Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

10.4: Secure delete items directly from the Finder System 10.4
Tiger only hintI was getting annoyed with having to either move stuff to Trash and secure delete it there, or to open a Terminal and use srm.

To ease my frustrations, I hacked up my first Automator workflow. Launch Automator, and then add these actions:
  1. In the Library column, choose the Automator item, then drag the Ask for confirmation: Action to the work area on the right. Set the Message to Securely delete selected file(s)? and the Explanation to This operation cannot be undone.

  2. Now select the Finder entry in the Library column, and drag the Get Selected Finder Items Action to the work area, below the previous command.

  3. Finally, choose the Automator Library item again, and drag the Run Shell Script action to the bottom of the work area. Make sure that the Shell variable is set to /bin/sh, and change the Pass Input pop-up to as arguments. For the script itself, use the following:
    #!/bin/sh
    for i in "$@"
    do
      srm -rmf "$i"
    done
    
Save this as a Finder plug-in (File: Save as Plug-in; I called mine "Secure Delete"), and now you can select any number of files/folders in Finder, control-click on the selection, and then select Automator -> Secure Delete from the contextual menu. Files deleted this way are obviously not recoverable, which is why I added the confirmation step ... you can omit that action if you're brave enough.

I'd love to make this even more useful by creating a keyboard shortcut for it, but although I can create the shortcut in the Mouse & Keyboard control panel, and it shows up on the Finder contextual menu, it doesn't work. Anyone managed to do this yet?

[robg adds: Be aware that secure deleting takes a bit of time, so if you think the plug-in isn't doing anything, make sure you check teh Autmator status indicator in the menu bar; it will let you know that it's still working on deleting your selection. In testing, it took roughly 35 seconds to delete an 860KB test file on my 2.0GHz Dual G5.]
    •    
  • Currently 3.17 / 5
  You rated: 5 / 5 (6 votes cast)
 
[18,966 views]  

10.4: Secure delete items directly from the Finder | 18 comments | Create New Account
Click here to return to the '10.4: Secure delete items directly from the Finder' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
"Shell" menu is empty
Authored by: Toadling on Sep 06, '05 12:43:33PM

I'd like to try this hint but for some reason the "Shell" menu in the "Run Shell Script" action is empty (i.e. the valid set is empty). So I can't set it to /bin/sh, or anything else for that matter. Any idea why this is? I tried rebooting, swapping out Automater prefs, fixing permissions, and logging in as a different user - none of which seemed to make any difference.



[ Reply to This | # ]
Faster deletes
Authored by: ekc on Sep 06, '05 02:56:38PM
robg adds: Be aware that secure deleting takes a bit of time...

Depending on your level of paranoia, a single-pass overwrite (srm -rfs) may be good enough. It would thwart any software recovery utility, and you've gotta wonder if your data is worth so much to someone that they would hire a pro to open up the drive and piece it back together...

I wrote an AppleScript to delete files in one pass and called it "Tear It Up" just to remind me that what it's doing is quick but not exactly industrial strength. It also beeps once when it's done, which is not a bad idea for a time-consuming script. I haven't used Automator, but isn't there a way to add an AppleScript beep to the end of the workflow?

[ Reply to This | # ]

Faster deletes
Authored by: calum on Sep 12, '05 07:00:52AM

Good idea... couldn't see an Automator action for beeping, but in this case you can just add a line to the end of the shell script (i.e. on a new line after "done"):

osascript -e 'beep 1'

or

osascript -e 'say "Files Deleted"'

[ Reply to This | # ]
Faster deletes
Authored by: mbogosian on Sep 13, '05 03:04:04AM
Depending on your level of paranoia, a single-pass overwrite (srm -rfs) may be good enough. It would thwart any software recovery utility, and you've gotta wonder if your data is worth so much to someone that they would hire a pro to open up the drive and piece it back together...

Chances are that when running srm on a journalling file system (like newer installations of HFS+ with journalling turned on) it won't matter how many passes you make. The only difference would be time (there is little-to-no added security value). So, if you have journalling turned on, but still want to use srm, I see little reason not to use -s.

Of course, I have not verified that OS X's srm doesn't somehow magically account for all the implications of journalling, but I would be surprised if it does. Can anyone speak more intelligently on this?



[ Reply to This | # ]
104: Secure delete items directly from the Finder
Authored by: hamarkus on Sep 06, '05 03:41:24PM

Rob, either this is a type or G5s are really slow...

Secure deleting a 30 MB file took 17 seconds on my 1GHz Powerbook.



[ Reply to This | # ]
104: Secure delete items directly from the Finder
Authored by: zane on Sep 06, '05 05:12:32PM

Which, compared to a virtually instantaneous <i>non-secure</i> deletion of that same file, is kinda slow if you're not used to it. 17 times slower, in fact, all without visual feedback. Hence Rob's heads-up.



[ Reply to This | # ]
104: Secure delete items directly from the Finder
Authored by: zane on Sep 06, '05 05:26:51PM
Ah, just re-read Rob's comment. Yep, 35 seconds is darn slow for 860kb! Took me 32 seconds for a 101mb file [1.67Ghz Powerbook]. Must be a typo.

Woo, and I remembered to post HTML formatted this time. ;P

[ Reply to This | # ]
104: Secure delete items directly from the Finder
Authored by: Arlo on Sep 06, '05 04:46:13PM
Handy workflow. I've added it to my site for those who just want to download it intact: http://www.automatorworld.com/2005/09/06/secure-delete/

Note that as with most Finder plugins, the first "Get Selected Finder items" is unnecessary.

---
www.automatorworld.com
"Better Living Through Macintosh Scripting"

[ Reply to This | # ]

104: Secure delete items directly from the Finder
Authored by: ylon on Sep 06, '05 10:58:00PM

Sorry for not being familiar enough with Automator, but how do you actually install this properly for usage?



[ Reply to This | # ]
104: Secure delete items directly from the Finder
Authored by: Arlo on Sep 07, '05 09:58:58AM

Open the workflow in Automator, go to File > Save as Plug-in, and save it as a Finder plug-in. The workflow will now appear in your Finder contextual in the Automator sub-menu

---
www.automatorworld.com
"Better Living Through Macintosh Scripting"



[ Reply to This | # ]
104: Secure delete items directly from the Finder
Authored by: identd on Sep 07, '05 02:23:01AM
I extended the applescript listed here: Display the size of the trash prior to emptying"
I have included options to secure delete. Any additions to this would be great!

on run {}
	-- Initalize variables 
	set pretime to current date
	set trashcontents to {}
	set trashamount to 0
	set itemstoskip to 0
	-- Grab a list of trash contents for each user 
	set thePath to path to current user folder
	try -- See  if the trashfolder exists 
		set theResult to my GetTrashContents((thePath as string) 
			& ":.Trash" as alias, trashamount)
		if (item 1 of theResult is not {}) then
			set end of trashcontents to "** User " & (do shell script "whoami") & "'s Trash Contents **" as string
			set itemstoskip to itemstoskip + 2
			set trashcontents to trashcontents & item 1 of theResult
			set trashamount to (item 2 of theResult) -- supercede new value 
		end if
	end try
	--Grab a list of trash contents for each volume mounted 
	set list_volumes to list disks
	repeat with thevolume in list_volumes
		try
			set theResult to my GetTrashContents(thevolume & 
				":.Trashes:" & (do shell script "echo $UID") as alias, trashamount)
			if ((item 1 of theResult is not {}) and (item 1 of theResult is not {space})) then
				set end of trashcontents to "** Volume " & thevolume & 
					"'s Trash Contents **" as string
				set itemstoskip to itemstoskip + 2
				set trashcontents to trashcontents & item 1 of theResult
				set trashamount to (item 2 of theResult) -- increment trashamount by theamount 
			end if
		end try
	end repeat
	-- Filter the list & format amount 
	if {trashamount = 0} then
		display dialog "Trash currently contains no items" buttons 
			{"Ok"} default button 1
		return false
	end if
	--display dialog trashamount as string
	set amount to my FormatSize(trashamount) -- Format trashamount 
	set filteredlist to my FilterList(trashcontents)
	set filtercount to (count of filteredlist) --Count of items in filteredlist 
	set filecount to ((count of trashcontents) - itemstoskip) --Count of items in thefiles 
	set theButton to ""
	set thesizebytes to trashamount
	-- Show user the information gathered 
	copy trashcontents to temp1
	set end of trashcontents to {"1 Pass Random"}
	set end of trashcontents to {"DOD Spec"}
	set end of trashcontents to {"35 Pass Gutmann algorithm"}
	
	set theResult to choose from list trashcontents with title 
		"Choose a method of Deletion ..." with prompt "There are " & filecount & " files" & " in the trash totaling " & amount & return & return 
		& "Empty Trash?" OK button name "Empty Trash" with empty selection allowed
	if theResult contains " - " then
		set theFile to item 2 of my stringtolist(item 1 of theResult, " - ")
		move ((path to trash & theFile) as string) to (path to desktop)
		set isdone to false
	end if
	if theResult ? false then
		set isdone to false
		set pretime to current date
		if (theResult as string) contains {"1 Pass Random"} then
			do shell script "srm -rs " & (POSIX path of (path to trash)) & ("*")
			tell application "Finder" to empty trash
			set isdone to true
		end if
		if (theResult as string) contains {"DOD Spec"} then
			-- overwrite the file with 7 US DoD compliant passes  (0xF6,  0x00, 0xFF, random, 0x00, 0xFF, random)
			do shell script "srm -rm " & (POSIX path of (path to trash)) & ("*")
			tell application "Finder" to empty trash
			--Slower then -s (simple)
			set isdone to true
		end if
		if (theResult as string) contains {"35 Pass Gutmann algorithm"} then
			-- the 35-pass Gutmann algorithm is used
			do shell script "srm -r " & (POSIX path of (path to trash)) & ("*")
			tell application "Finder" to empty trash
			--Very slow, but more secure
			set isdone to true
		end if
		if isdone is true then
			activate
			set et to ((current date) - pretime)
			set clonet to et
			if et = 0 then
				set et to 1
			end if
			set et to ConvertTimeToString(et)
			set tftw to (path to documents folder) & "TrashData.txt" as string
			set ref_num to open for access file tftw with write permission
			set theof to get eof ref_num
			write "Files Deleted on " & ((current date) as string) & return to ref_num starting at theof
			write my ListToString(temp1, return) to ref_num
			write "Stats: " & amount & " deleted in " & et & " (" & FormatSize(thesizebytes div clonet) & " /sec) using the " & (theResult as string) & " method" to ref_num
			write "

 " to ref_num
			--write (ASCII character 10) to ref_num
			close access ref_num
			display dialog "Secure Delete Complete" & return & amount & " deleted in " & et & return & "(" & FormatSize(thesizebytes div clonet) & " /sec)" giving up after 5
		end if
		if isdone is false then
			tell application "Finder" to empty trash
			set isdone to true
		end if
	end if
end run
on ConvertTimeToString(inTime)
	-- break the time up into hours, minutes, and seconds
	set timeVal to inTime
	set numHours to (timeVal div hours)
	set timeVal to timeVal - (numHours * hours)
	set numMinutes to (timeVal div minutes)
	set numSeconds to timeVal - (numMinutes * minutes)
	
	-- now put together the string in the proper format adding preceding zeros if necessary
	set timeStr to "" as string
	-- hours
	if (numHours < 10) then set timeStr to "0"
	set timeStr to (timeStr & numHours)
	-- minutes
	set timeStr to (timeStr & ":")
	if (numMinutes < 10) then set timeStr to (timeStr & "0")
	set timeStr to (timeStr & numMinutes)
	-- seconds
	set timeStr to (timeStr & ":")
	if (numSeconds < 10) then set timeStr to (timeStr & "0")
	set timeStr to (timeStr & numSeconds)
	
	return (timeStr as string)
end ConvertTimeToString
on FilterList(theList)
	set filteredlist to {} -- Holds the files that with "." 
	-- Build the list of files 
	repeat with theFile in theList
		set olddelim to AppleScript's text item delimiters
		set AppleScript's text item delimiters to " - "
		set theName to every text item of theFile as string
		try
			set theName to text item 2 of theFile
			if (theName begins with ".") then
				set end of filteredlist to theName as string
			end if
		end try
		set AppleScript's text item delimiters to olddelim
	end repeat
	return filteredlist
end FilterList
on FormatSize(the_size)
	set base_file_size to 1024
	set the_size to (the_size * 1024)
	if the_size > (base_file_size ^ 4) then
		set {div_1, the_unit} to {(base_file_size ^ 4), "TB"}
	else if the_size is greater than or equal to (base_file_size ^ 3) then
		set {div_1, the_unit} to {(base_file_size ^ 3), "GB"}
	else if the_size is greater than or equal to (base_file_size ^ 2) then
		set {div_1, the_unit} to {(base_file_size ^ 2), "MB"}
	else if the_size is greater than or equal to base_file_size then
		set {div_1, the_unit} to {base_file_size, "KB"}
	else
		set {div_1, the_unit} to {1, "B"}
	end if
	set the_size to (((the_size div div_1) & "." & ((the_size mod div_1) div (div_1 / 10)) as string) as real) as string
	if the_size ends with ".0" then set the_size to (text 1 thru -3 of the_size)
	return (the_size & " " & the_unit)
end FormatSize
(*
on FormatSize(thesize)
	display dialog thesize
	if (thesize > 1024) then
		set thesize to thesize / 1024 as string
		set thesizebytes to thesize as string
		set olddelim to AppleScript's text item delimiters
		set AppleScript's text item delimiters to "."
		set thesize to every text item of thesize
		set item 2 of thesize to item 1 of item 2 of thesize
		set thesize to thesize as string
		set AppleScript's text item delimiters to olddelim
		set thesize to thesize & " MB" as string
	else
		set thesize to (thesize as integer) & " KB" as string
	end if
	return thesize
end FormatSize
*)
on GetSize(thePath)
	repeat
		try
			tell application "Finder" to set thesize to ((physical size of thePath) / 1024)
			exit repeat
		on error
			delay 1
		end try
	end repeat
	return thesize
end GetSize

on GetTrashContents(thetrashpath, trashamount)
	set filelist to {}
	-- Get the contents of the trash 
	set thefiles to list folder thetrashpath -- Gets the directory contents of of the folder 
	-- Calculate each file size of thetrashpath 
	repeat with i from 1 to (count of thefiles)
		set theAlias to ((thetrashpath as string) & item i of thefiles) as alias 
			--Make the type of file to an alias 
		set theInfo to info for theAlias --Get the info on the alias 
		set theamount to my GetSize(theAlias)
		set trashamount to trashamount + theamount
		--display dialog theamount as string
		set theamount to my FormatSize(theamount)
		set end of filelist to theamount & " - " & name of theInfo as string
	end repeat
	set end of filelist to space
	return {filelist, trashamount}
end GetTrashContents
on ListToString(theList, delim)
	set oldelim to AppleScript's text item delimiters
	set AppleScript's text item delimiters to delim
	set alist to theList as string
	set AppleScript's text item delimiters to oldelim
	return alist
end ListToString
on stringtolist(theString, delim)
	set oldelim to AppleScript's text item delimiters
	set AppleScript's text item delimiters to delim
	set temp to (every text item of theString)
	set AppleScript's text item delimiters to oldelim
	return temp
end stringtolist


[ Reply to This | # ]
10.4: Secure delete items directly from the Finder
Authored by: KAMiKAZOW on Sep 07, '05 05:16:25AM

Thanks for ruining the page layout with your long script. You are my hero.

(Luckily there's a No Comments option)



[ Reply to This | # ]
Dosn't work at all
Authored by: macubergeek on Sep 07, '05 06:01:35AM

I followed the instructions and the hint dosn't work on my machine. I'm selecting an item in the finder and running the workflow...nothing.



[ Reply to This | # ]
104: Secure delete items directly from the Finder
Authored by: LeeH on Sep 07, '05 12:03:00PM

Great idea. I wanted to get rid of the (at least to me) annoying warning dialog box. So I downloaded the workflow from the site posted by Arlo (http://www.automatorworld.com/2005/09/06/secure-delete/) which eliminated the Get selected items step and then eliminated the warning step and saved as a Finder plug-in.

It did not work! After playing around for awhile, I did get it to work but had to change the script slightly -- so the following is for anyone else that wants to eliminate all steps except secure delete (i.e. no warnings, you have already selected the items to be deleted and just want the job done)

Open Automator and you have a blank workflow space. As indicated in the original hint, choose the Automator Library item again, and drag the Run Shell Script action to the bottom of the work area. Make sure that the Shell variable is set to /bin/sh, and change the Pass Input pop-up to as arguments.

When you change the Library item to arguments, you will get a script as follows:

for f in "$@"
do
echo "$f"
done

Simply change echo to srm -rmf so the script becomes:

for f in "$@"
do
srm -rmf "$f"
done

Save it as a Plug-in to the Finder. All done. The workflow it is stored at User/Library/Workflows/Applications/Finder



[ Reply to This | # ]
104: Secure delete items directly from the Finder
Authored by: strandbygaard on Sep 07, '05 02:54:59PM

Just wanted to add to the "runtime" discussion. Timing the command from the terminal yields the following (tiger, dual 1.8Ghz G5)

mac:/Users/Shared martin$ ls -lh test.zip
-rw-r--r-- 1 martin wheel 21M Sep 7 20:45 test.zip
mac:/Users/Shared martin$ time srm -fmr test.zip

real 0m4.145s
user 0m0.048s
sys 0m0.713s

Hence neither the srm command nor using the 7-pass option seems to be causing the hold up (well, I don't experience any notiable run time using the automator workflow).

regards



[ Reply to This | # ]
104: Secure delete items directly from the Finder
Authored by: sjk on Sep 12, '05 07:43:07PM
FYI: The Secure Delete Hoax

And from the NOTE section of the srm man page:

The -s option overrides the -m option, if both are present. If neither is specified, the 35-pass Gutmann algorithm is used.

[ Reply to This | # ]
104: Secure delete items directly from the Finder
Authored by: thecloud on Sep 13, '05 04:35:03AM
That Rixstep article is classic FUD: "Everyone else is doing secure delete the wrong way, except us, and we'll sell you our 'fully Gutmann-compliant' solution as part of a $79 tools package." They go on to describe their product, SPX, which sounds exactly like 'srm' (35-pass overwrite, filename randomize/overwrite, caches flushed to disk on each pass, etc.), except that it isn't free or open-source like 'srm'. They're correct that there are a lot of snake-oil products out there which use buzzwords like 'DoD standard' to sell their security, but this point would be more credible if they weren't flogging their own buzzword-laden hypeware.

Gutmann himself has written an epilogue to his original 1996 paper, which calls out this kind of fanatical 35-pass overwrite worship as "voodoo." He basically says that the 35-pass technique is no longer necessary for modern high-density drives -- a few passes with random data now does just as well.

[ Reply to This | # ]
Rixstep FUD
Authored by: sjk on Sep 15, '05 02:21:49PM

Yep, that article looks even more FUDiculous in light of Gutmann's epilogue (thanks for the reference to that, btw) and srm being bundled with OS X.



[ Reply to This | # ]