Easy encryption and decryption of directories with GPG

May 21, '03 09:16:00AM

Contributed by: Anonymous

I was looking for a way of encrypting a directory using GPG. I tried writing an AppleScript, but found it impossible to get a password into the script (anybody know how to do this?). So I ended up writing a shell script.

These scripts encrypt and decrypt a "crypt" directory in the user's home directory. At the same time, each script copies an alias onto the desktop to perform the reverse operation. So encrypt.sh encrypts the crypt directory and copies an alias to decrypt.sh to the desktop.

A pre-requisite for these scripts to work is an installation of gpg, the Gnu Privacy Guard.

I have set the icons on these aliases to be some sort of warning colour. If the alias is a green parrot (I used these icons from Adam Betts at Xicons.com) and says decrypt, it means that the crypt directory is currently encrypted. 

[robg adds: I have not tested these scripts, and the author admits they aren't really fully documented. If someone wants to try them, please post your results. Read the rest of the hint for the scripts.]

In the scripts, I move the aliases rather than copying them because copying then (with cp) seems to loose the icons (again anybody know how keep the icons using a shell copy command?). I used the gpg -c symmetric encryption which doesn't use keys to encrypt the file, rather it uses a pass phrase.

encrypt.sh

#!/bin/sh
#
# Encrypt the crypt directory
#

cd ~
NAME=crypt.tar.gpg.`date+%y%m%d%s`.bak

if test -f ./crypt.tar.gpg
then 
  cp ./crypt.tar.gpg ./LocalBackup/$NAME
  rm ./crypt.tar.gpg
fi

test -d ./crypt

if [ "$?" -ne "0" ];
then
  echo "No crypt directory to Encrypt... quitting"
  exit 1
fi

gnutar -c -f ./crypt.tar ./crypt/
gpg  -c ./crypt.tar

if [ "$?" -ne "0" ];
then
  rm ./crypt.tar
  echo "Error encrypting Archieve... quitting"
  exit 1
fi

rm ./crypt.tar
rm -r ./crypt

if test -f ~/Desktop/encrypt
then
  mv ~/Desktop/encrypt /Applications/AdminTools/EncryptionScripts/encrypt  
fi

mv /Applications/AdminTools/EncryptionScripts/decrypt ~/Desktop/decrypt
decrypt.sh
#!/bin/sh
#
# Decrypt the crypt directory
#

cd  ~ 
gpg --decrypt ./crypt.tar.gpg > ./crypt.tar 

if [ "$?" -ne "0" ]; then
  echo "Unable to decrypt Archieve... quitting"
  exit 1
fi

if test -d ./crypt
then
  mv crypt DELETE_ME_cryptBak
fi

gnutar xf crypt.tar

if [ "$?" -ne "0" ]; then
  echo "Unable to un tar Archieve... quitting"
  exit 1
fi

NAME=crypt.tar.gpg.`date+%y%m%d%s`.bak
if test -f ./crypt.tar.gpg
then
  cp ./crypt.tar.gpg ./LocalBackup/$NAME
  if [ "$?" -ne "0" ]; then
    echo "Unable to un tar Archieve... quitting"
    exit 1
  fi 
  rm ./crypt.tar.gpg
fi

rm ./crypt.tar

if test -f ~/Desktop/decrypt 
then
  mv ~/Desktop/decrypt  /Applications/AdminTools/EncryptionScripts/decrypt     
fi

mv /Applications/AdminTools/EncryptionScripts/encrypt ~/Desktop/encrypt

exit
To use the scripts, you will obviously have to set up the directory structure that they require. This is basically: A backup directory, the scripts directory and aliases for the scripts. This may be a poorly documented hint, but I find this automation really useful and thought I would share it.

Comments (15)


Mac OS X Hints
http://hints.macworld.com/article.php?story=20030518144010258