Blog 2019/4/29
<- previous | index | next ->
Just a couple of simple wrappers around gpg.
Last active
May 4, 2020 09:29
-
-
Save cellularmitosis/613020af77ffc9a50fb3dc2162da98c2 to your computer and use it in GitHub Desktop.
encrypt.sh and decrypt.sh
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| set -e -o pipefail | |
| # By default, gpg-agent will cache any passphrase that you enter. | |
| # This means that if you decrypt a file once, you can then decrypt it | |
| # a second time without being prompted for a passphrase. Yikes! | |
| # Unfortunately, there doesn't seem to be a way to disable passphrase | |
| # caching on a per-invocation basis -- you must use a config file. | |
| # Here, we refuse to run if the user hasn't disabled passphrase caching, to | |
| # protect newbs. Savvy users who desire passphrase caching will edit this | |
| # script. | |
| if [ ! -e "${HOME}/.gnupg/gpg-agent.conf" ] | |
| then | |
| echo "default-cache-ttl 0" > "${HOME}/.gnupg/gpg-agent.conf" | |
| fi | |
| if grep --silent --invert-match "default-cache-ttl 0" "${HOME}/.gnupg/gpg-agent.conf" | |
| then | |
| echo "ERROR: gpg-agent passphrase caching hasn't been disabled, refusing to run!" | |
| fi | |
| nice gpg --use-embedded-filename "${1}" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| set -e -o pipefail | |
| # By default, gpg-agent will cache any passphrase that you enter. | |
| # This means that if you decrypt a file once, you can then decrypt it | |
| # a second time without being prompted for a passphrase. Yikes! | |
| # Unfortunately, there doesn't seem to be a way to disable passphrase | |
| # caching on a per-invocation basis -- you must use a config file. | |
| # Here, we refuse to run if the user hasn't disabled passphrase caching, to | |
| # protect newbs. Savvy users who desire passphrase caching will edit this | |
| # script. | |
| if [ ! -e "${HOME}/.gnupg/gpg-agent.conf" ] | |
| then | |
| echo "default-cache-ttl 0" > "${HOME}/.gnupg/gpg-agent.conf" | |
| fi | |
| if grep --silent --invert-match "default-cache-ttl 0" "${HOME}/.gnupg/gpg-agent.conf" | |
| then | |
| echo "ERROR: gpg-agent passphrase caching hasn't been disabled, refusing to run!" | |
| fi | |
| nice gpg --symmetric --cipher-algo AES256 "${1}" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment