____ _ _ ____ _ _ _ _ | _ \ _ __(_)_ ____ _| |_ ___ / ___|| |__ ___ | |___ _____| | | | |_) | '__| \ \ / / _` | __/ _ \ \___ \| '_ \ / _ \| __\ \ /\ / / _ \ | | | __/| | | |\ V / (_| | || __/ ___) | | | | (_) | |_ \ V V / __/ | | |_| |_| |_| \_/ \__,_|\__\___| |____/|_| |_|\___/ \__| \_/\_/ \___|_|_| Using Shotwell and zuluCrypt for encrypted photo management by TheOuterLinux https://theouterlinux.gitlab.io Last updated: 2021/08/14 Discussion URL (Reddit): https://www.reddit.com/r/TheOuterLinux/comments/hgivyn/private_shotwell_encrypted_photo_management/.compact Discussion URL (LinuxQuestions.org): https://www.linuxquestions.org/questions/blog/theouterlinux-1169710/theouterlinux-m-se-private-shotwell-encrypted-photo-management-38292/#comments Requirements: ------------- 1. Shotwell (Photo/video manager) 2. zuluCrypt (Encryption program) The steps: ---------- 1. Create a container using ZuluCrypt; make sure that it is large enough to fit whatever images, photos, videos, etc. that you have or will have in the future because as far as I know, you cannot resize these containers and will have to create a new one if you need to upscale. - Open zuluzCrypt - Create --> Encrypted container in a file - Give it name, location, and a size. 2. Another window will open afterwards asking about what kind of encrypted container you want to have. If you do not understand any of the options, then just use the defaults as they are but make sure to give it a password in the "Key" and "Repeat Key" input fields. These fields also allow you to use a file as a key instead if you have a hard time remembering passwords. 3. Next, create another container just for the database file and for the thumbnails Shotwell generates. This container does not have to be large but that honestly depends on how many images you have. ~200MB should be fine for most people. You are creating a second container just for the database and thumbnail stuff because otherwise, you will get a recursive image importing issue since the thumbnails would be in the same container/directory and would just keep adding more and more thumbnails (i.e., thumbnails of thumbnails). 4. Create a custom .desktop file just for "Private Shotwell," or whatever you want to name or disguise it as. You could also add a "." in front of the container name to hide it from normal view when browsing the file manager, which most of them toggle on/off using Ctrl+h for hide and unhide. Be careful to take this into account when creating your PrivateShotwell.desktop file. Example contents of /usr/share/applications/PrivateShotwell.desktop are as follows, but you can also create this as ~/.local/share/applications/PrivateShotwell.desktop if you have other users and do not want them seeing the option when they log in. If you do want everyone to have access, then in your file paths within Exec=, replace anything that looks like "/home/username/..." with "$HOME/..." Please pay attention and do not copy and paste the Exec or the Icon parts. Using the GUI version to mount will not give you accurate file paths. Example contents of PrivateShotwell.desktop: [Desktop Entry] Name=Private Shotwell GenericName=Private Shotwell Comment=Organize your photos Keywords=album;camera;cameras;image;organize;photographs; Exec=sh -c "xterm -T 'Mounting image container...' -e sudo zuluCrypt-cli -o -d /path/to/LargeContainer -m LargeContainer && notify-send 'Private image container mounted.' && xterm -T 'Mounting data container...' -e sudo zuluCrypt-cli -o -d /path/to/DataAndThumbsContainer -m DataAndThumbsContainer && notify-send 'Private data container mounted.' && sudo shotwell --datadir=/run/media/private/root/DataAndThumbsContainer/ && xterm -T 'Unmounting containers...' -e sudo zuluCrypt-cli -q -d /path/to/LargeContainer -m LargeContainer && notify-send 'Private image container unmounted.' && sudo zuluCrypt-cli -q -d /path/to/DataAndThumbsContainer -m DataAndThumbsContainer && notify-send 'Private data container unmounted.'" Icon=/path/to/PrivateShotwellIcon.png Terminal=false Type=Application MimeType=x-content/image-dcf; Categories=Graphics;Photography;GNOME;GTK; X-GIO-NoFuse=true X-GNOME-Gettext-Domain=shotwell X-GNOME-FullName=Private Shotwell After saving, your applications menu should now have, or at least in this example, "Private Shotwell." The name of the file does not have to match the name of "Name=" part within the file but the system will automatically make whatever "Name=" you gave it look like that is the file name, even though it may not be. Not important; moving on... 5. Open the regular Shotwell so it can create a few files we need to copy/paste. The directory we are going to copy/paste to the encrypted data container directory is "~/.local/share/shotwell/data". If this is confusing to you, try using Ctrl+h to toggle hidden files on and off while in your home ("~") directory. This is why we have "--datadir=" in the .desktop file we created within the "Exec=" part. 6. Close the regular Shotwell. 7. Open "Private Shotwell" from the applications menu. A terminal (xterm) window will open and ask you for an admin password (sudo), followed by the password you used for [LargeContainer] and then another terminal will open and ask for the password you used for [DataAndThumbsContainer]. 8. Do the following while Private Shotwell is opened: - Edit --> Preferences Use settings: -- Import photos to [/path/to/encrypted/container/directory] -- [x] Watch library directory for new files -- [x] Write tags, titles, and other metadata to photo files - File --> Import From Folder... -- Use the encrypted container directory. 9. And then, our "Private Shotwell" will populate with images and videos, as well as any supported, embedded metadata for each photo if edited in that way from other software. And, the metadata you add should only stay within the specified "--datadir" as previously mentioned. This way, you do not have unwanted tags displayed on the side panel while running the regular Shotwell. IMPORTANT --------- If for some reason, your Private Shotwell sort of "blips" as far as the terminals go and doesn't open Shotwell, you may need to run the last two umount-related commands at the end of the PrivateShotwell.desktop file's Exec part. Tips ---- If you would like to start fresh in regards to that metadata, you can clear out a photos' metadata, or at least most of it, by installing 'libimage-exiftool-perl' and running 'exiftool -all= *' in a terminal while 'cd'-ed into it. Be very careful with this because using "*" with 'exiftool' does it recursively, meaning it also clears metadata within subdirectories. It will also create "*_original" copies of each of those files and you'll want to remove those. I also recommend 'XnConvert' from https://www.xnview.com/en/xnconvert/ for batch converting/editing files since you can just drag-and-drop folders full of images, which is very helpul for when people use PNG files for photos, for whatever reason. You can cut your file sizes in half or more this way. You can also encrypt an entire usb storage stick using zuluCrypt instead of creating a file.