# bash shell script to unlock encrypted disk in OS X 10.9

I finally buckled down and wrote my first bash shell script today.

I have been backing up my machines to two WD My Book 3 TB USB 3.0 Hard Drives.

I backup my hard drive to my server once a week. I also backup my hard drive to the WD USB drive every week.

I am swapping them out every week. I keep one drive at work at all times. This is keeping with the philosophy that at any one time I have

• one backup on-site
• one backup off-site

My only concern is that OS X leaves hard drives unencrypted by default. This means that anyone could plug an OS X-formatted drive into their Macintosh and read my files.

The solution: encryption.

On OS X, it is as easy as right-clicking on the hard drive in Finder and selecting ‘encrypt drive’. This is a good thing.

However, once I reconnect my USB drive I have to unlock the disk before I can make my backups. Complicating everything further, I divided the 3TB disk into four partitions: one for Cay’s computer, one for my boot drive, one for my /Users partition, and one that is on stand-by. So, every time I connect this drive I have to enter four different UUIDs to unlock the encrypted partitions.

Shell scripts to the rescue.

This weekend I spent some time learning to program UNIX shell scripts. I created a shell script to automate the unlocking of the USB drive upon connection. It was really fun investigating solutions for this. In the end I used many tools from the basic programming toolbox:

• variables
• redircts
• pipes
• regular expressions
• arrays
• and some more stuff

It was tons of fun and I learned a lot.

Here’s the code for the nerds out there.

#!/bin/bash

 # ================================================================= # Copyright 2014 Eduardo Sanchez # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # You should have received a copy of the GNU General Public License # along with this program. If not, see . # ================================================================== # This script is used to unlock encrypted hdds in OS X 10.9 # First open Disk Utility.app to see which hdd are available # 'locked' hdd will appear greyed-out open -g /Applications/Utilities/Disk\ Utility.app echo # collect the UUIDs of all of the attached hdd clear echo "These are the attached hard drives:" tempIFS=$IFS IFS=$'\n' diskutil cs list | grep -E "(Logical Volume) [A-F0-9]{8}-[A-F0-9]{4}-[A-F0-9]{4}-[A-F0-9]{4}-[A-F0-9]{12}" | cut -c 28-63 > hdd_UUIDs uuid=($(cat hdd_UUIDs)) IFS=$tempIFS echo # collect the names of the Logical Volumes (disk names) tempIFS=$IFS IFS=$'\n' diskutil cs list | grep "LV Name" | cut -c 36-70 > hdd_LV_Names dname=($(cat hdd_LV_Names)) IFS=$tempIFS # present the user with a listing of UUIDs and associated Logical Volume names echo "0." ${uuid[0]}${dname[0]} echo "1." ${uuid[1]}${dname[1]} echo "2." ${uuid[2]}${dname[2]} echo "3." ${uuid[3]}${dname[3]} echo "4." ${uuid[4]}${dname[4]} echo # ask the user which disk to unlock echo Select the hdd to unlock echo echo # gather the user's choice read DISK # DO NOT store the password as a variable! # Keep passwords in a protected vault such as LastPass, Keypass, or 1Password open -g /Applications/1Password\ 4.app # unlock the disk selected by the user diskutil cs unlockVolume ${uuid[$DISK]} -stdinpass # User then pastes the password to complete the unlocking of the hdd 

# TO DO List # # Figure out how to process the UUID and LV Name without creating # an intermediate file # # Incorporate logic that will only present 'Locked' volumes # # this will do away with needing the Disk\ Utility.app open # # incorporate some crazy Keyboard Maestro kung-foo to auto run this # script upon attaching an encrypted hdd 

# Introduction

I’m back.

After being absent from the blog world for many years I am giving it another go.

The purpose of this site is admittedly very selfish: remind me of all of the things I do/see/read/watch/experience. Although I welcome the world to read this blog, its primary purpose is to serve as my public brain.

That said, I hope you enjoy my musings and I welcome you to give me your feedback.