https://github.com/secure-rm/core
When you delete a file using the rm
command or fs.unlink
in node, it only remove direct pointers to the data disk sectors and make the data recovery possible with common software tools.
Permanent data erasure goes beyond basic file deletion commands, which:
- Allow for selection of a specific standard, based on unique needs, and
- Verify the overwriting method has been successful and removed data across the entire device.
To install this package, just run: (Node and npm required)
npm install secure-rm
Looking for a command line interface? See: secure-rm-cli
Secure-rm will retry 3 times if an error occur to ensure the task succeeded.
If you want your application to delete specific files with a pass of cryptographically strong pseudo-random data, use one of these code snippets:
const srm = require('secure-rm')
srm('./folder/*.js', (err, path) => {
if (err) throw err
console.log(`Successfully removed ${path} !`)
})
const srm = require('secure-rm')
srm('./folder/*.js')
.then((path) => console.log(`Successfully removed ${path} !`))
.catch((err) => {throw err})
rm(path[, options] [, callback])
path
<String> :- an absolute path (e.g.
D:\data
,/d/data
); - a relative path (e.g.
./data/file.js
,../../data
); - a glob pattern (e.g.
./*.js
,./**/*
,@(pattern|pat*|pat?erN)
).
- an absolute path (e.g.
options
<Object> (optional) :standard
<String> : ID of the standard (default: 'secure');customStandard
<Function> : your own standard to remove a file (if specified, priority overstandard
);maxBusyTries
<Number> : number of retries if an error occur;disableGlob
<Boolean> : allow or not file globbing (default: true).
callback
<Function> (if missing, return a promise):- returns
err
<Error> when finished.
- returns
const options = {
standard: 'gutmann',
maxBusyTries: 5,
disableGlob: true
}
srm('./data/file*.js', options, (err, path) => {
if (err) throw err
console.log(`Successfully removed ${path} !`)
})
const options = {
customStandard: new srm.UnlinkStandard({
method: function (file, callback) {
srm.write.init(file)
.then(({ fileSize, file }) => srm.write.zeroes(file, fileSize))
.then(({ fileSize, file }) => srm.write.ones(file, fileSize))
.then(({ fileSize, file }) => srm.write.random(file, fileSize))
.then(({ file }) => srm.write.unlink(file))
.then(() => callback())
.catch((err) => callback(err))
})
}
srm('./*', options)
.then((path) => console.log(`Successfully removed ${path} !`))
.catch((err) => {throw err})
If you want to make your own cutom standard, see write.js file for more details.
When running, secure-rm emits events to let you know the progression of the deletion.
You can indeed intercept error and ending events for each file.
srm.event.on('start', (file) => console.log('Starting ' + file))
srm.event.on('unlink', (file) => console.log('Unlinking ' + file))
srm.event.on('done', (file) => console.log('Done ' + file))
srm.event.on('info', (file, info) => console.log('Info ' + info + file))
srm.event.on('warn', (file, err) => console.log('Warning ' + err + file))
srm.event.on('error', (file, err) => console.log('Error ' + err + file))
When you import the library, you can do this in two different ways:
const srm = require('secure-rm')
And then get the properties:
srm.event
srm.write
srm.validIDs
...
Or you can import each property:
import srm, { event, write, standard, validIDs, UnlinkStandard } from 'secure-rm'
// Or
const { event, write, standards, validIDs, UnlinkStandard } = require('secure-rm')
It is structured as follows:
srm
<Function> :
The main function, as described above.
event
<events.EventEmitter> : event object to follow the process, as described above;write
Object<Function> : the object containing writing funtions, see write.js;standard
Object<UnlinkStandard> : the object containing the standards;validIDs
Array<String> : array containing valid text IDs of standards;UnlinkStandard
<UnlinkStandard> : the class to create new standards.
ID | Name | Passes | Description |
---|---|---|---|
randomData | Pseudorandom data | 1 | Also kwown as "Australian Information Security Manual Standard ISM 6.2.92" and "New Zealand Information and Communications Technology Standard NZSIT 402" Your data is overwritten with cryptographically strong pseudo-random data. (The data is indistinguishable from random noise.) |
randomByte | Pseudorandom byte | 1 | Overwriting with a random byte. |
zeroes | Zeroes | 1 | Overwriting with zeroes. |
ones | Ones | 1 | Overwriting with ones. |
secure | Secure-rm standard | 3 | Pass 1: Overwriting with random data; Pass 2: Renaming the file with random data; Pass 3: Truncating between 25% and 75% of the file. |
GOST_R50739-95 | Russian State Standard GOST R 50739-95 | 2 | Pass 1: Overwriting with zeroes; Pass 2: Overwriting with random data. |
HMG_IS5 | British HMG Infosec Standard 5 | 3 | Also known as "Air Force System Security Instructions AFSSI-5020", "Standard of the American Department of Defense (DoD 5220.22 M)" "National Computer Security Center NCSC-TG-025 Standard" and "Navy Staff Office Publication NAVSO P-5239-26" Pass 1: Overwriting with zeroes; Pass 2: Overwriting with ones; Pass 3: Overwriting with random data as well as verifying the writing of this data. |
AR380-19 | US Army AR380-19 | 3 | Pass 1: Overwriting with random data; Pass 2: Overwriting with a random byte; Pass 3: Overwriting with the complement of the 2nd pass, and verifying the writing. |
VSITR | Standard of the Federal Office for Information Security (BSI-VSITR) | 7 | Also known as "Royal Canadian Mounted Police TSSIT OPS-II" Pass 1: Overwriting with zeroes; Pass 2: Overwriting with ones; Pass 3-6: Same as 1-2; Pass 7: Overwriting with a random data as well as review the writing of this character. |
schneier | Bruce Schneier Algorithm | 7 | Pass 1: Overwriting with zeros; Pass 2: Overwriting with ones; Pass 3-7: Overwriting with random data. |
pfitzner | Pfitzner Method | 33 | Pass 1-33: Overwriting with random data. |
gutmann | Peter Gutmann Algorithm | 35 | Pass 1-4: Overwriting with random data; Pass 5: Overwriting with 0x55; Pass 6: Overwriting with 0xAA; Pass 7-9: Overwriting with 0x92 0x49 0x24, then cycling through the bytes; Pass 10-25: Overwriting with 0x00, incremented by 1 at each pass, until 0xFF; Pass 26-28: Same as 7-9; Pass 29-31: Overwriting with 0x6D 0xB6 0xDB, then cycling through the bytes; Pass 32-35: Overwriting with random data. |
Note: Node ensures that the file is correctly written, checking the writing in these algorithms is unnecessary. (Report this if I'm wrong)
Should works on OS X, Linux (almost, see below), and Windows. (See build status)
secure-rm will only work on file systems that overwrite blocks in place.
List of known file systems that will not work:
- ext3
- ext4
- AthFS – AtheOS
- OneFS
- ssd's at large
- reiserfs
- ...
- especially on the vast majority of journaled file systems.
Don't worry, you've just submited too much file for Node. The tool will retry 3 times to ensure the task succeeded. While you don't get an error, the tool can handle this issue.
If you really need to delete millions of file in one time, split the task (e.g. ./your_folder/a* then ./your_folder/b* ...).
Be sure to use ".\path\file"
with doublequotes since back-slashes will always be interpreted as escape characters, not path separators.
Another solution is to double the back-slashes like: .\\path\\file
Or if you can, use forward slashes!
See the changelog or releases.
- Implement more tests
- Support of 64bit files
This project is under MIT License.