nickstenning · July 13, 2012 11:19
diff --git a/gpgedit b/gpgedit
 #!/bin/sh

 #
 # gpgedit: edit an encrypted file with an associated list of recipients
 #
 #     $ gpgedit secrets.gpg
 #
 # gpgedit needs the companion file "secrets.rcp" to exist, and contains a list
 # of intended recipients, one per line. The recipient file can contain end-of-
 # line comments, starting with the "#" character.
 #
 # If you don't have the public keys for one or more intended recipients in
 # your keyring, this script will throw an error and abort early.
 #
 # Example contents of secrets.rcp:
 #
 #     $ cat >secrets.rcp <<EOM
 #     [email protected]  # John Doe
 #     [email protected]
 #     # Our cat:
 #     [email protected]
 #     EOM
 #

 set -eEu

 status () {
  echo "---> $@" >&2
 }

 error () {
  echo "ERROR: $@" >&2
 }

 if [ "$#" != "1" ]; then
  echo "Usage: gpgedit <filename.gpg>" >&2
  exit 1
 fi

 ENCFILE="$1"
 DECFILE="${ENCFILE%.gpg}"

 if [ "$ENCFILE" = "$DECFILE" ]; then
  error "filename must have .gpg extension"
  exit 1
 fi

 RCPFILE="$DECFILE.rcp"

 if [ ! -f "$RCPFILE" ]; then
  error "expecting a list of recipients, one per line, in $RCPFILE"
  exit 1
 fi

 RCPS=$(<"$RCPFILE" cut -d"#" -f1 | grep -v '^\s*$')

 MISSING_KEYS=""
 while read line; do
  if ! gpg --list-public-keys "${line}" >/dev/null 2>&1; then
    error "you don't have a public key for recipient '$line' in your GPG keyring."
    MISSING_KEYS="${MISSING_KEYS} '${line}'"
  fi
 done <<EOM
  $RCPS
 EOM

 if [ -n "$MISSING_KEYS" ]; then
  error "Try running the following to fetch the missing keys from a keyserver:"
  error "    gpg --fetch-keys${MISSING_KEYS}"
  exit 1
 fi

 cleanup () {
  rm -f "$DECFILE"
 }
 trap cleanup EXIT

 if [ -f "$ENCFILE" ]; then
  status "Decrypting file"
  gpg --decrypt <"$ENCFILE" >"$DECFILE"
 else
  status "Creating new file"
 fi

 $EDITOR "$DECFILE"

 RCPARGS="$(echo "$RCPS" | while read line; do
             echo "-r '${line}'"
           done | xargs)"

 status "Encrypting file"

 if gpg --armor --encrypt --no-use-agent --sign $RCPARGS <"$DECFILE" >"${ENCFILE}.tmp"; then
  mv "${ENCFILE}.tmp" "$ENCFILE"
  status "Successfully encrypted file"
 else
  rm -f "${ENCFILE}.tmp"
  error "failed to encrypt file! Not overwriting original..."
  status "Deleting unencrypted file, printing contents to STDERR so they're not lost:"
  cat "$DECFILE" >&2
  exit 1
 fi
	#!/bin/sh

	#
	# gpgedit: edit an encrypted file with an associated list of recipients
	#
	# $ gpgedit secrets.gpg
	#
	# gpgedit needs the companion file "secrets.rcp" to exist, and contains a list
	# of intended recipients, one per line. The recipient file can contain end-of-
	# line comments, starting with the "#" character.
	#
	# If you don't have the public keys for one or more intended recipients in
	# your keyring, this script will throw an error and abort early.
	#
	# Example contents of secrets.rcp:
	#
	# $ cat >secrets.rcp <<EOM
	# [email protected] # John Doe
	# [email protected]
	# # Our cat:
	# [email protected]
	# EOM
	#

	set -eEu

	status () {
	echo "---> $@" >&2
	}

	error () {
	echo "ERROR: $@" >&2
	}

	if [ "$#" != "1" ]; then
	echo "Usage: gpgedit <filename.gpg>" >&2
	exit 1
	fi

	ENCFILE="$1"
	DECFILE="${ENCFILE%.gpg}"

	if [ "$ENCFILE" = "$DECFILE" ]; then
	error "filename must have .gpg extension"
	exit 1
	fi

	RCPFILE="$DECFILE.rcp"

	if [ ! -f "$RCPFILE" ]; then
	error "expecting a list of recipients, one per line, in $RCPFILE"
	exit 1
	fi

	RCPS=$(<"$RCPFILE" cut -d"#" -f1 \| grep -v '^\s*$')

	MISSING_KEYS=""
	while read line; do
	if ! gpg --list-public-keys "${line}" >/dev/null 2>&1; then
	error "you don't have a public key for recipient '$line' in your GPG keyring."
	MISSING_KEYS="${MISSING_KEYS} '${line}'"
	fi
	done <<EOM
	$RCPS
	EOM

	if [ -n "$MISSING_KEYS" ]; then
	error "Try running the following to fetch the missing keys from a keyserver:"
	error " gpg --fetch-keys${MISSING_KEYS}"
	exit 1
	fi

	cleanup () {
	rm -f "$DECFILE"
	}
	trap cleanup EXIT

	if [ -f "$ENCFILE" ]; then
	status "Decrypting file"
	gpg --decrypt <"$ENCFILE" >"$DECFILE"
	else
	status "Creating new file"
	fi

	$EDITOR "$DECFILE"

	RCPARGS="$(echo "$RCPS" \| while read line; do
	echo "-r '${line}'"
	done \| xargs)"

	status "Encrypting file"

	if gpg --armor --encrypt --no-use-agent --sign $RCPARGS <"$DECFILE" >"${ENCFILE}.tmp"; then
	mv "${ENCFILE}.tmp" "$ENCFILE"
	status "Successfully encrypted file"
	else
	rm -f "${ENCFILE}.tmp"
	error "failed to encrypt file! Not overwriting original..."
	status "Deleting unencrypted file, printing contents to STDERR so they're not lost:"
	cat "$DECFILE" >&2
	exit 1
	fi