a handy utility to work with encrypted DMGs

Overview

edmgutil

edmgutil is a simple wrapper utility to hdiutil to help you work with disposable, encrypted DMGs. It can decompress an encrypted ZIP into a newly mounted encrypted DMG, create empty throwaway DMGs and automatically eject expired ones. This makes transferring and working with data that should only live for a short period of time for debugging purposes to developer machines a more convenient endeavour. The volume is individually encrypted and gets destroyed when ejected.

It also instructs the backup tool to disable backing up the volume in case someone accidentally adds it.

Installation

cargo install --git https://github.com/getsentry/edmgutil --branch main edmgutil

Note that this requires 7z to be installed. If you don't have it:

brew install p7zip

Importing Encrypted Zip Archives

edmgutil import /path/to/encrypted.zip

It will prompt for the password, then create an encrypted volumne with the same password and then extract the zip file into it and then delete the created dmg (unless -k is passed).

Once the DMG is ejected everything is gone again.

When the DMG is created a timestamp is frozen into it (defined by --days, defaults to 7). It's recommended to run edmgutil eject --expired regularly to automatically unmount expired images for instance by putting it into your crontab (see edmgutil cron).

To create an encrypted zip use 7zip:

7za a -tzip -p'the password' -mem=AES256 encrypted.zip folder

Just make sure to use a long password, maybe something like this:

openssl rand -hex 32

Creating Empty DMGs

To create an empty, encrypted DMG use the new command and provide the size of the DMG in megabytes. Alternatively you can provide a descriptive name which will become the volume name:

edmgutil new --size 100 --name "My Stuff"

Listing / Ejecting

To list and eject encrypted DMGs you can use the following commands:

edmgutil list
edmgutil eject --expired
edmgutil eject --all
edmgutil eject /Volumes/EncryptedVolume

Crontab

To ensure that expired images are ejected automatically when possible can can install a crontab which runs ejecting hourly:

edmgutil cron --install
You might also like...
A simple key-value store with a log-structured, append-only storage architecture where data is encrypted with AES GCM.

akvdb A simple key-value store with a log-structured, append-only storage architecture where data is encrypted with AES GCM. Modified from the actionk

Koofr Vault is an open-source, client-side encrypted folder for your Koofr cloud storage offering an extra layer of security for your most sensitive files.

Koofr Vault https://vault.koofr.net Koofr Vault is an open-source, client-side encrypted folder for your Koofr cloud storage offering an extra layer o

Bijou is a tiny yet fast encrypted file system.

Bijou ✨💎✨ Bijou (['bi:ʒu], French for "jewel") is a tiny yet fast encrypted filesystem, built upon RocksDB. Bijou provides a FUSE interface, as well

rustic_core - library for fast, encrypted, deduplicated backups that powers rustic-rs
rustic_core - library for fast, encrypted, deduplicated backups that powers rustic-rs

Library for fast, encrypted, and deduplicated backups About This library is powering rustic-rs. A backup tool that provides fast, encrypted, deduplica

A prototype project integrating jni rust into Kotlin and using protobuf to make them work together

KotlinRustProto a prototype project integrating jni rust into Kotlin and using protobuf to make them work together How to start add a RPC call in Droi

legitima is a work in progress LDAP provider for ORY Hydra.
legitima is a work in progress LDAP provider for ORY Hydra.

legitima is a work in progress LDAP provider for ORY Hydra. Together with it, it can be used as an OpenID Connect (OIDC) provider to authenticate to any OIDC capable apps.

Glommio Messaging Framework (GMF) is a high-performance RPC system designed to work with the Glommio framework.

Glommio Messaging Framework (GMF) The GMF library is a powerful and innovative framework developed for facilitating Remote Procedure Calls (RPCs) in R

Exploratory work on abigen in rust for Starknet 🦀

Starknet abigen for rust bindings This exploratory work aims at generating rust bindings from a contract ABI. Before the first release, we are termina

A fully p2p cli chat utility written in rust.

P2P Chat Client This is a simple demonstration of a peer to peer chat client, written entirely in rust utilising the libp2p library. Demo On two seper

Comments
  • build(deps): bump regex from 1.5.4 to 1.5.6

    build(deps): bump regex from 1.5.4 to 1.5.6

    Bumps regex from 1.5.4 to 1.5.6.

    Changelog

    Sourced from regex's changelog.

    1.5.6 (2022-05-20)

    This release includes a few bug fixes, including a bug that produced incorrect matches when a non-greedy ? operator was used.

    1.5.5 (2022-03-08)

    This releases fixes a security bug in the regex compiler. This bug permits a vector for a denial-of-service attack in cases where the regex being compiled is untrusted. There are no known problems where the regex is itself trusted, including in cases of untrusted haystacks.

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 0
  • feat: add a find downloads command

    feat: add a find downloads command

    This adds a command to manually check the downloads folder for accidentally placed files.

    Because browsers love to download files unprompted into the default download location it's not uncommon for you to accidentally places files there you really don't want to retain there. The find-downloads command can be useful for manual spot checking.

    opened by mitsuhiko 0
Owner
Sentry
Real-time crash reporting for your web apps, mobile apps, and games.
Sentry
An application for creating encrypted vaults for the GNOME desktop.

Vaults An application for creating encrypted vaults for the GNOME desktop. It currently uses gocryptfs and CryFS for encryption. Please always keep a

Martin Pobaschnig 51 Dec 17, 2022
age-encrypted secrets for NixOS; drop-in replacement for agenix

ragenix ragenix provides age-encrypted secrets for NixOS systems which live in the Nix store and are decrypted on system activation. Using ragenix to

YAXI 91 Jan 8, 2023
Trustworthy encrypted command line authenticator app compatible with multiple backups.

cotp - command line totp authenticator I believe that security is of paramount importance, especially in this digital world. I created cotp because I

Reply 71 Dec 30, 2022
An encrypted multi client messaging system written in pure Rust

?? Preamble This is a pure Rust multi-client encrypted messaging system, also known as Edode's Secured Messaging System. It is an end-to-end(s) commun

Edode 3 Sep 16, 2022
Dione is an anonymize and encrypted messaging system build on top on a peer to peer layer.

Secure and Anonymous Messaging WARNING: Currently Dione is not ready to be used nor does it fulfill its goal of being an anonymous messenger. In order

Dione 41 Jan 5, 2023
NymDrive is a complete, end-to-end encrypted file syncing daemon that runs over the Nym network.

NymDrive NymDrive is a complete, end-to-end encrypted file syncing daemon that runs over the Nym network. Features Active file monitoring of changes i

Hans Bricks 16 Jul 12, 2022
An open source desktop wallet for nano and banano with end-to-end encrypted, on chain messaging using the dagchat protocol.

An open source wallet with end-to-end encrypted, on chain messaging for nano and banano using the dagchat protocol.

derfarctor 22 Nov 6, 2022
Smarter brute-force password searching for PKZIP encrypted files

Zip Blitz Motivation This program was created for a very specfic problem I had. I had a large encrypted zip file that I lost/forgot the password for.

Michael 4 Jul 29, 2022
An HTTP proxy for assets (mainly images) to route requests through an always-encrypted connection.

camo-rs camo-rs is a frontend-compatible Rust-re-implementation of the now archived NodeJS-based atmos/camo - an HTTP proxy for assets (mainly images)

Dennis Schubert 7 Dec 8, 2022
Program to determine the password of an encrypted ZIP file via dictionary attack.

zip-dict-attack Program to determine the password of an encrypted ZIP file via dictionary attack. Inspired by this article. Usage Cargo is used to bui

null 2 Oct 8, 2022