GnuCash Encryption

UPDATE (April 14, 2011) : There is an FAQ to this article posted here!

Background

I like to use GnuCash to keep track of my finances. I haven't had any problems with GnuCash in all of my years using it. There's even a portable version for Windows which has also proved itself useful to me.

There is only one drawback to GnuCash, and it is only a drawback to me because I'm paranoid about finances. GnuCash does not use any built-in encryption. This is easily alleviated, though. I created an encrypted disk image using TrueCrypt. Normally, I mount the image, use GnuCash along with any bank statements that I also put on the image, close GnuCash, then dismount the drive. I don't leave the image mounted if I'm not actively using it.

Because I'm me, I scripted this.

#!/bin/sh

truecrypt $HOME/bank.tc /media/truecrypt52 && \
gnucash /media/truecrypt52/bank/GnuCash/bankstuff.gnucash && \
truecrypt -d $HOME/bank.tc

This hardly counts as a script. It's only one line. However, this one line automates everything I usually do. I only have to double-click the script file, and everything is ready.

How It Works

The && on each line means that the command after it will only run if the command before it runs successfully.

The first command mounts my encrypted bank image. I find that I have to use /media/truecrypt?? where ?? is a one or two digit number. This command launches a dialog box to enter the image password. If the password is incorrectly entered, truecrypt returns 1 instead of 0 (success), exiting the script.

Then, GnuCash is opened. The script waits until I close GnuCash to continue. So far, I haven't had GnuCash return anything but success.

The final line dismounts the image.

Caveats

All files relating to the encrypted image should be closed before closing GnuCash. Once GnuCash is closed, the script will try to dismount the drive. I don't know if truecrypt will wait to dismount the drive if a file is currently open.

The paths to all of the files involved are hard-coded in the script. If you change any file names or paths, remember to update the script.