1GPGDIR(1)                   General Commands Manual                  GPGDIR(1)
2
3
4

NAME

6       gpgdir - recursive directory encryption with GnuPG
7

SYNOPSIS

9       gpgdir -e|-d <directory> [options]
10

DESCRIPTION

12       gpgdir is a perl script that uses the CPAN GnuPG::Interface perl module
13       to recursively encrypt  and  decrypt  directories  using  gpg.   gpgdir
14       recursively  descends  through  a  directory  in  order to make sure it
15       encrypts or decrypts every file in a directory and all of its subdirec‐
16       tories.   By  default  the  mtime and atime values of all files will be
17       preserved upon encryption and decryption (this can be disabled with the
18       --no-preserve-times  option).  Note that in --encrypt mode, gpgdir will
19       delete the original files that it  successfully  encrypts  (unless  the
20       --no-delete  option is given).  However, upon startup gpgdir first asks
21       for a the decryption password to be sure that a dummy file can success‐
22       fully  be  encrypted  and  decrypted.  The initial test can be disabled
23       with the --skip-test option so that a directory can easily be encrypted
24       without  having to also specify a password (this is consistent with gpg
25       behavior).  Also, note that gpgdir is careful not encrypt hidden  files
26       and  directories.   After  all,  you  probably don't want your ~/.gnupg
27       directory or ~/.bashrc file to be encrypted.  The key  gpgdir  uses  to
28       encrypt/decrypt a directory is specified in ~/.gpgdirrc.
29
30       Finally,  gpgdir  can use the wipe program with the --Wipe command line
31       option to securely delete the original  unencrypted  files  after  they
32       have been successfully encrypted.  This elevates the security stance of
33       gpgdir since it is more difficult to recover the unencrypted data asso‐
34       ciated  with  files  from  the  filesystem  after  they  are  encrypted
35       (unlink() does not erase data blocks even though a file is removed).
36
37

OPTIONS

39       -e, --encrypt <directory>
40              Recursively encrypt all files in the directory specified on  the
41              command  line.   All  original files will be deleted (a password
42              check is performed first to make sure that the correct  password
43              to unlock the private GnuPG key is known to the user).
44
45       -d, --decrypt <directory>
46              Recursively  decrypt all files in the directory specified on the
47              command line.  The encrypted .gpg version of each file  will  be
48              deleted.
49
50       --sign <directory>
51              Recursively  sign  all  files  in the directory specified on the
52              command line.  For each file, a detached .asc signature will  be
53              created.
54
55       --verify <directory>
56              Recursively  verify  all .asc signatures for files in the direc‐
57              tory specified on the command line.
58
59       -g, --gnupg-dir <directory>
60              Specify which .gnupg directory will be used to find GnuPG  keys.
61              The default is ~/.gnupg if this option is not used.  This option
62              allows gpgdir to be run as one user but use the keys of  another
63              user (assuming permissions are setup correctly, etc.).
64
65       -p, --pw-file <pw-file>
66              Read  decryption  password  from pw-file instead of typing it on
67              the command line.
68
69       -t, --test-mode
70              Run an encryption and decryption test against a dummy  file  and
71              exit.   This test is always run by default in both --encrypt and
72              --decrypt mode.
73
74       -S, --Symmetric
75              Instruct gpgdir to encrypt to decrypt files  using  a  symmetric
76              cipher  supported  by  GnuPG  (CAST5  is  commonly  used).  This
77              results in a significant speed up for the  encryption/decryption
78              process.
79
80       -T, --Trial-run
81              Show what encrypt/decrypt actions would take place without actu‐
82              ally doing them.  The filesystem is not changed in  any  way  in
83              this mode.
84
85       -I, --Interactive
86              Prompt  the  user  before actually encrypting or decrypting each
87              file.  This is useful to have fine-grained control  over  gpgdir
88              operations as it recurses through a directory structure.
89
90       -F, --Force
91              Tell  gpgdir  to  ignore non-fatal error conditions, such as the
92              inability to encrypt or decrypt individual files because of per‐
93              missions errors.
94
95       --Exclude <pattern>
96              Instruct  gpgdir to skip all files that match pattern as a regex
97              match against each filename.  This is similar to  the  --exclude
98              option in the standard GNU tar command.
99
100       --Exclude-from <file>
101              Instruct  gpgdir to exclude all files matched by patterns listed
102              in file.  This is similar to the --exclude-from the GNU tar com‐
103              mand.
104
105       --Include <pattern>
106              Instruct  gpgdir  to  only include files that match pattern as a
107              regex match against each filename.
108
109       --Include-from <file>
110              Instruct gpgdir to only include files matched by patterns listed
111              in file.
112
113       -W, --Wipe
114              Use  the  wipe  program to securely delete files after they have
115              been successfully encrypted.
116
117       -O, --Obfuscate-filename
118              Tell gpgdir to  obfuscate  the  file  names  of  files  that  it
119              encrypts (in -e mode).  The names of each file are stored within
120              the file .gpgdir_map_file for every sub-directory, and this file
121              is  itself  encrypted.  In decryption mode (-d), the -O argument
122              reverses the process so that the original files are restored.
123
124       --overwrite-encrypted
125              Overwrite encrypted files even if  a  previous  <file>.gpg  file
126              already exists.
127
128       --overwrite-decrypted
129              Overwrite  decrypted files even if the previous unencrypted file
130              already exists.
131
132       -K, --Key-id <id>
133              Manually specify a GnuPG key ID from the command line.   Because
134              GnuPG supports matching keys with a string, id does not strictly
135              have to be a key ID; it can be a string that uniquely matches  a
136              key in the GnuPG key ring.
137
138       -D, --Default-key
139              Use the key that GnuPG defines as the default, i.e. the key that
140              is specified by the default-key  variable  in  ~/.gnupg/options.
141              If    the   default-key   variable   is   not   defined   within
142              ~/.gnupg/options, then GnuPG tries to use the first suitable key
143              on  its  key  ring  (the initial encrypt/decrypt test makes sure
144              that the user knows the corresponding password for the key).
145
146       -a,  --agent
147              Instruct gpgdir to acquire gpg key password from a running  gpg-
148              agent instance.
149
150       -A, --Agent-info <connection info>
151              Specify  the value of the GPG_AGENT_INFO environment variable as
152              returned by  the  gpg-agent  --daemon  command.  If  the  gpgdir
153              --agent  command  line argument is used instead of --Agent-info,
154              then gpgdir assumes that the GPG_AGENT_INFO environment variable
155              has already been set in the current shell.
156
157       -s,  --skip-test
158              Skip  encryption and decryption test.  This will allow gpgdir to
159              be used to encrypt a directory  without  specifying  a  password
160              (which  normally  gets  used  in encryption mode to test to make
161              sure decryption against a dummy file works properly).
162
163       -q, --quiet
164              Print as little as possible to the  screen  when  encrypting  or
165              decrypting a directory.
166
167       --no-recurse
168              Instruct gpgdir to not recurse through any subdirectories of the
169              directory that is being encrypted or decrypted.
170
171       --no-password
172              Instruct gpgdir to not ask the user for  a  password.   This  is
173              only  useful when a gpg key literally has no associated password
174              (this is not common).
175
176       --no-delete
177              Instruct gpgdir to not delete original files at encrypt time.
178
179       --no-preservetimes
180              Instruct gpgdir to not preserve original file  mtime  and  atime
181              values upon encryption or decryption.
182
183       -l,  --locale <locale>
184              Provide a locale setting other than the default "C" locale.
185
186       --no-locale
187              Do  not  set the locale at all so that the default system locale
188              will apply.
189
190       -v, --verbose
191              Run in verbose mode.
192
193       -V, --Version
194              Print version number and exit.
195
196       -h, --help
197              Print usage information and exit.
198

FILES

200       ~/.gpgdirrc
201              Contains the key id of the user gpg key that  will  be  used  to
202              encrypt or decrypt the files within a directory.
203

ENVIRONMENT

205       HOME         Set the default home directory.
206
207       GNUPGBIN     Set the gpg binary.  Default: "gpg".
208
209       GNUPGHOME    Set  the  default  working  directory  for  gpg.  Default:
210                    "~/.gnupg".
211

EXAMPLES

213       The following examples illustrate the command line arguments that could
214       be supplied to gpgdir in a few situations:
215
216       To encrypt a directory:
217
218       $ gpgdir -e /some/dir
219
220       To encrypt a directory, and use the wipe command to securely delete the
221       original unencrypted files:
222
223       $ gpgdir -W -e /some/dir
224
225       To  encrypt  a  directory  with  the  default  GnuPG  key  defined   in
226       ~/.gnupg/options:
227
228       $ gpgdir -e /some/dir --Default-key
229
230       To decrypt a directory with a key specified in ~/.gpgdirrc:
231
232       $ gpgdir -d /some/dir
233
234       To  encrypt  a directory but skip all filenames that contain the string
235       "host":
236
237       $ gpgdir -e /some/dir --Exclude host
238
239       To encrypt a directory but only encrypt those files  that  contain  the
240       string "passwd":
241
242       $ gpgdir -e /some/dir --Include passwd
243
244       To  acquire  the  GnuPG key password from a running gpg-agent daemon in
245       order to decrypt a directory (this  requires  that  gpg-agent  has  the
246       password):
247
248       $ gpgdir -A /tmp/gpg-H4DBhc/S.gpg-agent:7046:1 -d /some/dir
249
250       To  encrypt a directory but skip the encryption/decryption test (so you
251       will not be prompted for a decryption password):
252
253       $ gpgdir -e /some/dir -s
254
255       To encrypt a directory and no subdirectories:
256
257       $ gpgdir -e /some/dir --no-recurse
258
259       To encrypt root's home directory, but use  the  GnuPG  keys  associated
260       with the user "bob":
261
262       # gpgdir -e /root -g /home/bob/.gnupg
263

DEPENDENCIES

265       gpgdir  requires that gpg, the Gnu Privacy Guard (http://www.gnupg.org)
266       is installed.  gpgdir also requires the  GnuPG::Interface  perl  module
267       from  CPAN,  but  it  is  bundled  with  gpgdir  and  is  installed  in
268       /usr/lib/gpgdir at install-time so it does not pollute the system  perl
269       library tree.
270
271

SEE ALSO

273       gpg(1)
274
275

AUTHOR

277       Michael Rash <mbr@cipherdyne.org>
278
279

CONTRIBUTORS

281       Many  people  who are active in the open source community have contrib‐
282       uted to gpgdir; see the CREDITS file in the gpgdir sources.
283
284
285

BUGS

287       Send bug reports to mbr@cipherdyne.org. Suggestions and/or comments are
288       always welcome as well.
289
290

DISTRIBUTION

292       gpgdir  is  distributed under the GNU General Public License (GPL), and
293       the latest version may be downloaded from http://www.cipherdyne.org
294
295
296
297Linux                              May, 2007                         GPGDIR(1)
Impressum