Hey,
Yeah, I chatted up the OP on this and would be relatively straightforward to implement in linux, may take some extra steps in Windows (and be easier if it doesn't involve using the integrated recycle bin system). The general process boils down to this:
Generate a random AES 256 key using urand or similar high entropy source.
Encrypt the file to the recycle bin using the AES key
Encrypt the AES key using a public/private key pair scheme
Securely delete the source file from it's original source destination.
To restore from the recycle bin you decrypt the AES key with the private key and decrypt the file.
You could store other meta information along with it like where the file should be restored, expiration time for automated cleaning of the recycle bin, etc.
To implement this to maximum security you'd only ever install the public key on the target system and then maintain the private key off system on a hardware storage device such as a smart-card, usb stick, etc. Less secure but more usable would be to use a soft-cert that is password/pin protected and if you wanted to get really fancy you could figure out a way to unlock the private key using a MFA solution like Authy or DUO security. However a password protected private key on a thumb drive isn't too tedious to use and turns restoring stuff from your recycle bin into a MFA endeavor.
- Cheese
