[TxMt] encryption command advice for TM "journal"

Paul Nordstrom August paul at archivistes.com
Thu Mar 3 11:49:53 UTC 2005 

hi everyone,
I've had a "perfect storm" of cable modem crashes (must move to DSL I 
think), new laptop (12" good, 15" much better! :), and many travels but 
I wanted to thank everyone for the advice since I posted this request a 
week or so ago.

I think Nick is on the right track with the applescript -- no reason 
really not to take advantage of it -- but even the 'simpler' 
suggestions are good ones. I guess in large part it depends on the 
physical security of the actual computer and the ultimate sensitivity 
of the data being stored.

I'm going to play around with this idea and see how it works...
cheers
Paul

On 3 Mar 2005, at 09:18, Nick Hristov wrote:

> This is good... for a start.
>
> alright some dark scripting magic below (enter this EXACTLY as it is 
> below, including newlines):
>
> openssl enc -e -aes128 -base64 -pass:`osascript -e "set answr to \"\"
> tell app \"Finder\"
> activate
> display dialog \"Please enter your secret magic word:\" default answer 
> answr buttons{\"OK\"} default button 1
> set answr to text returned of the result
> return the answr
> end tell
> "`
>
> Please also note that the example that Alan gave is somewhat 
> inaccurate in how it handles base64 encodings. I do not have the time 
> right now to resolve this issue (will play with it tonight and send 
> you the actual decryption command too). Now you do not have to worry 
> about environmental variables or TM preferences security (btw. the 
> security implications now are that nobody should be doing a process 
> list on your system at the time of the encryption... that could 
> compromise the password, but the timing must be very accurate).
>
> Now, who in this forum said that Applescript is useless and did not 
> want to implement it in TM ;) ?
>
> Nick
>
> On Feb 26, 2005, at 8:53 AM, Allan Odgaard wrote:
>
>> On Feb 26, 2005, at 15:15, Paul Nordstrom August wrote:
>>
>>> What I would like is an on-the-fly encryption -- i.e. select the 
>>> text and run a command to encrypt it (with a pre-set password). Then 
>>> I could store bank data etc securely.
>>
>> You can set the password as a custom shell variable for TextMate, go 
>> to preferences / advanced (name it e.g. TM_PASSWD). Then use this 
>> command to encrypt input (which you'd probably set to “selected 
>> text”) as AES-128:
>>    openssl enc -e -aes128 -base64 -pass env:TM_PASSWD
>>
>> To decrypt the block again, use this command:
>>    openssl enc -d -aes128 -base64 -pass env:TM_PASSWD
>>
>> Anyone who has access to your TextMate preferences file would be able 
>> to read the password. If this is sufficient security, then I'd 
>> suggest the above. You could also provide the password directly to 
>> the command using: “-pass pass:<password>”, this is less secure than 
>> the variable because other processes running on your machine might be 
>> able to intercept launch arguments.
>>
>> If you need better security, you could have the command ask for the 
>> password (e.g. using an applescript dialog) and maybe cache it in a 
>> file (readable only by current user) and maybe even have that file 
>> removed after n minutes.
>>
>> ______________________________________________________________________
>> For new threads USE THIS: textmate at lists.macromates.com
>> (threading gets destroyed and the universe will collapse if you don't)
>> http://lists.macromates.com/mailman/listinfo/textmate
>>
> ______________________________________________________________________
> For new threads USE THIS: textmate at lists.macromates.com
> (threading gets destroyed and the universe will collapse if you don't)
> http://lists.macromates.com/mailman/listinfo/textmate

More information about the textmate mailing list