Scripts for managing gpg keyrings and performing common operations
For now, the easiest way to install is straight from github.
From your command line, cd
to somewhere you won't mind keeping this git repository, and then run:
git clone https://github.com/dimagi/gpg-scripts.git
cd gpg-scripts
./install
and open a new login shell for the change to take effect.
(This adds a line to your ~/.bash_profile
that puts /path/to/gpg-scripts
on your $PATH
.)
You should then be able to run any of the following commands.
gpgkeyring
is a utility for viewing, making, editing, etc. keyrings conveniently.
Let's say you have a table like this of people's GPG key short hex codes (keys.txt):
Ben xxxxx@dimagi.com D71D7FAB
Biyeun xxxxx@dimagi.com 3FA94BE1
Danny xxxxx@dimagi.com 2D3E8469
Ethan xxxxx@dimagi.com 5E115245
...
To make a keyring called dimagi.gpg from them, just run
gpgkeyring make dimagi.gpg D71D7FAB 3FA94BE1 2D3E8469 5E115245 ...
or if you wanna get fancy
gpgkeyring make dimagi.gpg $(cut -f3 keys.txt)
Pretty print a keyring's contents.
gpgkeyring show dimagi.gpg --email-domain dimagi.com
Ben xxxxx@dimagi.com D71D7FAB
Biyeun xxxxx@dimagi.com 3FA94BE1
Danny xxxxx@dimagi.com 2D3E8469
Ethan xxxxx@dimagi.com 5E115245
...
Later on if you want to add another key (or keys) to a keyring, just run
gpgkeyring add dimagi.gpg C808DF01 ...
The gpg-all.sh
script reads a TSV file with columns representing Name (no spaces), Email, and (Secret) Message with positional command line arguments representing the Keyring to use and Directory name, and it will encrypt each using the key corresponding to in and write to the file <Directory>/<Name>.gpg
and then zip .
If you have a TSV file named multi-message.txt
with the contents below:
Ben xxxxx@dimagi.com SK4zP7eJjA6J
Biyeun xxxxx@dimagi.com ThWahlC4Gq/o
Danny xxxxx@dimagi.com ftcYDYcHv09P
Ethan xxxxx@dimagi.com JjvkF9zJ0zLM
Nick xxxxx@dimagi.com 6upVV8KF/S5J
Phillip xxxxx@dimagi.com bfv0Vq3mm/I8
Will xxxxx@dimagi.com uIcoHU4t/+4o
Aliza xxxxx@dimagi.com UyixXuw52O14
Cal xxxxx@dimagi.com 5mdayY0DcJl9
Farid xxxxx@dimagi.com uso4cucyfhgX
Noah xxxxx@dimagi.com jwCtfaaNTcOM
Giovanni xxxxx@dimagi.com O4H7evqkyzR3
Jenny xxxxx@dimagi.com esVLD4uv1Vx/
Simon xxxxx@dimagi.com YV+++k5Dv50H
Clayton xxxxx@dimagi.com rGjyLX6w08QX
Cory xxxxx@dimagi.com f7rSGfgn+d7j
Daniel xxxxx@dimagi.com FtZiOCuqZF83
Emord xxxxx@dimagi.com N1kxqpoSrKFP
Norman xxxxx@dimagi.com fwV7bsisfHGM
Sravan xxxxx@dimagi.com XPcgZFRybFeE
Manish xxxxx@dimagi.com ROlUnVgFxYa9
and a keyring called dimagi.gpg
in the current directory, then you would run
bash gpg-all.sh dimagi.gpg test-roundtrip < multi-message.txt
to create a zipfile called test-roundtrip.zip that contained Ben.gpg, Biyeun.gpg, etc. with each secret encrypted for only the recipient's eyes.