TheOuterLinux Mμse - Private Shotwell: Encrypted photo management

 ____       _            _         ____  _           _                _ _
|  _ \ _ __(_)_   ____ _| |_ ___  / ___|| |__   ___ | |___      _____| | |
| |_) | '__| \ \ / / _` | __/ _ \ \___ \| '_ \ / _ \| __\ \ /\ / / _ \ | |
|  __/| |  | |\ V / (_| | ||  __/  ___) | | | | (_) | |_ \ V  V /  __/ | |
|_|   |_|  |_| \_/ \__,_|\__\___| |____/|_| |_|\___/ \__| \_/\_/ \___|_|_|

        Using Shotwell and zuluCrypt for encrypted photo management
                          
                          by TheOuterLinux
                   https://theouterlinux.gitlab.io
                   
                     Last updated: 2020/07/13
                     
Discussion URL: https://www.reddit.com/r/TheOuterLinux/comments/hgivyn/private_shotwell_encrypted_photo_management/.compact

Requirements:
-------------
1. Shotwell (Photo/video manager)
2. zuluCrypt (Encryption program)

The steps:
----------
1. Create a container using ZuluCrypt; make sure that it is large enough
   to fit whatever images, photos, videos, etc. that you have or will
   have in the future because as far as I know, you cannot resize these
   containers and will have to create a new one if you need to upscale.
   
   - Open zuluzCrypt
   - Create --> Encrypted container in a file
   - Give it name, location, and a size.

2. Another window will open afterwards asking about what kind of 
   encrypted container you want to have. If you do not understand any
   of the options, then just use the defaults as they are but make sure
   to give it a password in the "Key" and "Repeat Key" input fields.
   These fields also allow you to use a file as a key instead if you
   have a hard time remembering passwords.
   
3. Next, create another container just for the database file and for the
   thumbnails Shotwell generates. This container does not have to be 
   large but that honestly depends on how many images you have. ~200MB
   should be fine for most people. You are creating a second container
   just for the database and thumbnail stuff because otherwise, you will
   get a recursive image importing issue since the thumbnails would be 
   in the same container/directory and would just keep adding more and 
   more thumbnails (i.e., thumbnails of thumbnails).
   
4. Create a custom .desktop file just for "Private Shotwell," or whatever
   you want to name or disguise it as. You could also add a "." in front
   of the container name to hide it from normal view when browsing the
   file manager, which most of them toggle on/off using Ctrl+h for hide
   and unhide. Be careful to take this into account when creating your
   PrivateShotwell.desktop file.
   
   Example contents of /usr/share/applications/PrivateShotwell.desktop
   are as follows, but you can also create this as 
   ~/.local/share/applications/PrivateShotwell.desktop if you have other
   users and do not want them seeing the option when they log in. If you
   do want everyone to have access, then in your file paths within Exec=,
   replace anything that looks like "/home/username/..." with
   "$HOME/..." Please pay attention and do not copy and paste the Exec
   or the Icon parts. Using the GUI version to mount will not give you
   accurate file paths.
   
   
   Example contents of PrivateShotwell.desktop:
   
       [Desktop Entry]
       Name=Private Shotwell
       GenericName=Photo Manager
       Comment=Organize your photos
       Keywords=album;camera;cameras;image;organize;photographs;
       Exec=sh -c "xterm -T 'Image Container...' -e sudo zuluCrypt-cli -o -d /path/to/LargeContainer -m LargeContainer && xterm -T 'Data Container...' -e sudo zuluCrypt-cli -o -d /path/to/DataAndThumbsContainer -m DataAndThumbsContainer && sudo shotwell --datadir=/run/media/private/root/DataAndThumbsContainer/ && sudo zuluCrypt-cli -q -d /path/to/LargeContainer -m LargeContainer && sudo zuluCrypt-cli -q -d /path/to/DataAndThumbsContainer -m DataAndThumbsContainer"
       Icon=/path/to/PrivateShotwellIcon.png
       Terminal=false
       Type=Application
       MimeType=x-content/image-dcf;
       Categories=Graphics;Photography;GNOME;GTK;
       X-GIO-NoFuse=true
       X-GNOME-Gettext-Domain=shotwell
       X-GNOME-FullName=Shotwell Photo Manager
       
   
   After saving, your applications menu should now have, or at least in
   this example, "Private Shotwell." The name of the file does not have
   to match the name of "Name=" part within the file but the system will
   automatically make whatever "Name=" you gave it look like that is the
   file name, even though it may not be. Not important; moving on...
   
   
5. Open the regular Shotwell so it can create a few files we need to
   copy/paste. The directory we are going to copy/paste to the encrypted
   data container directory is "~/.local/share/shotwell/data". If this is 
   confusing to you, try using Ctrl+h to toggle hidden files on and off
   while in your home ("~") directory. This is why we have "--datadir="
   in the .desktop file we created within the "Exec=" part.
   
   
6. Close the regular Shotwell.

   
7. Open "Private Shotwell" from the applications menu. A terminal (xterm)
   window will open and ask you for an admin password (sudo), followed
   by the password you used for [LargeContainer] and then another terminal 
   will open and ask for the password you used for [DataAndThumbsContainer].
   
   
8. Do the following while Private Shotwell is opened:
   
   - Edit --> Preferences
       
       Use settings:
       
       -- Import photos to [/path/to/encrypted/container/directory]
       -- [x] Watch library directory for new files
       -- [x] Write tags, titles, and other metadata to photo files
       
   - File --> Import From Folder...
   
       -- Use the encrypted container directory.
       
          
9. And then, our "Private Shotwell" will populate with images and videos,
   as well as any supported, embedded metadata for each photo if edited
   in that way from other software. And, the metadata you add should
   only stay within the specified "--datadir" as previously mentioned.
   This way, you do not have unwanted tags displayed on the side panel
   while running the regular Shotwell.
   
   
IMPORTANT
---------
If for some reason, your Private Shotwell sort of "blips" as far as
the terminals go and doesn't open Shotwell, you may need to run the
last two umount-related commands at the end of the PrivateShotwell.desktop
file's Exec part.


Tips
----
If you would like to start fresh in regards to that metadata, you can 
clear out a photos' metadata, or at least most of it, by installing 
'libimage-exiftool-perl' and running 'exiftool -all= *' in a terminal 
while 'cd'-ed into it. Be very careful with this because using "*" with 
'exiftool' does it recursively, meaning it also clears metadata within 
subdirectories. It will also create "*_original" copies of each of those 
files and you'll want to remove those.

I also recommend 'XnConvert' from https://www.xnview.com/en/xnconvert/ 
for batch converting/editing files since you can just drag-and-drop
folders full of images, which is very helpul for when people use PNG 
files for photos, for whatever reason. You can cut your file sizes in
half or more this way.

You can also encrypt an entire usb storage stick using zuluCrypt instead
of creating a file.