Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Easier encryption and decryption of files and folders' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Easier encryption and decryption of files and folders
Authored by: bitwiseshiftleft on May 22, '03 03:52:35AM

The article is bloated. Use pipelines, it's trivial.

in .bashrc:
function encfold() {
tar -czf - $* | gpg --encrypt
}

function decfold() {
gpg --decrypt $1 | tar -xzf -
}

then you just have to
$ encfold foo bar baz > encrypted.tgg
(tgg = ad-hoc contraction for .tar.gz.gpg; tgz.gpg or just .gpg might be better)

and to decrypt,
$ decfold encrypted.tgg

No temp files, no errors except those provided by the utils, no nothing.



[ Reply to This | # ]
Easier encryption and decryption of files and folders
Authored by: bitwiseshiftleft on May 22, '03 04:03:54AM

oh, hmmm. it seems he deletes the folder too... but I would argue that this is not optimal (although one could add a simple && rm -r $* to my script). What one should do rather, if one wants to delete them at all, is overwrite them (n times with specific data if you're really paranoid) and then rm them. The wipe command in PGP does this, or you can write a simple shell/perl script or c program to do it. Heck, you can do it with find, a for loop, and dd.

I actually have a tar+gpg option in my standard backup script for stuff like email and chat logs, although it works rather differently due to modularity and slightly different goals. I'm not worried about my hard disk being compromised, but rather about the rather personal info which would be on the backup cd.



[ Reply to This | # ]
Easier encryption and decryption of files and folders
Authored by: amacaulay on Jul 17, '03 02:29:03AM

or use rm -P

"-P Overwrite regular files before deleting them. Files are
overwritten three times, first with the byte pattern 0xff,
then 0x00, and then 0xff again, before they are deleted."



[ Reply to This | # ]
One more caveat...
Authored by: bitwiseshiftleft on May 22, '03 04:13:15AM

Neither the script given nor mine preserve metadata. If you want to preserve ownership and stuff (doesn't matter for me because it's UNIX text files I own, but it could for you), add a p to the tar options (of course, you have to decrypt as root for this to make a difference anyway...). If you want to preserve resource forks and HFS+ metadata, you'll have to use hfspax or the like.

Also note that you can't "just use PGP's encryption" as another poster suggested, because PGP encrypts files in place. IE, if you run PGP on a folder with 50 text files in it, you'll get a folder with 50 text files and 50 pgp files. So you'd have to stuff it or something first.



[ Reply to This | # ]
One more caveat...
Authored by: foobar104 on May 22, '03 04:34:09AM

I'd hardly go so far as to suggest that the necessity to turn many files into a single file (with Stuffit or what have you) means one cannot use PGP. In point of fact, stuffing or zipping a collection of files and then encrypting the resulting archive is quite easy to do, and very effective. Far more so, I dare say, than twiddling with dodgy UNIX shell scripts. After all, with the free Stuffit product and the free PGP product, the process is a simple matter of two drag-and-drop operations. A breeze, and absolutely foolproof.



[ Reply to This | # ]
I disagree...
Authored by: bitwiseshiftleft on May 22, '03 02:35:30PM

Um. DropStuff isn't free (well, it effectively is, but you ARE supposed to pay for it).

And for what I'm doing, that shell function (mine is not a script) is pretty much fool-proof. It's also faster because (1) tgz is faster than DropStuff, (2) CLI apps generally load faster than GUI apps, (3) no DropStuff registration to click through, (4) as coded there, it assumes encryption to the default key, which is what I want to do, and (5) DropStuff and PGP are not in my dock.

I like UNIX, I'm comfortable with the shell. And furthermore, I work with UNIX and Linux boxes a lot, and it's nice to have my files in a format they can understand.

The only files it would fail on for me are finder icons and aliases, and I don't care so much about those anyway (I use symlinks more). They're certainly unimportant on a backup disc.



[ Reply to This | # ]
I disagree...
Authored by: foobar104 on May 22, '03 03:09:44PM
And for what I'm doing, that shell function (mine is not a script) is pretty much fool-proof.

I mean no offense, but "pretty much fool-proof" is just like "a little bit pregnant."

It's also faster

That's hardly significant, even if true. We're talking about taking a two-second operation and turning it into a 1.75-second operation.

I like UNIX, I'm comfortable with the shell. And furthermore, I work with UNIX and Linux boxes a lot, and it's nice to have my files in a format they can understand.

That's fine, but that pretty much moves this particular item out of the realm of a Mac OS X hint and makes it a UNIX hint. Most of the people who use Mac OS X are Mac users, not UNIX users, and your suggestion would not be appropriate for them.

[ Reply to This | # ]

I disagree...
Authored by: amacaulay on Jul 17, '03 02:36:51AM

Not wanting to perpetuate an argument, but the hint is in the Unix section of the site.

As a Mac user of many years and occasional Unix user, the foundation of MacOS X on BSD gave me the best of both worlds at a point where I didn't have the time to learn to install and maintain Linux but did need regular access to a Unix command line.

Sorry to go off topic, but I would hate Hinters to be put off submitting hints that I find both useful and interesting.



[ Reply to This | # ]