#! /bin/sh
#
#     EncryptedFolders v1.0
#     Copyright 2009 Steve Oliver
#
#     This script is small, but I am still putting a notice as to the license it is released
#     under, just in case :). This script is licensed under the GPLv3 license, copies of the license
#     can be obtained at http://www.gnu.org/licenses/gpl.html.
#
#     This script creates 4 randomly generated 64 byte keys from the kernel random number
#     generator, then uses those keys to create and mount encrypted sparse disk images
#     on points of the filesystem where temporary data is stored. The non-blocking
#     urandom device is used to prevent system from stopping during boot, however random
#     could easily be used as long as we know the kernel is capable of giving us n*64
#     bytes of entropy where n is the number of images we're making at boot time.
#
#     Before every section is a line to delete any old image present on the filesystem
#     before making a new one and mounting it. The mount is hidden from the Finder, has
#     owners enabled and by default is owned by root:wheel. The mount is a union mount,
#     so any files that were already present in the directory will still be there, but
#     writes to the directory will be done to the new image.
#
#     On reboot or shutdown the effect is that all writes to these directories are disposed
#     of. If the machine is shut off the image will remain on disk but will not be readable
#     again, since the key was never stored anywhere and we don't know it. If the system is
#     rebooted the script will run again and delete the old images to make new ones.


echo "Generating temporary keys"
KEY1=`dd if=/dev/urandom bs=64 count=1`
KEY2=`dd if=/dev/urandom bs=64 count=1`
KEY3=`dd if=/dev/urandom bs=64 count=1`
KEY4=`dd if=/dev/urandom bs=64 count=1`

echo "Removing old sparse images and mounting new ones"

rm /privatevarfoldersimage.sparseimage
echo "Creating randomly encrypted disk image for /private/var/folders"
echo $KEY1 | hdiutil create -size 10000M -encryption -type SPARSE -fs HFS+ /privatevarfoldersimage -volname privatevarfolders -uid 0 -gid 0
echo "Mounting encrypted disk image for /private/var/folders"
echo $KEY1 | hdiutil attach /privatevarfoldersimage.sparseimage -mountpoint /private/var/folders -encryption -union -owners on -nobrowse -kernel
chmod 755 /private/var/folders

rm /privatevartmpimage.sparseimage
echo "Creating randomly encrypted disk image for /private/var/tmp"
echo $KEY2 | hdiutil create -size 10000M -encryption -type SPARSE -fs HFS+ /privatevartmpimage -volname privatevartmp -uid 0 -gid 0
echo "Mounting encrypted disk image for /private/var/tmp"
echo $KEY2 | hdiutil attach /privatevartmpimage.sparseimage -mountpoint /private/var/tmp -encryption -union -owners on -nobrowse -kernel
chmod 1777 /private/var/tmp

rm /privatetmpimage.sparseimage
echo "Creating randomly encrypted disk image for /private/tmp"
echo $KEY3 | hdiutil create -size 10000M -encryption -type SPARSE -fs HFS+ /privatetmpimage -volname privatetmp -uid 0 -gid 0 
echo "Mounting encrypted disk image for /private/tmp"
echo $KEY3 | hdiutil attach /privatetmpimage.sparseimage -mountpoint /private/tmp -encryption -union -owners on -nobrowse -kernel
chmod 1777 /private/tmp

rm /privatevarlogimage.sparseimage
echo "Creating randomly encrypted disk image for /private/var/log"
echo $KEY4 | hdiutil create -size 10000M -encryption -type SPARSE -fs HFS+ /privatevarlogimage -volname privatevarlog -uid 0 -gid 0
echo "Mounting encrypted disk image for /private/var/log"
echo $KEY4 | hdiutil attach /privatevarlogimage.sparseimage -mountpoint /private/var/log -encryption -union -owners on -nobrowse -kernel
chmod 755 /private/var/log