GPG file encryption wrapper, using GPG's strongest command-line encryption options.
Encrypt a file with GNU Privacy Guard (GPG) using the strongest cipher and key-strengthening options offered by GPG.
The default GPG symmetric file encryption settings (CAST5 and SHA-1 on older GPG versions) are weaker choices compared to other options available.
And the command-line switches to enable the stronger GPG options are verbose, not easily-remembered, and inconvenient.
GPGit provides a single command to call GPG with its strongest file encryption options.
GPGit script placed in a directory location in $PATH.
GPG is present by default on most Linux distros (
whereis gpg or
whereis gpg2), else it is available from the distro repos.
(GPG2 is to be preferred, if it is installed on the machine, as it is more resistant to attack. Replace
gpg2 in the gpgit script.)
GPG for Windows is available from websites such as GPG4Win, or the standalone command-line executable can be extracted from a Git installation.
As your preferred user:
chmod 700 gpgit sudo mv gpgit /usr/local/bin
/usr/local/bin is just an example of a $PATH location.
Move gpgit.bat to a suitable directory. Ensure that directory is in the $PATH variable. If not add the directory: Windows/Super key + Break > Advanced tab > Environmental Variables button > click Path line > Edit button > Variable value - append at the end of existing line info: C:\directory path\to gpgit.bat;
Linux and Windows
GPG asks for a passphrase (and confirmation) and then creates an encrypted copy of the original file with the file extension .gpg
Decrypt the encrypted file with:
Apply Cascade Encryption
gpgit <filename> -c
GPG asks for two passphrases (passphrase one, confirmation; gpgit message: applying cascade encryption [...]; passphrase two, confirmation), and creates two files. The file with the double extension .gpg.gpg is the cascade-encrypted file.
Two steps of decryption will be required, e.g. for secret.txt.gpg.gpg
resulting in secret.txt
The default AES256 cipher call used in GPGit can be replaced with other ciphers offered by GPG.
TWOFISH and CAMELLIA256 are the strongest cipher alternatives to AES256.
GPG / GPGit File Comparisons
gpg --version gpg (GnuPG) 1.4.20 Copyright (C) 2015 Free Software Foundation, Inc. pgpdump default.txt.gpg Sym alg - AES with 128-bit key(sym 7) Iterated and salted string-to-key(s2k 3): Hash alg - SHA1(hash 2) Salt - 8f c8 6b 9a b0 b8 c2 10 Count - 65536(coded count 96) pgpdump gpgit.txt.gpg Sym alg - AES with 256-bit key(sym 9) Iterated and salted string-to-key(s2k 3): Hash alg - SHA512(hash 10) Salt - a6 60 04 ad f3 e8 09 43 Count - 65011712(coded count 255) gpg2 --version gpg (GnuPG) 2.1.11 libgcrypt 1.6.5 Copyright (C) 2016 Free Software Foundation, Inc. pgpdump default2.txt.gpg Sym alg - AES with 128-bit key(sym 7) Iterated and salted string-to-key(s2k 3): Hash alg - SHA1(hash 2) Salt - 9c 2f ca 1f 9e 19 e5 eb Count - 31457280(coded count 238) pgpdump gpgit2.txt.gpg Sym alg - AES with 256-bit key(sym 9) Iterated and salted string-to-key(s2k 3): Hash alg - SHA512(hash 10) Salt - 31 13 57 9c 49 54 d2 f8 Count - 65011712(coded count 255)
GPGit is released under the GPL v.3.