If it won't be simple, it simply won't be. [Hire me, source code] by Miki Tebeka, CEO, 353Solutions

Tuesday, July 21, 2009

Two gnupg Wrappers

encrypt


#!/bin/bash

# Encrypt input using gnupg and shred it
# THIS DELETES THE ORIGINAL FILE

err=0
for file in $@
do
if [ $file != ${file/.gpg/} ]; then
echo "$file already encrypted"
continue
fi
if [ -d $file ]; then
fname=$file.tar.bz2
tar -cjf $fname $file
find $file -type f -exec shred -u {} \;
rm -r $file
elif [ -f $file ]; then
fname=$file
else
echo "ERROR: Unknown file type $file"
err=1
continue
fi

gpg -r miki -e $fname
if [ $? -ne 0 ]; then
echo "ERROR: can't encrypt"
err=1
continue
fi

shred -u $fname
if [ $? -ne 0 ]; then
echo "ERROR: can't shred"
err=1
continue
fi
done

exit $err



decrypt


#!/bin/bash

# Decrypt a file encrypted with gpg


# Check command line
if [ $# -lt 1 ]; then
echo "usage: `basename $0` FILE[s]"
exit 1
fi

err=0
for file in $@
do
if [ ! -f $file ]; then
echo "$file: Not found"
err=1
continue
fi

# Output to current directory
bfile=`basename $file`
ext=`echo $file | sed -e 's/.*\.\([!.]*\)/\1/'`
if [ "$ext" != "gpg" ] && [ "$ext" != "pgp" ]; then
echo "Cowardly refusing to decrypt a file without gpg/pgp extension"
err=1
continue
fi

outfile=${bfile%.$ext}

echo $file '->' $outfile
gpg -d -o $outfile $file
if [ $? -ne 0 ]; then
echo "error decrypting $file"
err=1
fi
done

exit $err

2 comments:

Anonymous said...

rm -r should be shred too ?

laddek

Miki Tebeka said...

"shred" works only on files, so after shredding all the files (and I fixed a small bug there - thanks), "rm" just removes the empty directories left.

Blog Archive