gpgdo decreases effort of using gpg encrypted files

Project description

Introduction

In brief, gpgdo decreases effort of using gpg encrypted files. Example use-case:

$ gpgdo edit my-text-file.gpg

It is equivalent to doing:

$ gpg -d -o /dev/shm/plain-text my-text-file.gpg
$ edit /dev/shm/plain-text
$ gpg -e -r USER-ID -o my-text-file.gpg /dev/shm/plain-text
$ rm -f /dev/shm/plain-text

gpgdo automates manual decryption and encryption when executing a specific Command that operates on content that is located in encrypted files.

Security of gpgdo relies on at least 3 factors:

security of /dev/shm (which is the security of virtual memory)
file permissions (uses mkstemp() to create a file under /dev/shm)
deleting the plain text file after use

Installation

$ sudo make install

Or,

$ sudo python3 setup.py install

Usage

Run gpgdo --help.

Details

Terminology: Command (with capital C) refers to the executable that gpgdo executes.

gpgdo takes a Command with arguments to run, decrypts its gpg file arguments under /dev/shm, executes the Command for plain text files, and finally re-encrypts modified files. If the Command fails, plain text files are not re-encrypted. The plain text files are removed always.

Argument processing for gpgdo specific option arguments ends at "--". Giving "--" is only necessary if option arguments are given for gpgdo.

gpgdo finds the recipients from decrypted files by the information provided by gpg and automatically uses the same recipients when re-encrypting files.

The given gpg name on command line does not need to exist. In this case, the recipient must be provided with -r USER-ID and "--" must be used to terminate gpgdo argument list:

gpgdo -r USER-ID -- edit non-existing-file.gpg

A plain text file is encrypted to replace the original gpg file only if two conditions hold:

The sha256sum of its content changes
Command returns success

CAVEATS

Only filenames that end with ".gpg" are decrypted.

BUGS

Option arguments with a gpg filename directly attached are not recognized. This does not work:

$ gpgdo Command --argument=foo.gpg

Command will read the encrypted file and most probably fail or do the wrong thing. But this works:

$ gpgdo Command --argument foo.gpg

License

Read LICENSE file.

Authors

Read AUTHORS file.

Project details

Release history Release notifications | RSS feed

This version

1.0.2

Mar 22, 2024

1.0.0

Oct 27, 2020

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

gpgdo-1.0.2.tar.gz (7.5 kB view hashes)

Uploaded Mar 22, 2024 Source

Built Distribution

gpgdo-1.0.2-py3-none-any.whl (9.0 kB view hashes)

Uploaded Mar 22, 2024 Python 3

Hashes for gpgdo-1.0.2.tar.gz

Hashes for gpgdo-1.0.2.tar.gz
Algorithm	Hash digest
SHA256	`ddb642e09e1fc7a72934b7ea3fd4b2c52b418d62abe5b726da420d102fb36115`
MD5	`fc60c8e0d3a6f18c6a4ec07977189184`
BLAKE2b-256	`f38ee95544b7c56b1c1e7883f92b0be433e35cd7a4a54ed0d93104354dfc8b43`

Hashes for gpgdo-1.0.2-py3-none-any.whl

Hashes for gpgdo-1.0.2-py3-none-any.whl
Algorithm	Hash digest
SHA256	`0347b06be94102a5eabb19b945fd6d49f2a5b1b047d9b1aca4fdca757b9d427e`
MD5	`804341c08d56786ecf4ba383c461838a`
BLAKE2b-256	`84fd20759d47d0113d6a93098faedd688872082dda01242f5390393c0b7e12e2`