Hello, today I’d like to write about a small thing I use to keep my GnuCash’s file secure (on a GNU/Linux platform). But, at first, for those who don’t know, GnuCash is a program for accounting personal finances. A little annoyance with it is that the application can’t protect its files with password, therefore anyone may open your file and count the money.
The solution I selected is to encrypt the file with the help of external tools. I searched after how to do that, and found one and another posts (in Russian) that recommend using openssl. I made use of the information and created a bash-script to simplify the encoding/decoding process:
Updated on Dec 16
A newer version is available here: link.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39
Save the script, then “chmod +x” it. Also, you should prepare the encrypted file in the following way. Run openssl enc -e -aes-256-cbc -in your_file -out your_encrypted_file in the terminal (substitute your_file and your_encrypted_file with your filenames), input password that you’ll use to get access to the file, and delete the original file.
Basically, what the script does is it asks for the password, decrypts the $FILE file and backups it, runs gnucash, and then encrypts it again with the same password. The last command shreds all temporary GnuCash’s files.
I use KDE4, that’s why the script launches kdialog to ask for the password.
IMHO, it’s a good approach to start with, although there is an issue that when the gnucash is running, the decrypted file is available for any program. There should be a solution for this.
Thanks for reading. If you have any questions, leave a comment.