1GPGDIR(1) General Commands Manual GPGDIR(1)
2
6 gpgdir - recursive directory encryption with GnuPG
7
9 gpgdir -e|-d <directory> [options]
10
12 gpgdir is a perl script that uses the CPAN GnuPG::Interface perl module
13 to recursively encrypt and decrypt directories using gpg. gpgdir
14 recursively descends through a directory in order to make sure it
15 encrypts or decrypts every file in a directory and all of its subdirec‐
16 tories. By default the mtime and atime values of all files will be
17 preserved upon encryption and decryption (this can be disabled with the
18 --no-preserve-times option). Note that in --encrypt mode, gpgdir will
19 delete the original files that it successfully encrypts (unless the
20 --no-delete option is given). However, upon startup gpgdir first asks
21 for a the decryption password to be sure that a dummy file can success‐
22 fully be encrypted and decrypted. The initial test can be disabled
23 with the --skip-test option so that a directory can easily be encrypted
24 without having to also specify a password (this is consistent with gpg
25 behavior). Also, note that gpgdir is careful not encrypt hidden files
26 and directories. After all, you probably don't want your ~/.gnupg
27 directory or ~/.bashrc file to be encrypted. The key gpgdir uses to
28 encrypt/decrypt a directory is specified in ~/.gpgdirrc.
29 Finally, gpgdir can use the wipe program with the --Wipe command line
31 option to securely delete the original unencrypted files after they
32 have been successfully encrypted. This elevates the security stance of
33 gpgdir since it is more difficult to recover the unencrypted data asso‐
34 ciated with files from the filesystem after they are encrypted
35 (unlink() does not erase data blocks even though a file is removed).
36
39 -e, --encrypt <directory>
40 Recursively encrypt all files in the directory specified on the
41 command line. All original files will be deleted (a password
42 check is performed first to make sure that the correct password
43 to unlock the private GnuPG key is known to the user).
44 -d, --decrypt <directory>
46 Recursively decrypt all files in the directory specified on the
47 command line. The encrypted .gpg version of each file will be
48 deleted.
49 --sign <directory>
51 Recursively sign all files in the directory specified on the
52 command line. For each file, a detached .asc signature will be
53 created.
54 --verify <directory>
56 Recursively verify all .asc signatures for files in the direc‐
57 tory specified on the command line.
58 -g, --gnupg-dir <directory>
60 Specify which .gnupg directory will be used to find GnuPG keys.
61 The default is ~/.gnupg if this option is not used. This option
62 allows gpgdir to be run as one user but use the keys of another
63 user (assuming permissions are setup correctly, etc.).
64 -p, --pw-file <pw-file>
66 Read decryption password from pw-file instead of typing it on
67 the command line.
68 -t, --test-mode
70 Run an encryption and decryption test against a dummy file and
71 exit. This test is always run by default in both --encrypt and
72 --decrypt mode.
73 -S, --Symmetric
75 Instruct gpgdir to encrypt to decrypt files using a symmetric
76 cipher supported by GnuPG (CAST5 is commonly used). This
77 results in a significant speed up for the encryption/decryption
78 process.
79 -T, --Trial-run
81 Show what encrypt/decrypt actions would take place without actu‐
82 ally doing them. The filesystem is not changed in any way in
83 this mode.
84 -I, --Interactive
86 Prompt the user before actually encrypting or decrypting each
87 file. This is useful to have fine-grained control over gpgdir
88 operations as it recurses through a directory structure.
89 -F, --Force
91 Tell gpgdir to ignore non-fatal error conditions, such as the
92 inability to encrypt or decrypt individual files because of per‐
93 missions errors.
94 --Exclude <pattern>
96 Instruct gpgdir to skip all files that match pattern as a regex
97 match against each filename. This is similar to the --exclude
98 option in the standard GNU tar command.
99 --Exclude-from <file>
101 Instruct gpgdir to exclude all files matched by patterns listed
102 in file. This is similar to the --exclude-from the GNU tar com‐
103 mand.
104 --Include <pattern>
106 Instruct gpgdir to only include files that match pattern as a
107 regex match against each filename.
108 --Include-from <file>
110 Instruct gpgdir to only include files matched by patterns listed
111 in file.
112 -W, --Wipe
114 Use the wipe program to securely delete files after they have
115 been successfully encrypted.
116 -O, --Obfuscate-filename
118 Tell gpgdir to obfuscate the file names of files that it
119 encrypts (in -e mode). The names of each file are stored within
120 the file .gpgdir_map_file for every sub-directory, and this file
121 is itself encrypted. In decryption mode (-d), the -O argument
122 reverses the process so that the original files are restored.
123 --overwrite-encrypted
125 Overwrite encrypted files even if a previous <file>.gpg file
126 already exists.
127 --overwrite-decrypted
129 Overwrite decrypted files even if the previous unencrypted file
130 already exists.
131 -K, --Key-id <id>
133 Manually specify a GnuPG key ID from the command line. Because
134 GnuPG supports matching keys with a string, id does not strictly
135 have to be a key ID; it can be a string that uniquely matches a
136 key in the GnuPG key ring.
137 -D, --Default-key
139 Use the key that GnuPG defines as the default, i.e. the key that
140 is specified by the default-key variable in ~/.gnupg/options.
141 If the default-key variable is not defined within
142 ~/.gnupg/options, then GnuPG tries to use the first suitable key
143 on its key ring (the initial encrypt/decrypt test makes sure
144 that the user knows the corresponding password for the key).
145 -a, --agent
147 Instruct gpgdir to acquire gpg key password from a running gpg-
148 agent instance.
149 -A, --Agent-info <connection info>
151 Specify the value of the GPG_AGENT_INFO environment variable as
152 returned by the gpg-agent --daemon command. If the gpgdir
153 --agent command line argument is used instead of --Agent-info,
154 then gpgdir assumes that the GPG_AGENT_INFO environment variable
155 has already been set in the current shell.
156 -s, --skip-test
158 Skip encryption and decryption test. This will allow gpgdir to
159 be used to encrypt a directory without specifying a password
160 (which normally gets used in encryption mode to test to make
161 sure decryption against a dummy file works properly).
162 -q, --quiet
164 Print as little as possible to the screen when encrypting or
165 decrypting a directory.
166 --no-recurse
168 Instruct gpgdir to not recurse through any subdirectories of the
169 directory that is being encrypted or decrypted.
170 --no-password
172 Instruct gpgdir to not ask the user for a password. This is
173 only useful when a gpg key literally has no associated password
174 (this is not common).
175 --no-delete
177 Instruct gpgdir to not delete original files at encrypt time.
178 --no-preservetimes
180 Instruct gpgdir to not preserve original file mtime and atime
181 values upon encryption or decryption.
182 -l, --locale <locale>
184 Provide a locale setting other than the default "C" locale.
185 --no-locale
187 Do not set the locale at all so that the default system locale
188 will apply.
189 -v, --verbose
191 Run in verbose mode.
192 -V, --Version
194 Print version number and exit.
195 -h, --help
197 Print usage information and exit.
198
200 ~/.gpgdirrc
201 Contains the key id of the user gpg key that will be used to
202 encrypt or decrypt the files within a directory.
203
205 The following examples illustrate the command line arguments that could
206 be supplied to gpgdir in a few situations:
207 To encrypt a directory:
209 $ gpgdir -e /some/dir
211 To encrypt a directory, and use the wipe command to securely delete the
213 original unencrypted files:
214 $ gpgdir -W -e /some/dir
216 To encrypt a directory with the default GnuPG key defined in
218 ~/.gnupg/options:
219 $ gpgdir -e /some/dir --Default-key
221 To decrypt a directory with a key specified in ~/.gpgdirrc:
223 $ gpgdir -d /some/dir
225 To encrypt a directory but skip all filenames that contain the string
227 "host":
228 $ gpgdir -e /some/dir --Exclude host
230 To encrypt a directory but only encrypt those files that contain the
232 string "passwd":
233 $ gpgdir -e /some/dir --Include passwd
235 To acquire the GnuPG key password from a running gpg-agent daemon in
237 order to decrypt a directory (this requires that gpg-agent has the
238 password):
239 $ gpgdir -A /tmp/gpg-H4DBhc/S.gpg-agent:7046:1 -d /some/dir
241 To encrypt a directory but skip the encryption/decryption test (so you
243 will not be prompted for a decryption password):
244 $ gpgdir -e /some/dir -s
246 To encrypt a directory and no subdirectories:
248 $ gpgdir -e /some/dir --no-recurse
250 To encrypt root's home directory, but use the GnuPG keys associated
252 with the user "bob":
253 # gpgdir -e /root -g /home/bob/.gnupg
255
257 gpgdir requires that gpg, the Gnu Privacy Guard (http://www.gnupg.org)
258 is installed. gpgdir also requires the GnuPG::Interface perl module
259 from CPAN, but it is bundled with gpgdir and is installed in
260 /usr/lib/gpgdir at install-time so it does not pollute the system perl
261 library tree.
262
265 gpg(1)
266
269 Michael Rash <mbr@cipherdyne.org>
270
273 Many people who are active in the open source community have contrib‐
274 uted to gpgdir; see the CREDITS file in the gpgdir sources.
275
279 Send bug reports to mbr@cipherdyne.org. Suggestions and/or comments are
280 always welcome as well.
281
284 gpgdir is distributed under the GNU General Public License (GPL), and
285 the latest version may be downloaded from http://www.cipherdyne.org
286Linux May, 2007 GPGDIR(1)