GSP
Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages


Manual Reference Pages  -  GPGDIR (1)

NAME

gpgdir - recursive directory encryption with GnuPG

CONTENTS

Synopsis
Description
Options
Files
Environment
Examples
Dependencies
Author
Contributors
Bugs
Distribution

SYNOPSIS

gpgdir -e|-d <directory> [options]

DESCRIPTION

gpgdir is a perl script that uses the CPAN GnuPG::Interface perl module to recursively encrypt and decrypt directories using gpg. gpgdir recursively descends through a directory in order to make sure it encrypts or decrypts every file in a directory and all of its subdirectories. By default the mtime and atime values of all files will be preserved upon encryption and decryption (this can be disabled with the --no-preserve-times option). Note that in --encrypt mode, gpgdir will delete the original files that it successfully encrypts (unless the --no-delete option is given). However, upon startup gpgdir first asks for a the decryption password to be sure that a dummy file can successfully be encrypted and decrypted. The initial test can be disabled with the --skip-test option so that a directory can easily be encrypted without having to also specify a password (this is consistent with gpg behavior). Also, note that gpgdir is careful not encrypt hidden files and directories. After all, you probably don’t want your ~/.gnupg directory or ~/.bashrc file to be encrypted. The key gpgdir uses to encrypt/decrypt a directory is specified in ~/.gpgdirrc.

Finally, gpgdir can use the wipe program with the --Wipe command line option to securely delete the original unencrypted files after they have been successfully encrypted. This elevates the security stance of gpgdir since it is more difficult to recover the unencrypted data associated with files from the filesystem after they are encrypted (unlink() does not erase data blocks even though a file is removed).

OPTIONS

-e, --encrypt lt;directory>
  Recursively encrypt all files in the directory specified on the command line. All original files will be deleted (a password check is performed first to make sure that the correct password to unlock the private GnuPG key is known to the user).
-d, --decrypt lt;directory>
  Recursively decrypt all files in the directory specified on the command line. The encrypted .gpg version of each file will be deleted.
--sign lt;directory>
  Recursively sign all files in the directory specified on the command line. For each file, a detached .asc signature will be created.
--verify lt;directory>
  Recursively verify all .asc signatures for files in the directory specified on the command line.
-g, --gnupg-dir lt;directory>
  Specify which .gnupg directory will be used to find GnuPG keys. The default is ~/.gnupg if this option is not used. This option allows gpgdir to be run as one user but use the keys of another user (assuming permissions are setup correctly, etc.).
-p, --pw-file lt;pw-file>
  Read decryption password from pw-file instead of typing it on the command line.
-t, --test-mode
  Run an encryption and decryption test against a dummy file and exit. This test is always run by default in both --encrypt and --decrypt mode.
-S, --Symmetric
  Instruct gpgdir to encrypt to decrypt files using a symmetric cipher supported by GnuPG (CAST5 is commonly used). This results in a significant speed up for the encryption/decryption process.
-T, --Trial-run
  Show what encrypt/decrypt actions would take place without actually doing them. The filesystem is not changed in any way in this mode.
-I, --Interactive
  Prompt the user before actually encrypting or decrypting each file. This is useful to have fine-grained control over gpgdir operations as it recurses through a directory structure.
-F, --Force
  Tell gpgdir to ignore non-fatal error conditions, such as the inability to encrypt or decrypt individual files because of permissions errors.
--Exclude lt;pattern>
  Instruct gpgdir to skip all files that match pattern as a regex match against each filename. This is similar to the --exclude option in the standard GNU tar command.
--Exclude-from lt;file>
  Instruct gpgdir to exclude all files matched by patterns listed in file. This is similar to the --exclude-from the GNU tar command.
--Include lt;pattern>
  Instruct gpgdir to only include files that match pattern as a regex match against each filename.
--Include-from lt;file>
  Instruct gpgdir to only include files matched by patterns listed in file.
-W, --Wipe
  Use the wipe program to securely delete files after they have been successfully encrypted.
-O, --Obfuscate-filename
  Tell gpgdir to obfuscate the file names of files that it encrypts (in -e mode). The names of each file are stored within the file .gpgdir_map_file for every sub-directory, and this file is itself encrypted. In decryption mode (-d), the -O argument reverses the process so that the original files are restored.
--overwrite-encrypted
  Overwrite encrypted files even if a previous <file>.gpg file already exists.
--overwrite-decrypted
  Overwrite decrypted files even if the previous unencrypted file already exists.
-K, --Key-id lt;id>
  Manually specify a GnuPG key ID from the command line. Because GnuPG supports matching keys with a string, id does not strictly have to be a key ID; it can be a string that uniquely matches a key in the GnuPG key ring.
-D, --Default-key
  Use the key that GnuPG defines as the default, i.e. the key that is specified by the default-key variable in ~/.gnupg/options. If the default-key variable is not defined within ~/.gnupg/options, then GnuPG tries to use the first suitable key on its key ring (the initial encrypt/decrypt test makes sure that the user knows the corresponding password for the key).
-a, --agent
  Instruct gpgdir to acquire gpg key password from a running gpg-agent instance.
-A, --Agent-info lt;connection \info>
  Specify the value of the GPG_AGENT_INFO environment variable as returned by the gpg-agent --daemon command. If the gpgdir --agent command line argument is used instead of --Agent-info, then gpgdir assumes that the GPG_AGENT_INFO environment variable has already been set in the current shell.
-s, --skip-test
  Skip encryption and decryption test. This will allow gpgdir to be used to encrypt a directory without specifying a password (which normally gets used in encryption mode to test to make sure decryption against a dummy file works properly).
-q, --quiet
  Print as little as possible to the screen when encrypting or decrypting a directory.
--no-recurse
  Instruct gpgdir to not recurse through any subdirectories of the directory that is being encrypted or decrypted.
--no-password
  Instruct gpgdir to not ask the user for a password. This is only useful when a gpg key literally has no associated password (this is not common).
--no-delete
  Instruct gpgdir to not delete original files at encrypt time.
--no-preservetimes
  Instruct gpgdir to not preserve original file mtime and atime values upon encryption or decryption.
-l, --locale lt;locale>
  Provide a locale setting other than the default "C" locale.
--no-locale
  Do not set the locale at all so that the default system locale will apply.
-v, --verbose
  Run in verbose mode.
-V, --Version
  Print version number and exit.
-h, --help
  Print usage information and exit.

FILES

~/.gpgdirrc
Contains the key id of the user gpg key that will be used to encrypt or decrypt the files within a directory.

ENVIRONMENT

HOME Set the default home directory.
GNUPGBIN Set the gpg binary. Default: "gpg".
GNUPGHOME Set the default working directory for gpg. Default: "~/.gnupg".

EXAMPLES

The following examples illustrate the command line arguments that could be supplied to gpgdir in a few situations:

To encrypt a directory:

$ gpgdir -e /some/dir

To encrypt a directory, and use the wipe command to securely delete the original unencrypted files:

$ gpgdir -W -e /some/dir

To encrypt a directory with the default GnuPG key defined in ~/.gnupg/options:

$ gpgdir -e /some/dir --Default-key

To decrypt a directory with a key specified in ~/.gpgdirrc:

$ gpgdir -d /some/dir

To encrypt a directory but skip all filenames that contain the string "host":

$ gpgdir -e /some/dir --Exclude host

To encrypt a directory but only encrypt those files that contain the string "passwd":

$ gpgdir -e /some/dir --Include passwd

To acquire the GnuPG key password from a running gpg-agent daemon in order to decrypt a directory (this requires that gpg-agent has the password):

$ gpgdir -A /tmp/gpg-H4DBhc/S.gpg-agent:7046:1 -d /some/dir

To encrypt a directory but skip the encryption/decryption test (so you will not be prompted for a decryption password):

$ gpgdir -e /some/dir -s

To encrypt a directory and no subdirectories:

$ gpgdir -e /some/dir --no-recurse

To encrypt root’s home directory, but use the GnuPG keys associated with the user "bob":

# gpgdir -e /root -g /home/bob/.gnupg

DEPENDENCIES

gpgdir requires that gpg, the Gnu Privacy Guard (http://www.gnupg.org) is installed. gpgdir also requires the GnuPG::Interface perl module from CPAN, but it is bundled with gpgdir and is installed in /usr/lib/gpgdir at install-time so it does not pollute the system perl library tree.

SEE ALSO

gpg(1)

AUTHOR

Michael Rash <mbr@cipherdyne.org>

CONTRIBUTORS

Many people who are active in the open source community have contributed to gpgdir; see the CREDITS file in the gpgdir sources.

BUGS

Send bug reports to mbr@cipherdyne.org. Suggestions and/or comments are always welcome as well.

DISTRIBUTION

gpgdir is distributed under the GNU General Public License (GPL), and the latest version may be downloaded from http://www.cipherdyne.org
Search for    or go to Top of page |  Section 1 |  Main Index


Linux GPGDIR (1) May, 2007

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with manServer 1.07.