allow me to embed custom file I/O?

I'd like to know how to do this too.

Committing encrypted files gives up readable history, diffs etc., but
that's the tradeoff.

My editor (Emacs) is set up to decrypt .gpg files automatically. I could
encrypt journal files and always run h/ledger from within Emacs, maybe
via some helper macros/elisp.

hledger doesn't support IO plugins. That could be nice.

But this loopback method that John mentioned is probably easier and more
command-line friendly. (I haven't researched it.)

Yuri Khan

2018-10-10 04:42:00 UTC

Permalink

Post by Simon Michael
Committing encrypted files gives up readable history, diffs etc., but
that's the tradeoff.

No, it doesn’t. The Pass[1] password manager stores passwords as
GPG-encrypted text files in a Git repository, and it registers a diff
driver for such files so you get readable diffs.

[1]: https://www.passwordstore.org/

It’s not terribly complicated either:

* The .gitattributes file in the root of repository contains the line
“*.gpg diff=gpg”.
* .git/config contains a section:

[diff "gpg"]
binary = true
textconv = gpg2 -d --quiet --yes --compress-algo=none
--no-encrypt-to --batch --use-agent

Simon Michael

2018-10-10 13:21:25 UTC

Permalink

Post by Yuri Khan

Post by Simon Michael
Committing encrypted files gives up readable history, diffs etc., but
that's the tradeoff.

No, it doesn’t. The Pass[1] password manager stores passwords as
GPG-encrypted text files in a Git repository, and it registers a diff
driver for such files so you get readable diffs.
[1]: https://www.passwordstore.org/
* The .gitattributes file in the root of repository contains the line
“*.gpg diff=gpg”.
[diff "gpg"]
binary = true
textconv = gpg2 -d --quiet --yes --compress-algo=none
--no-encrypt-to --batch --use-agent

Interesting!

Andy L

2018-10-10 16:31:43 UTC

Permalink

I wrote a script that uses `ecryptfs` to encrypt a directory of plain-text
journal files.

https://gist.github.com/andyl/36ba81e2ccd3c8ebcff8b14179d8ef09

Encrypted files are saved as individual files, such that you can use 'git
diff' to see what's changed. You can either encrypt the filenames or leave
them in plain text. Directory structure is preserved.

Júlio Maranhão

2018-10-11 05:46:51 UTC

Permalink

Post by Andy L
I wrote a script that uses `ecryptfs` to encrypt a directory of plain-text
journal files.

Why don't you use the defaults? Like: ecryptfs-{setup,mount,umount}-private

You can choose to (no-)auto (un)mount and the key is your login password
(instead see -w option). Super simple. Of course you need to backup the
mountkey but only one pass is used anyway. This is a local solution. No
multi-remote-partners and key changes/management. Your requirements are a
bit multi cases.

Why do you need local files to be encrypted?*

* X Y problem.

Andy L

2018-10-11 10:29:19 UTC

Permalink

Yeah that looks good. I didn't know about
ecryptfs-{setup,mount,umount}-private.

I've got something that works for me, and now I'm out of time to tweak. If
anyone else wants to post example scripts I will watch with interest.

Post by JÃºlio MaranhÃ£o

Post by Andy L
I wrote a script that uses `ecryptfs` to encrypt a directory of
plain-text journal files.

Why don't you use the defaults? Like: ecryptfs-{setup,mount,umount}-private
You can choose to (no-)auto (un)mount and the key is your login password
(instead see -w option). Super simple. Of course you need to backup the
mountkey but only one pass is used anyway. This is a local solution. No
multi-remote-partners and key changes/management. Your requirements are a
bit multi cases.
Why do you need local files to be encrypted?*
* X Y problem.

Continue reading on narkive:

Search results for 'Encrypted Journal Files?' (Questions and Answers)

replies

How can I lock a file?

started 2009-06-09 15:27:42 UTC

security

replies

how can i keep what i write in my journal/ diary safe from parents?

started 2018-12-13 03:40:41 UTC

books & authors

replies

What is better for a teen/tween, writing a journal online, or on paper?