1GPGDIR(1)                   General Commands Manual                  GPGDIR(1)
2
3
4

NAME

6       gpgdir - recursive directory encryption with GnuPG
7

SYNOPSIS

9       gpgdir -e|-d <directory> [options]
10

DESCRIPTION

12       gpgdir is a perl script that uses the CPAN GnuPG::Interface perl module
13       to recursively encrypt  and  decrypt  directories  using  gpg.   gpgdir
14       recursively  descends  through  a  directory  in  order to make sure it
15       encrypts or decrypts every file in a directory and all of its subdirec‐
16       tories.   By  default  the  mtime and atime values of all files will be
17       preserved upon encryption and decryption (this can be disabled with the
18       --no-preserve-times  option).  Note that in --encrypt mode, gpgdir will
19       delete the original files that it  successfully  encrypts  (unless  the
20       --no-delete  option is given).  However, upon startup gpgdir first asks
21       for a the decryption password to be sure that a dummy file can success‐
22       fully  be  encrypted  and  decrypted.  The initial test can be disabled
23       with the --skip-test option so that a directory can easily be encrypted
24       without  having to also specify a password (this is consistent with gpg
25       behavior).  Also, note that gpgdir is careful not encrypt hidden  files
26       and  directories.   After  all,  you  probably don't want your ~/.gnupg
27       directory or ~/.bashrc file to be encrypted.  The key  gpgdir  uses  to
28       encrypt/decrypt a directory is specified in ~/.gpgdirrc.
29
30       Finally,  gpgdir  can use the wipe program with the --Wipe command line
31       option to securely delete the original  unencrypted  files  after  they
32       have been successfully encrypted.  This elevates the security stance of
33       gpgdir since it is more difficult to recover the unencrypted data asso‐
34       ciated  with  files  from  the  filesystem  after  they  are  encrypted
35       (unlink() does not erase data blocks even though a file is removed).
36
37

OPTIONS

39       -e, --encrypt <directory>
40              Recursively encrypt all files in the directory specified on  the
41              command  line.   All  original files will be deleted (a password
42              check is performed first to make sure that the correct  password
43              to unlock the private GnuPG key is known to the user).
44
45       -d, --decrypt <directory>
46              Recursively  decrypt all files in the directory specified on the
47              command line.  The encrypted .gpg version of each file  will  be
48              deleted.
49
50       --sign <directory>
51              Recursively  sign  all  files  in the directory specified on the
52              command line.  For each file, a detached .asc signature will  be
53              created.
54
55       --verify <directory>
56              Recursively  verify  all .asc signatures for files in the direc‐
57              tory specified on the command line.
58
59       -g, --gnupg-dir <directory>
60              Specify which .gnupg directory will be used to find GnuPG  keys.
61              The default is ~/.gnupg if this option is not used.  This option
62              allows gpgdir to be run as one user but use the keys of  another
63              user (assuming permissions are setup correctly, etc.).
64
65       -p, --pw-file <pw-file>
66              Read  decryption  password  from pw-file instead of typing it on
67              the command line.
68
69       -t, --test-mode
70              Run an encryption and decryption test against a dummy  file  and
71              exit.   This test is always run by default in both --encrypt and
72              --decrypt mode.
73
74       -S, --Symmetric
75              Instruct gpgdir to encrypt to decrypt files  using  a  symmetric
76              cipher  supported  by  GnuPG  (CAST5  is  commonly  used).  This
77              results in a significant speed up for the  encryption/decryption
78              process.
79
80       -T, --Trial-run
81              Show what encrypt/decrypt actions would take place without actu‐
82              ally doing them.  The filesystem is not changed in  any  way  in
83              this mode.
84
85       -I, --Interactive
86              Prompt  the  user  before actually encrypting or decrypting each
87              file.  This is useful to have fine-grained control  over  gpgdir
88              operations as it recurses through a directory structure.
89
90       -F, --Force
91              Tell  gpgdir  to  ignore non-fatal error conditions, such as the
92              inability to encrypt or decrypt individual files because of per‐
93              missions errors.
94
95       --Exclude <pattern>
96              Instruct  gpgdir to skip all files that match pattern as a regex
97              match against each filename.  This is similar to  the  --exclude
98              option in the standard GNU tar command.
99
100       --Exclude-from <file>
101              Instruct  gpgdir to exclude all files matched by patterns listed
102              in file.  This is similar to the --exclude-from the GNU tar com‐
103              mand.
104
105       --Include <pattern>
106              Instruct  gpgdir  to  only include files that match pattern as a
107              regex match against each filename.
108
109       --Include-from <file>
110              Instruct gpgdir to only include files matched by patterns listed
111              in file.
112
113       -W, --Wipe
114              Use  the  wipe  program to securely delete files after they have
115              been successfully encrypted.
116
117       -O, --Obfuscate-filename
118              Tell gpgdir to  obfuscate  the  file  names  of  files  that  it
119              encrypts (in -e mode).  The names of each file are stored within
120              the file .gpgdir_map_file for every sub-directory, and this file
121              is  itself  encrypted.  In decryption mode (-d), the -O argument
122              reverses the process so that the original files are restored.
123
124       --overwrite-encrypted
125              Overwrite encrypted files even if  a  previous  <file>.gpg  file
126              already exists.
127
128       --overwrite-decrypted
129              Overwrite  decrypted files even if the previous unencrypted file
130              already exists.
131
132       -K, --Key-id <id>
133              Manually specify a GnuPG key ID from the command line.   Because
134              GnuPG supports matching keys with a string, id does not strictly
135              have to be a key ID; it can be a string that uniquely matches  a
136              key in the GnuPG key ring.
137
138       -D, --Default-key
139              Use the key that GnuPG defines as the default, i.e. the key that
140              is specified by the default-key  variable  in  ~/.gnupg/options.
141              If    the   default-key   variable   is   not   defined   within
142              ~/.gnupg/options, then GnuPG tries to use the first suitable key
143              on  its  key  ring  (the initial encrypt/decrypt test makes sure
144              that the user knows the corresponding password for the key).
145
146       -a,  --agent
147              Instruct gpgdir to acquire gpg key password from a running  gpg-
148              agent instance.
149
150       -A, --Agent-info <connection info>
151              Specify  the value of the GPG_AGENT_INFO environment variable as
152              returned by  the  gpg-agent  --daemon  command.  If  the  gpgdir
153              --agent  command  line argument is used instead of --Agent-info,
154              then gpgdir assumes that the GPG_AGENT_INFO environment variable
155              has already been set in the current shell.
156
157       -s,  --skip-test
158              Skip  encryption and decryption test.  This will allow gpgdir to
159              be used to encrypt a directory  without  specifying  a  password
160              (which  normally  gets  used  in encryption mode to test to make
161              sure decryption against a dummy file works properly).
162
163       -q, --quiet
164              Print as little as possible to the  screen  when  encrypting  or
165              decrypting a directory.
166
167       --no-recurse
168              Instruct gpgdir to not recurse through any subdirectories of the
169              directory that is being encrypted or decrypted.
170
171       --no-password
172              Instruct gpgdir to not ask the user for  a  password.   This  is
173              only  useful when a gpg key literally has no associated password
174              (this is not common).
175
176       --no-delete
177              Instruct gpgdir to not delete original files at encrypt time.
178
179       --no-preservetimes
180              Instruct gpgdir to not preserve original file  mtime  and  atime
181              values upon encryption or decryption.
182
183       -l,  --locale <locale>
184              Provide a locale setting other than the default "C" locale.
185
186       --no-locale
187              Do  not  set the locale at all so that the default system locale
188              will apply.
189
190       -v, --verbose
191              Run in verbose mode.
192
193       -V, --Version
194              Print version number and exit.
195
196       -h, --help
197              Print usage information and exit.
198

FILES

200       ~/.gpgdirrc
201              Contains the key id of the user gpg key that  will  be  used  to
202              encrypt or decrypt the files within a directory.
203

EXAMPLES

205       The following examples illustrate the command line arguments that could
206       be supplied to gpgdir in a few situations:
207
208       To encrypt a directory:
209
210       $ gpgdir -e /some/dir
211
212       To encrypt a directory, and use the wipe command to securely delete the
213       original unencrypted files:
214
215       $ gpgdir -W -e /some/dir
216
217       To   encrypt  a  directory  with  the  default  GnuPG  key  defined  in
218       ~/.gnupg/options:
219
220       $ gpgdir -e /some/dir --Default-key
221
222       To decrypt a directory with a key specified in ~/.gpgdirrc:
223
224       $ gpgdir -d /some/dir
225
226       To encrypt a directory but skip all filenames that contain  the  string
227       "host":
228
229       $ gpgdir -e /some/dir --Exclude host
230
231       To  encrypt  a  directory but only encrypt those files that contain the
232       string "passwd":
233
234       $ gpgdir -e /some/dir --Include passwd
235
236       To acquire the GnuPG key password from a running  gpg-agent  daemon  in
237       order  to  decrypt  a  directory  (this requires that gpg-agent has the
238       password):
239
240       $ gpgdir -A /tmp/gpg-H4DBhc/S.gpg-agent:7046:1 -d /some/dir
241
242       To encrypt a directory but skip the encryption/decryption test (so  you
243       will not be prompted for a decryption password):
244
245       $ gpgdir -e /some/dir -s
246
247       To encrypt a directory and no subdirectories:
248
249       $ gpgdir -e /some/dir --no-recurse
250
251       To  encrypt  root's  home  directory, but use the GnuPG keys associated
252       with the user "bob":
253
254       # gpgdir -e /root -g /home/bob/.gnupg
255

DEPENDENCIES

257       gpgdir requires that gpg, the Gnu Privacy Guard  (http://www.gnupg.org)
258       is  installed.   gpgdir  also requires the GnuPG::Interface perl module
259       from  CPAN,  but  it  is  bundled  with  gpgdir  and  is  installed  in
260       /usr/lib/gpgdir  at install-time so it does not pollute the system perl
261       library tree.
262
263

SEE ALSO

265       gpg(1)
266
267

AUTHOR

269       Michael Rash <mbr@cipherdyne.org>
270
271

CONTRIBUTORS

273       Many people who are active in the open source community  have  contrib‐
274       uted to gpgdir; see the CREDITS file in the gpgdir sources.
275
276
277

BUGS

279       Send bug reports to mbr@cipherdyne.org. Suggestions and/or comments are
280       always welcome as well.
281
282

DISTRIBUTION

284       gpgdir is distributed under the GNU General Public License  (GPL),  and
285       the latest version may be downloaded from http://www.cipherdyne.org
286
287
288
289Linux                              May, 2007                         GPGDIR(1)
Impressum