lunar (1) gpgdir.1.gz

Provided by: signing-party_2.11-1_amd64 bug

NAME

       gpgdir - recursive directory encryption with GnuPG

SYNOPSIS

       gpgdir -e|-d <directory> [options]

DESCRIPTION

       gpgdir  is  a  perl  script that uses the CPAN GnuPG::Interface perl module to recursively
       encrypt and  decrypt  directories  using  gpg.   gpgdir  recursively  descends  through  a
       directory  in order to make sure it encrypts or decrypts every file in a directory and all
       of its subdirectories.  By default the mtime  and  atime  values  of  all  files  will  be
       preserved  upon  encryption  and  decryption (this can be disabled with the --no-preserve-
       times option).  Note that in --encrypt mode, gpgdir will delete the original files that it
       successfully  encrypts  (unless  the  --no-delete option is given).  However, upon startup
       gpgdir first asks for a the  decryption  password  to  be  sure  that  a  dummy  file  can
       successfully  be  encrypted  and  decrypted.   The  initial  test can be disabled with the
       --skip-test option so that a directory can easily be  encrypted  without  having  to  also
       specify  a  password  (this  is  consistent with gpg behavior).  Also, note that gpgdir is
       careful not encrypt hidden files and directories.  After all, you probably don't want your
       ~/.gnupg   directory  or  ~/.bashrc  file  to  be  encrypted.   The  key  gpgdir  uses  to
       encrypt/decrypt a directory is specified in ~/.gpgdirrc.

       Finally, gpgdir can use the wipe program with the --Wipe command line option  to  securely
       delete  the  original unencrypted files after they have been successfully encrypted.  This
       elevates the security stance  of  gpgdir  since  it  is  more  difficult  to  recover  the
       unencrypted  data  associated  with  files  from  the  filesystem after they are encrypted
       (unlink() does not erase data blocks even though a file is removed).

OPTIONS

       -e, --encrypt <directory>
              Recursively encrypt all files in the directory specified on the command line.   All
              original  files  will  be deleted (a password check is performed first to make sure
              that the correct password to unlock the private GnuPG key is known to the user).

       -d, --decrypt <directory>
              Recursively decrypt all files in the directory specified on the command line.   The
              encrypted .gpg version of each file will be deleted.

       --sign <directory>
              Recursively  sign  all  files  in the directory specified on the command line.  For
              each file, a detached .asc signature will be created.

       --verify <directory>
              Recursively verify all .asc signatures for files in the directory specified on  the
              command line.

       -g, --gnupg-dir <directory>
              Specify  which  .gnupg  directory  will be used to find GnuPG keys.  The default is
              ~/.gnupg if this option is not used.  This option allows gpgdir to be  run  as  one
              user  but  use  the keys of another user (assuming permissions are setup correctly,
              etc.).

       -p, --pw-file <pw-file>
              Read decryption password from pw-file instead of typing it on the command line.

       -t, --test-mode
              Run an encryption and decryption test against a dummy file and exit.  This test  is
              always run by default in both --encrypt and --decrypt mode.

       -S, --Symmetric
              Instruct  gpgdir  to encrypt to decrypt files using a symmetric cipher supported by
              GnuPG (CAST5 is commonly used).  This results in a significant  speed  up  for  the
              encryption/decryption process.

       -T, --Trial-run
              Show  what  encrypt/decrypt  actions  would take place without actually doing them.
              The filesystem is not changed in any way in this mode.

       -I, --Interactive
              Prompt the user before actually encrypting or decrypting each file.  This is useful
              to  have  fine-grained  control  over  gpgdir  operations  as it recurses through a
              directory structure.

       -F, --Force
              Tell gpgdir to ignore non-fatal error conditions, such as the inability to  encrypt
              or decrypt individual files because of permissions errors.

       --Exclude <pattern>
              Instruct  gpgdir to skip all files that match pattern as a regex match against each
              filename.  This is similar to the --exclude option in the standard GNU tar command.

       --Exclude-from <file>
              Instruct gpgdir to exclude all files matched by patterns listed in file.   This  is
              similar to the --exclude-from the GNU tar command.

       --Include <pattern>
              Instruct  gpgdir  to only include files that match pattern as a regex match against
              each filename.

       --Include-from <file>
              Instruct gpgdir to only include files matched by patterns listed in file.

       -W, --Wipe
              Use the wipe program to securely delete files after  they  have  been  successfully
              encrypted.

       -O, --Obfuscate-filename
              Tell  gpgdir  to  obfuscate  the file names of files that it encrypts (in -e mode).
              The names of each file are stored within the file .gpgdir_map_file for  every  sub-
              directory,  and  this  file  is  itself encrypted.  In decryption mode (-d), the -O
              argument reverses the process so that the original files are restored.

       --overwrite-encrypted
              Overwrite encrypted files even if a previous <file>.gpg file already exists.

       --overwrite-decrypted
              Overwrite decrypted files even if the previous unencrypted file already exists.

       -K, --Key-id <id>
              Manually specify a GnuPG key ID from the  command  line.   Because  GnuPG  supports
              matching  keys with a string, id does not strictly have to be a key ID; it can be a
              string that uniquely matches a key in the GnuPG key ring.

       -D, --Default-key
              Use the key that GnuPG defines as the default, i.e. the key that  is  specified  by
              the  default-key  variable in ~/.gnupg/options.  If the default-key variable is not
              defined within ~/.gnupg/options, then GnuPG tries to use the first suitable key  on
              its  key  ring (the initial encrypt/decrypt test makes sure that the user knows the
              corresponding password for the key).

       -a,  --agent
              Instruct gpgdir to acquire gpg key password from a running gpg-agent instance.

       -A, --Agent-info <connection info>
              Specify the value of the GPG_AGENT_INFO environment variable  as  returned  by  the
              gpg-agent  --daemon  command.  If  the gpgdir --agent command line argument is used
              instead of --Agent-info, then gpgdir assumes that  the  GPG_AGENT_INFO  environment
              variable has already been set in the current shell.

       -s,  --skip-test
              Skip  encryption and decryption test.  This will allow gpgdir to be used to encrypt
              a directory without specifying a password (which normally gets used  in  encryption
              mode to test to make sure decryption against a dummy file works properly).

       -q, --quiet
              Print  as  little  as  possible  to  the  screen  when  encrypting  or decrypting a
              directory.

       --no-recurse
              Instruct gpgdir to not recurse through any subdirectories of the directory that  is
              being encrypted or decrypted.

       --no-password
              Instruct gpgdir to not ask the user for a password.  This is only useful when a gpg
              key literally has no associated password (this is not common).

       --no-delete
              Instruct gpgdir to not delete original files at encrypt time.

       --no-preservetimes
              Instruct gpgdir  to  not  preserve  original  file  mtime  and  atime  values  upon
              encryption or decryption.

       -l,  --locale <locale>
              Provide a locale setting other than the default "C" locale.

       --no-locale
              Do not set the locale at all so that the default system locale will apply.

       -v, --verbose
              Run in verbose mode.

       -V, --Version
              Print version number and exit.

       -h, --help
              Print usage information and exit.

FILES

       ~/.gpgdirrc
              Contains the key id of the user gpg key that will be used to encrypt or decrypt the
              files within a directory.

ENVIRONMENT

       HOME         Set the default home directory.

       GNUPGBIN     Set the gpg binary.  Default: "gpg".

       GNUPGHOME    Set the default working directory for gpg.  Default: "~/.gnupg".

EXAMPLES

       The following examples illustrate the command line arguments that  could  be  supplied  to
       gpgdir in a few situations:

       To encrypt a directory:

       $ gpgdir -e /some/dir

       To  encrypt  a  directory,  and  use  the  wipe  command  to  securely delete the original
       unencrypted files:

       $ gpgdir -W -e /some/dir

       To encrypt a directory with the default GnuPG key defined in ~/.gnupg/options:

       $ gpgdir -e /some/dir --Default-key

       To decrypt a directory with a key specified in ~/.gpgdirrc:

       $ gpgdir -d /some/dir

       To encrypt a directory but skip all filenames that contain the string "host":

       $ gpgdir -e /some/dir --Exclude host

       To encrypt a directory but only encrypt those files that contain the string "passwd":

       $ gpgdir -e /some/dir --Include passwd

       To acquire the GnuPG key password from a running gpg-agent daemon in order  to  decrypt  a
       directory (this requires that gpg-agent has the password):

       $ gpgdir -A /tmp/gpg-H4DBhc/S.gpg-agent:7046:1 -d /some/dir

       To  encrypt  a  directory  but  skip  the  encryption/decryption  test (so you will not be
       prompted for a decryption password):

       $ gpgdir -e /some/dir -s

       To encrypt a directory and no subdirectories:

       $ gpgdir -e /some/dir --no-recurse

       To encrypt root's home directory, but use the GnuPG keys associated with the user "bob":

       # gpgdir -e /root -g /home/bob/.gnupg

DEPENDENCIES

       gpgdir requires that gpg, the  Gnu  Privacy  Guard  (http://www.gnupg.org)  is  installed.
       gpgdir  also  requires  the GnuPG::Interface perl module from CPAN, but it is bundled with
       gpgdir and is installed in /usr/lib/gpgdir at install-time so  it  does  not  pollute  the
       system perl library tree.

SEE ALSO

       gpg(1)

AUTHOR

       Michael Rash <mbr@cipherdyne.org>

CONTRIBUTORS

       Many  people  who  are active in the open source community have contributed to gpgdir; see
       the CREDITS file in the gpgdir sources.

BUGS

       Send bug reports to mbr@cipherdyne.org. Suggestions and/or comments are always welcome  as
       well.

DISTRIBUTION

       gpgdir  is  distributed under the GNU General Public License (GPL), and the latest version
       may be downloaded from http://www.cipherdyne.org