Talk:TIP Encrypted GNUCash

From Gentoo Linux Wiki

i added another version of the script that only uses the shell. for further questions contakt me at psychosmurfz[at]googlemail[dot]com

---

It seems that there are many advantages to using a loop-mounted encrypted filesystem like TrueCrypt over doing the file-level encryption described here.

First, the files would never exist in unencrypted form on the hard disk, so if your laptop is stolen you don't have to worry that you left gnucash running while the batteries ran out.

Second, you can keep the mount point out of reach of your nightly backup program, so you don't back up the files in unencrypted form, even if gnucash is left running. As long as the block file itself is in your home directory and backed up, you are okay.

Third, you can run the programs like gnucash in the normal way rather than wrapping them in a script. As long as you arrange for the encrypted file system to be mounted during your login session, the encryption is transparent.

The only disadvantage is that you have to preallocate the block file, but gnucash files are on the order of a megabyte, so a 50MB file should be fine.

Finally, I added this to the FAQ on the gnucash wiki, and I will repeat it here. If you use the online banking feature of GnuCash, be aware that all your account numbers and user IDs (e.g., SSN) are stored in plain text in ~/.banking/settings.conf. You need to arrange to have this encrypted as well. I simply replace ~/.banking with a symlink to the real .banking directory in the encrypted filesystem.