caesar/Thunderbird Launcher.applescript

## readme.md

      
    Raw
  

              readme.md
            
          
    Synopsis

Normally Thunderbird stores your profile (including all email and all passwords) unencrypted. There is a (buggy) feature allowing you to encrypt your passwords with a "Master Password", but no ability to encrypt your emails when they are stored on your hard drive.
The solution is to store your profile on an encrypted disk image, but it becomes annoying having to mount the disk image before opening Thunderbird, and it is also annoying having the mounted disk show up in the Finder all the time.
This script handles the mounting and unmounting of the disk image automatically when opening and closing Thunderbird, and hides the disk in the finder.
DISCLAIMER:

I am not a security expert. This software represents my good faith effort to improve the security of the storage of a Thunderbird profile, in particular emails stored locally. I strongly recommend using a master password in Thunderbird in addition to the technique described in this document. I accept no responsibility for any security flaws in the technique described herein, or in the acompanying script. I do not recommend using this software or technique unless you fully understand how it works and whether it is appropriate to your situation.
Setup


In AppleScript Editor, save the script as an application at /Applications/Thunderbird Launcher.app.
Create an encrypted sparse bundle disk image at ~/Library/Thunderbird/Profiles/Thunderbird Profile.sparsebundle
Copy your profile onto the disk image, move the original to the Trash, and Secure Empty Trash. (This is more secure than moving your old profile onto the disk image, which will leave a possibly-recoverable copy behind.)
Create a symlink from the old profile location to the profile on the disk image.

Usage


Instead of directly launching Thunderbird.app, always launch Thunderbird Launcher.app.
OS X will prompt you for the password to your disk image. (You can tell it to remember your password in the Keychain if you want, though I prefer not to.)
When the disk image has mounted Thunderbird will be launched (but not shown in Finder).
When you quit Thunderbird, the disk image will be automatically unmounted (assuming Thunderbird Launcher is still running in the background, which it should be).


## Thunderbird Launcher.applescript
-- Thunderbird Launcher app
-- Mounts a disk image before launching Thunderbird, and unmounts it when Thuderbird closes
-- by Caesar Schinas, based on ideas at http://hintsforums.macworld.com/showthread.php?t=26597

on run
	set diskname to "Thunderbird Profile"
	set diskpath to "~/Library/Thunderbird/Profiles/Thunderbird Profile.sparsebundle"
	set itemname to "/Applications/Thunderbird"
	tell application "Finder"
		if not (exists the disk diskname) then
			do shell script ("hdiutil attach " & quoted form of ¬
				POSIX path of (diskpath as string) & " -nobrowse -mount required")
			repeat until name of every disk contains diskname
				delay 1
			end repeat
		end if
		tell application "Thunderbird"
			reopen
			activate
		end tell
	end tell
	delay 10
end run

-- remainder based on hint by puffyn at macosxhints.com ("Quick Applescript to Mount Disk Image")
on idle
	set diskname to "Thunderbird Profile"
	tell application "Finder"
		if not (exists the disk diskname) then
			return
		else
			set x to the name of every process
			if "Thunderbird" is not in x then
				doUnmountIfMounted(diskname) of me
				tell application "Thunderbird Launcher" to quit
			end if
		end if
	end tell
	return 2
end idle


on doUnmountIfMounted(diskname)
	tell application "Finder"
		if not (disk diskname exists) then
			return
		end if
	end tell
	set devname to "disk # unknown"
	try
		set devname to do shell script "mount | grep " & quoted form of diskname & " | cut -f1-1 -d \" \" | cut -f3-3 -d \"/\""
		do shell script ("hdiutil unmount /Volumes/" & quoted form of diskname & " -force")
		do shell script ("hdiutil detach " & devname & " -force")
	on error errText number errNum
		tell me to display dialog "Error " & errNum & ": " & errText & ¬
			" (" & "volName = " & diskname & "; devname = " & devname & ")." buttons {"OK"} default button {"OK"} with icon caution
	end try
end doUnmountIfMounted
	-- Thunderbird Launcher app
	-- Mounts a disk image before launching Thunderbird, and unmounts it when Thuderbird closes
	-- by Caesar Schinas, based on ideas at http://hintsforums.macworld.com/showthread.php?t=26597

	on run
	set diskname to "Thunderbird Profile"
	set diskpath to "~/Library/Thunderbird/Profiles/Thunderbird Profile.sparsebundle"
	set itemname to "/Applications/Thunderbird"
	tell application "Finder"
	if not (exists the disk diskname) then
	do shell script ("hdiutil attach " & quoted form of ¬
	POSIX path of (diskpath as string) & " -nobrowse -mount required")
	repeat until name of every disk contains diskname
	delay 1
	end repeat
	end if
	tell application "Thunderbird"
	reopen
	activate
	end tell
	end tell
	delay 10
	end run

	-- remainder based on hint by puffyn at macosxhints.com ("Quick Applescript to Mount Disk Image")
	on idle
	set diskname to "Thunderbird Profile"
	tell application "Finder"
	if not (exists the disk diskname) then
	return
	else
	set x to the name of every process
	if "Thunderbird" is not in x then
	doUnmountIfMounted(diskname) of me
	tell application "Thunderbird Launcher" to quit
	end if
	end if
	end tell
	return 2
	end idle


	on doUnmountIfMounted(diskname)
	tell application "Finder"
	if not (disk diskname exists) then
	return
	end if
	end tell
	set devname to "disk # unknown"
	try
	set devname to do shell script "mount \| grep " & quoted form of diskname & " \| cut -f1-1 -d \" \" \| cut -f3-3 -d \"/\""
	do shell script ("hdiutil unmount /Volumes/" & quoted form of diskname & " -force")
	do shell script ("hdiutil detach " & devname & " -force")
	on error errText number errNum
	tell me to display dialog "Error " & errNum & ": " & errText & ¬
	" (" & "volName = " & diskname & "; devname = " & devname & ")." buttons {"OK"} default button {"OK"} with icon caution
	end try
	end doUnmountIfMounted