The ability to password protect individual projects

User avatar
PWR
Posts: 21
Joined: Tue Oct 02, 2018 8:41 am
Platform: Mac
Contact:

Sat Dec 22, 2018 8:37 pm Post

kewms wrote:
PWR wrote:Edit: FileVault 2 (released with Mavericks) changed the encryption behaviour from home folder to disk-level, so anyone with permission to unlock the disk can see your home folder, and admins can change the permissions to allow read/write access (which seems like a step backwards in security to me...).


In corporate environments, this meets two requirements:
1. The IT department can help a user who forgets their password. They can also lock out a user more easily in the event that the password is compromised or the user is fired.
2. The user can't hide bad behavior from the company as easily.

"Step backward in security?" Not really. You shouldn't be keeping your own confidential data on a system that you don't personally control anyway. And if you *do* control the system, you shouldn't be giving admin access to people you don't trust.

Katherine


Please go away.

User avatar
devinganger
Posts: 1503
Joined: Sat Nov 06, 2010 1:55 pm
Platform: Mac, Win + iOS
Location: Monroe, WA 98272 (CN97au)
Contact:

Mon Dec 24, 2018 2:37 pm Post

PWR wrote:
kewms wrote:Katherine


Please go away.


You do realize you're being rude to one of the L&L staff, right? This is a public forum, not your private playground, and it's part of her job to read and participate in the forums. If she's taking the time to respond to your comments and explain things, that's good.
--
Devin L. Ganger, WA7DLG
Not a L&L employee; opinions are those of my cat
Winner "Best in Class", 2018 My First Supervillain Photo Shoot

rs
rswift
Posts: 2
Joined: Tue Jan 15, 2019 8:30 pm
Platform: Mac

Tue Jan 15, 2019 8:44 pm Post

Sorry to wade in on this, it is clear the thread has been running for a while... but I'm confused.

There are arguments put forward against encryption from a "how the product is engineered" perspective, which seems flawed to me? The user base is expressing a requirement, not asking for reasons why the current implementation can't meet that requirement?

Furthermore, whilst it is meaningful to be able to encrypt whole file systems, user partitions etc. it is also meaningful for someone to want to protect a given file - for example, maybe it is being shared and there is a risk that it could be intercepted in-transit.

I've had a peep inside the package (macOS) and in my mind, I would have thought that a relatively simple encryption approach whereby an encryption key is held, per project (so package) which is unlocked by a password when the project is opened, the key could be anything at all really (although there are obviously some well established options) and the key is then used to encrypt/decrypt files as they are saved/read - symmetric encryption is hardly putting the moon on a stick in the modern era!?

The overhead of real time encryption/decryption is unlikely to be noticeable to most users and the implementation would be pretty straightforward (although some healthy QA would be needed - maybe that's the real reason for the lack of desire, the prospect that even a small bug could render an entire project, or at least parts of it, unreadable)...

Anyway, just my two pennies, and I was mainly riled by the remarks about how the application *currently* works which lead me to register and waffle on for a bit...

Robert.

User avatar
lunk
Posts: 3477
Joined: Wed Aug 21, 2013 4:24 pm
Platform: Mac + iOS
Location: Sweden 64° N

Tue Jan 15, 2019 9:52 pm Post

rswift wrote:The user base is expressing a requirement, not asking for reasons why the current implementation can't meet that requirement?
.

No, they are expressing a wish, not a "requirement", and the developer has answered.
"I wish you would do this"
"No, sorry, I won’t."
That’s it!
This is not a negotiation between two parties trying to reach an agreement, it’s a wish-list. Some things that users wish for are implemented, because the developer xdecides that he wants to do it. Others aren’t.
Explaining why a wish won’t be implemented is a courtesy to us users, a nice gesture.
I am a user, writing non-fiction and science, using:
* Mac Scrivener 3 on a Macbook 12”, MacBook Pro 13”, and iMac 27”, all running the latest MacOS
* iOS Scrivener 1 on an iPhone 8, iPad Air 9.7”, and iPad Pro 12.9”, all running the latest iOS

rs
rswift
Posts: 2
Joined: Tue Jan 15, 2019 8:30 pm
Platform: Mac

Tue Jan 15, 2019 10:09 pm Post

lunk wrote:No, they are expressing a wish, not a "requirement", and the developer has answered.
"I wish you would do this"
"No, sorry, I won’t."
That’s it!
This is not a negotiation between two parties trying to reach an agreement, it’s a wish-list. Some things that users wish for are implemented, because the developer xdecides that he wants to do it. Others aren’t.
Explaining why a wish won’t be implemented is a courtesy to us users, a nice gesture.


wow! it's friendly round here?! First post and I get my head torn off... :?

My use of the term requirement was in relation to what the wish actually needs to do - as in a software requirement (I require it to protect my data from prying eyes) not a requirement that the developer does something... My issue is that telling the community how the app works, as an argument for not doing something, is bobbins and a rubbish way of engaging the community...

User avatar
rdale
Posts: 1616
Joined: Tue Jul 14, 2015 1:07 pm
Platform: Mac, Win + iOS
Location: St. Louis, MO
Contact:

Tue Jan 15, 2019 10:30 pm Post

I really don't see a "head getting torn off" here. Only a dry series of statements lacking :wink: or :D to imply tone. I'm not going to tell you how to feel about those statements, but if you're seeing an attack in those words, I don't understand how you're arriving at that conclusion.
FKA: robertdguthrie
AKA: R Dale Guthrie, Robert, Mr. Obscure, and "Oh, it's you again".

mb
mbbntu
Posts: 1084
Joined: Wed Aug 01, 2007 9:44 am
Platform: Mac + iOS
Location: Cambridge, UK.

Wed Jan 16, 2019 12:27 am Post

And maybe it is worth remembering that many people who frequent these forums are not native speakers of English. Tone is not an easy thing to convey, or perceive, in a language that is not your own. I know because I lived in another country for ten years and taught English there. And I must say that I have haunted these forums for about twelve years and have usually found the people here to be among the most generous and helpful I have found anywhere.
You should judge people not by how close they get to the top, but by how far they have come from the bottom. Some people have a mountain to climb just to get to the place where others start out. (Me, 2010)

User avatar
kewms
Posts: 5160
Joined: Fri Feb 02, 2007 5:22 pm
Platform: Mac

Wed Jan 16, 2019 2:56 am Post

rswift wrote:Sorry to wade in on this, it is clear the thread has been running for a while... but I'm confused.

There are arguments put forward against encryption from a "how the product is engineered" perspective, which seems flawed to me? The user base is expressing a requirement, not asking for reasons why the current implementation can't meet that requirement?


And if the user request can only be met by completely re-engineering the product?

Literature & Latte's position has always been that users are welcome to choose whatever product best meets their needs. We understand that Scrivener will not always be that product, and that's okay.

Your discussion of per-project encryption misses a critical aspect of Scrivener's design: the project format is open for a reason. We *want* users to be able to recover their data without using Scrivener. "We will not hold your data hostage" is one of the most important promises that we make. So we have no interest in any encryption solution that forces us to break that promise. In practice, that means that the encryption/decryption tool cannot be part of Scrivener.

If you want to protect a project in transit, abundant third-party tools are available.

Katherine
Scrivener Support Team

Ig
IgaRyu
Posts: 3
Joined: Fri Sep 13, 2019 8:00 am
Platform: Mac

Fri Sep 13, 2019 9:29 am Post

For those interested, waiting for Scrivener to find time and resources to create a method to apply a password to the project, I have created two scripts that generate and edit a full project directory encrypt all via openssl.

First of all you need to initialize the encryption project:
  1. Create a directory where you project will stay;
  2. move to that directory;
  3. run Scrivener and create an empty project then save it with the same name of the directory and then close Scrivener;
  4. run che CreateProject script.

Here the code of the CreateProject script;

Code: Select all

#!/bin/bash
CurDir="$(pwd)"
ProjName=$(basename "`pwd`")
cd /tmp
echo  'Creating file for  ' $ProjName '...'
read -p "Press [Enter] to continue or [CRTL-C] to interrupt process..."

mkdir "$ProjName"

mv "$CurDir"/"$ProjName".scriv "$ProjName"/
tar cf "$ProjName.tar" "$ProjName"
openssl des3 -salt -in "$ProjName".tar -out "$CurDir"/"$ProjName".tar.encrypt

echo -e "\n\nSecure erasing all clear text files and directories...."
bcwipe -md -fI "$ProjName".tar &&
bcwipe -md -rfI "$ProjName"/

#echo -e "\n\nAll clear text files and directories safely destroied...!!\n"

cd "$CurDir"
echo -e "\n\nEncrypted project "$ProjName" generated and ready to be used via EditProject."



Once created the encrypted project, every time you need to work on it do these operations:

  1. Move to the direcotory containing your encrypted project;
  2. Run the EditProject script... it will decrypt, untar, and open the project and standby waiting an [Enter] to be pressed in the terminal window;
  3. Move to the opened project and do your whatever you have to do in the project;
  4. Once finished close Scrivener (it is the surest way to be sure that the modified project has been saved before re-encrypting;
  5. Go back to the terminal windows and press [Enter]

and that's it!

Here the code of the EditProject script;

Code: Select all

#!/bin/bash

CurDir=$(pwd)
ProjName=$(basename "`pwd`")

cd /tmp
openssl des3 -d -salt -in "$CurDir"/"$ProjName".tar.encrypt -out "$ProjName".tar &&
tar pxf "$ProjName".tar &&


open /tmp/"$ProjName"/"$ProjName".scriv
read -p "Press [Enter] to continue after your editing job..."


tar cf "$ProjName".tar "$ProjName"/ &&
openssl des3 -salt -in "$ProjName".tar -out "$CurDir"/"$ProjName".tar.encrypt &&

echo -e "\n\nSecure erasing all clear text files and directories...."

bcwipe -md -fI "$ProjName".tar &&
bcwipe -md -rfI "$ProjName"/

echo -e "\n\nAll clear text files and directories securelly destroied !!\n"


The script EditProject must be run from the directory where the encrypt project is saved. All operations as, decrypting, untaring, running Scriver, saving and closing the project and rencrypting will be done in /tmp. The final encrypted file, result of your editind process, will be stored again in the directory from where it was initially read,

Notes:
1. For secure erasing I use bcwipe if you prefere simply deleting the files in the normal way change the lines

Code: Select all

bcwipe -md -fI "$ProjName".tar &&
bcwipe -md -rfI "$ProjName"/


with

Code: Select all

rm "$ProjName".tar &&
rm -r  "$ProjName"/


2. copy and past the scripts, once per file, and set them executable via chmod u+x ScriptName. The script can be in any executable directory reachable from the user.

3. You can also put a copy of the EditProject scritp into the folder containing the encrypted file.

4. if you want to run the EdiProject script via Finder remeber tha you must add .command suffix to the script name or Finder will not execute it. So the script name will be EditProject.command

Obviously, these two scripts can be used to protect anything: it is enough that what you want to open, can be opened via the open command via terminal.

Good writing!!

User avatar
kewms
Posts: 5160
Joined: Fri Feb 02, 2007 5:22 pm
Platform: Mac

Fri Sep 13, 2019 4:37 pm Post

Note that Scrivener may "leak" unencrypted data, notably via the automatic backup function. You may want to either disable automatic backups -- in which case protecting your data is entirely your responsibility -- or ensure that the backup location is also encrypted.

Katherine
Scrivener Support Team

Ig
IgaRyu
Posts: 3
Joined: Fri Sep 13, 2019 8:00 am
Platform: Mac

Sat Sep 14, 2019 6:51 pm Post

kewms wrote:Note that Scrivener may "leak" unencrypted data, notably via the automatic backup function. You may want to either disable automatic backups -- in which case protecting your data is entirely your responsibility -- or ensure that the backup location is also encrypted.

Katherine


I know the backup question, which also applies to snapshot files,: in my personal version I create a Backup folder in the folder that contains the .scriv file so everithung is included in the tar generated before encyption.

Not knowing where the user puts their own backup, or snapshot, files, I didn't includethem in the script, so to avoid errors like 'file not found ' which could scare users not accustomed to the bash.

IR

User avatar
kewms
Posts: 5160
Joined: Fri Feb 02, 2007 5:22 pm
Platform: Mac

Sun Sep 15, 2019 12:24 am Post

Snapshot files should be in the .scriv file with the rest of the project.

Another alternative is to disable automatic backups, and depend on your own (presumably secure) alternatives.

Katherine
Scrivener Support Team

As
Astaff
Posts: 97
Joined: Mon Jun 24, 2019 10:11 pm
Platform: Mac, Win + iOS

Sun Sep 15, 2019 12:50 am Post

Having my own security process, ie very strong password and fingerprint plus encrypted drive, secure anti-virus and malware protection, I see no reason to spend precious time protecting against the remote possibility someone goes to the extreme of chopping off my fingers and checking which ones I used, all for the dubious benefit of seeing what fairly ordinary work I’m writing.

User avatar
kewms
Posts: 5160
Joined: Fri Feb 02, 2007 5:22 pm
Platform: Mac

Sun Sep 15, 2019 1:04 am Post

*Shrug.* Different users have different needs. I'm not terribly concerned about security either, but I'm not a Chinese dissident, a vocal critic of the Saudi government, a US government whistleblower...

Nor do I deal with confidential data about other people on a regular basis.

Katherine
Scrivener Support Team

As
Astaff
Posts: 97
Joined: Mon Jun 24, 2019 10:11 pm
Platform: Mac, Win + iOS

Sun Sep 15, 2019 1:24 am Post

That’s what I use a Very good VPN for :)

And yes I do handle very sensitive data on a regular basis and my security is audited.

But as you say, each to their own needs.