Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Bash script which allows a one or more people to share a revision controlled file which is encrypted when not in use.

branch: master

Fetching latest commit…

Octocat-spinner-32-eaf2f5

Cannot retrieve the latest commit at this time

Octocat-spinner-32 LICENSE.md
Octocat-spinner-32 README.md
Octocat-spinner-32 TODO.md
Octocat-spinner-32 eacc
README.md

eacc

eacc is a bash script which allows a group of people to share an encrypted(gpg), revision controlled(RCS) file on a shared filesystem. Rather than store an encrypted file in RCS, eacc encrypts the RCS file and handles the decryption, check-out, check-in and encryption steps automatically. The repository is encrypted using GPG's multi-recipient support which allows each member of the group to use their own unique password.

A typical use case would be to securely store sensitive information, such as a password list, which is shared by a team.

Installation

You will need the following software on your computer

  • GPG (aka GnuPG) - Versions 1.4 and 2.0 are known to work
  • RCS - Version 5.7 is known to work
  • Bash - Any version should work without issue

Download the latest version from github and copy eacc somewhere on your PATH

git clone https://github.com/jamessthompson/eacc.git
cd eacc
cp eacc /usr/local/bin/    

Basic Usage

Initial file setup

To place a file named "secret" under control of eacc.

~> cd demo
~/demo> eacc init secret

You will be prompted for your gpg passphrase as well as a space separated list of emails associated with GPG public keys in your keyring. The file be will checked into RCS, the RCS file will be encrypted, and the original file will be replaced with placeholder.

Looking at the contents of the placeholder file you'll see something similar to the following.

~/demo> more secret 
File managed by /usr/local/bin/eacc

Viewing an encrypted file

To view, but not edit, the encrypted file use the view command. You will be prompted for your gpg passphrase.

~> cd demo
~/demo> eacc view secret

Others will not be able to access the file via eacc while you are viewing it.

Viewing an encrypted file

To edit the encrypted file use the view command. You will be prompted for your gpg passphrase.

~> cd demo
~/demo> eacc edit secret

Others will not be able to access the file via eacc while you are editing it.

Resetting an encrypted file

In certain cases, such as a disconnected session, it is possible for a file to be left in a checked out state. To fix this

~> cd demo
~/demo> eacc reset secret

Other tasks

Validating your GPG keychain

If you wish to validate your keychain without trying to view or edit the file.

~> eacc validate

Adding or removing an individual's access

To adjust access to a file you must 1. add or remove email addressed from the appropriate .access file in the RCS directory 1. make a small edit to the protected file to trigger reencryption with the appropriate keys * Please note that the backup files (,v.gpg.[0-2]) will still contain the old keys and access levels at the time of their creation

~> cd demo
~/demo> cd RCS
~/demo/RCS> vi secret.access  # Add or remove email addresses as needed
~/demo> cd ..
~/demo> eacc edit secret

Things to Note

While editing or viewing a file the placeholder file is replaced with the unencrypted contents of the file. Anyone with the appropriate filesystem level permissions can access the contents of the file.

Each member of the group that requires access to the encrypted file must exchange GPG public keys. The keys will be used by GPG to encrypt a symmetric key which is used to encrypt the RCS repository file. To prevent a person from locking another member of the group out of the file eacc will verify that you have all the keys necessary to re-encrypt a file prior to allowing access.

In cases of failure, eacc makes every attempt to not lose data. It retains three prior revisions of the encrypted repository (,v.gpg.[0-2]) in the RCS directory which can be copied over a corrupted encrypted repository file.

Access to the file is controlled by a file in the RCS dir which follows the naming convention "filename.access" The file consists of a list of email addresses, one per line, that are associated with GPG keys in your keychain.

Legal

Copyright(c) 2008-2013 James Thompson

Released under the MIT License.

Something went wrong with that request. Please try again.