Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Newer
Older
100644 318 lines (309 sloc) 10.395 kB
1fcd8fa @mrash add gpgdir man page
authored
1 .\" Process this file with
2 .\" groff -man -Tascii foo.1
3 .\"
4890777 @mrash man page documentation updates for 1.1 release
authored
4 .TH GPGDIR 1 "May, 2007" Linux
1fcd8fa @mrash add gpgdir man page
authored
5 .SH NAME
6 .B gpgdir
989ad8f @mrash applied gpgdir man page fix from Franck
authored
7 \- recursive directory encryption with GnuPG
1fcd8fa @mrash add gpgdir man page
authored
8 .SH SYNOPSIS
9f5d876 @mrash - Added --sign and --verify options.
authored
9 .B gpgdir \-e|\-d <directory> [options]
1fcd8fa @mrash add gpgdir man page
authored
10 .SH DESCRIPTION
11 .B gpgdir
b5a8206 @mrash minor man page wording updates
authored
12 is a perl script that uses the CPAN GnuPG::Interface perl module to recursively
13 encrypt and decrypt directories using gpg.
a6dd122 @mrash added -p option, various wording updates
authored
14 .B gpgdir
15 recursively descends through a directory in order to make sure it encrypts or
6b0bb17 @mrash updated to 0.9.2 options
authored
16 decrypts every file in a directory and all of its subdirectories. By default
17 the mtime and atime values of all files will be preserved upon encryption and
18 decryption (this can be disabled with the
9f5d876 @mrash - Added --sign and --verify options.
authored
19 .B \-\-no-preserve-times
6b0bb17 @mrash updated to 0.9.2 options
authored
20 option). Note that in
9f5d876 @mrash - Added --sign and --verify options.
authored
21 .B \-\-encrypt
6b0bb17 @mrash updated to 0.9.2 options
authored
22 mode, gpgdir will delete the original files that
23 it successfully encrypts (unless the
9f5d876 @mrash - Added --sign and --verify options.
authored
24 .B \-\-no-delete
6b0bb17 @mrash updated to 0.9.2 options
authored
25 option is given). However,
26 upon startup gpgdir first asks for a the decryption password to be sure that a
27 dummy file can successfully be encrypted and decrypted. The initial test can
28 be disabled with the
9f5d876 @mrash - Added --sign and --verify options.
authored
29 .B \-\-skip-test
6b0bb17 @mrash updated to 0.9.2 options
authored
30 option so that a directory can easily be encrypted without having to also
31 specify a password (this is consistent with
32 .B gpg
33 behavior). Also, note that gpgdir is careful not encrypt hidden files and
34 directories. After all, you probably don't want your ~/.gnupg directory or
b5a8206 @mrash minor man page wording updates
authored
35 ~/.bashrc file to be encrypted. The key
36 .B gpgdir
37 uses to encrypt/decrypt a directory is specified in ~/.gpgdirrc.
1fcd8fa @mrash add gpgdir man page
authored
38
4890777 @mrash man page documentation updates for 1.1 release
authored
39 Finally,
40 .B gpgdir
41 can use the
42 .B wipe
43 program with the
9f5d876 @mrash - Added --sign and --verify options.
authored
44 .B \-\-Wipe
4890777 @mrash man page documentation updates for 1.1 release
authored
45 command line option to securely delete the original unencrypted files after they
46 have been successfully encrypted. This elevates the security stance of gpgdir
f9e081a @mrash added --agent and --no-password
authored
47 since it is more difficult to recover the unencrypted data associated with
48 files from the filesystem after they are encrypted (unlink() does not erase data
49 blocks even though a file is removed).
4890777 @mrash man page documentation updates for 1.1 release
authored
50
1fcd8fa @mrash add gpgdir man page
authored
51 .SH OPTIONS
f43f136 @mrash bugfix for missing .TP tag
authored
52 .TP
1fcd8fa @mrash add gpgdir man page
authored
53 .BR \-e ", " \-\^\-encrypt\ \<directory>
9f5d876 @mrash - Added --sign and --verify options.
authored
54 Recursively encrypt all files in the directory specified on the command line.
55 All original files will be deleted (a password check is performed first to make
56 sure that the correct password to unlock the private GnuPG key is known to the
57 user).
1fcd8fa @mrash add gpgdir man page
authored
58 .TP
59 .BR \-d ", " \-\^\-decrypt\ \<directory>
9f5d876 @mrash - Added --sign and --verify options.
authored
60 Recursively decrypt all files in the directory specified on the command line.
61 The encrypted .gpg version of each file will be deleted.
62 .TP
63 .BR \-\^\-sign\ \<directory>
64 Recursively sign all files in the directory specified on the command line. For
65 each file, a detached .asc signature will be created.
66 .TP
67 .BR \-\^\-verify\ \<directory>
68 Recursively verify all .asc signatures for files in the directory specified on the
69 command line.
1fcd8fa @mrash add gpgdir man page
authored
70 .TP
e96632f @mrash updated to include -g option
authored
71 .BR \-g ", " \-\^\-gnupg-dir\ \<directory>
7c8f261 @mrash added --Default-key option
authored
72 Specify which .gnupg directory will be used to find GnuPG keys. The default
e96632f @mrash updated to include -g option
authored
73 is ~/.gnupg if this option is not used. This option allows gpgdir to be
74 run as one user but use the keys of another user (assuming permissions are
75 setup correctly, etc.).
76 .TP
6b0bb17 @mrash updated to 0.9.2 options
authored
77 .BR \-p ", " \-\^\-pw-file\ \<pw-file>
78 Read decryption password from
79 .B pw-file
80 instead of typing it on the command line.
81 .TP
82 .BR \-t ", " \-\^\-test-mode
83 Run an encryption and decryption test against a dummy file and exit. This
84 test is always run by default in both
9f5d876 @mrash - Added --sign and --verify options.
authored
85 .B \-\-encrypt
6b0bb17 @mrash updated to 0.9.2 options
authored
86 and
9f5d876 @mrash - Added --sign and --verify options.
authored
87 .B \-\-decrypt
6b0bb17 @mrash updated to 0.9.2 options
authored
88 mode.
1fcd8fa @mrash add gpgdir man page
authored
89 .TP
5313e1b @mrash Added --Symmetric option
authored
90 .BR \-S ", " \-\^\-Symmetric
91 Instruct
92 .B gpgdir
93 to encrypt to decrypt files using a symmetric cipher supported by GnuPG
94 (CAST5 is commonly used). This results in a significant speed up for the
95 encryption/decryption process.
96 .TP
4890777 @mrash man page documentation updates for 1.1 release
authored
97 .BR \-T ", " \-\^\-Trial-run
98 Show what encrypt/decrypt actions would take place without actually doing
99 them. The filesystem is not changed in any way in this mode.
100 .TP
101 .BR \-I ", " \-\^\-Interactive
102 Prompt the user before actually encrypting or decrypting each file. This
103 is useful to have fine-grained control over
104 .B gpgdir
105 operations as it recurses through a directory structure.
106 .TP
107 .BR \-F ", " \-\^\-Force
108 Tell
109 .B gpgdir
110 to ignore non-fatal error conditions, such as the inability to encrypt or
111 decrypt individual files because of permissions errors.
112 .TP
8c52dcb @mrash added --Exclude and --Exclude-from options
authored
113 .BR \-\^\-Exclude\ \<pattern>
114 Instruct gpgdir to skip all files that match
115 .B pattern
116 as a regex match against each filename. This is similar to the
9f5d876 @mrash - Added --sign and --verify options.
authored
117 .B \-\-exclude
8c52dcb @mrash added --Exclude and --Exclude-from options
authored
118 option in the standard GNU tar command.
119 .TP
120 .BR \-\^\-Exclude-from\ \<file>
121 Instruct gpgdir to exclude all files matched by patterns listed in
122 .B file.
123 This is similar to the
9f5d876 @mrash - Added --sign and --verify options.
authored
124 .B \-\-exclude-from
8c52dcb @mrash added --Exclude and --Exclude-from options
authored
125 the GNU tar command.
126 .TP
31a9e9e @mrash added --Include and --Include-from options
authored
127 .BR \-\^\-Include\ \<pattern>
128 Instruct gpgdir to only include files that match
129 .B pattern
130 as a regex match against each filename.
131 .TP
132 .BR \-\^\-Include-from\ \<file>
133 Instruct gpgdir to only include files matched by patterns listed in
134 .B file.
135 .TP
4890777 @mrash man page documentation updates for 1.1 release
authored
136 .BR \-W ", " \-\^\-Wipe
137 Use the
138 .B wipe
139 program to securely delete files after they have been successfully encrypted.
140 .TP
4f1b3a5 @mrash - In --Obfuscate-filenames mode, added support for also obfuscating
authored
141 .BR \-O ", " \-\^\-Obfuscate-filenames
6f03cdb @mrash version 1.3
authored
142 Tell
143 .B gpgdir
9f5d876 @mrash - Added --sign and --verify options.
authored
144 to obfuscate the file names of files that it encrypts (in \-e mode). The
6f03cdb @mrash version 1.3
authored
145 names of each file are stored within the file .gpgdir_map_file for every
9f5d876 @mrash - Added --sign and --verify options.
authored
146 sub-directory, and this file is itself encrypted. In decryption mode (\-d),
147 the \-O argument reverses the process so that the original files are
4f1b3a5 @mrash - In --Obfuscate-filenames mode, added support for also obfuscating
authored
148 restored. Directory names are also obfuscated (except for the top level
149 directory), and stored within the .gpgdir_dir_map_file, and this file itself
150 is also encrypted/decrypted respectively in \-e and \-d mode.
6f03cdb @mrash version 1.3
authored
151 .TP
acf1280 @mrash added --overwrite-encrypted and --overwrite-decrypted options
authored
152 .BR \-\^\-overwrite-encrypted
153 Overwrite encrypted files even if a previous <file>.gpg file
154 already exists.
155 .TP
156 .BR \-\^\-overwrite-decrypted
157 Overwrite decrypted files even if the previous unencrypted file already exists.
158 .TP
7b7dc53 @mrash added --Key-id command line argument so that use_key can be overridde…
authored
159 .BR \-K ", " \-\^\-Key-id\ \<id>
160 Manually specify a GnuPG key ID from the command line. Because GnuPG
161 supports matching keys with a string,
162 .B id
163 does not strictly have to be a key ID; it can be a string that uniquely
164 matches a key in the GnuPG key ring.
165 .TP
7c8f261 @mrash added --Default-key option
authored
166 .BR \-D ", " \-\^\-Default-key
167 Use the key that GnuPG defines as the default, i.e. the key that is specified
168 by the
169 .B default-key
170 variable in ~/.gnupg/options. If the default-key variable is not defined
171 within ~/.gnupg/options, then GnuPG tries to use the first suitable key on
172 its key ring (the initial encrypt/decrypt test makes sure that the user
173 knows the corresponding password for the key).
174 .TP
f9e081a @mrash added --agent and --no-password
authored
175 .BR \-a ", " " \-\^\-agent
176 Instruct
177 .B gpgdir
178 to acquire gpg key password from a running
179 .B gpg-agent
180 instance.
181 .TP
20f06a3 @mrash minor spacing fix
authored
182 .BR \-A ", " \-\^\-Agent-info\ \<connection\ \info>
4ab563e @mrash Added the --Agent-info command line argument so that gpg-agent connec…
authored
183 Specify the value of the GPG_AGENT_INFO environment variable as returned
184 by the
9f5d876 @mrash - Added --sign and --verify options.
authored
185 .B gpg-agent \-\-daemon
4ab563e @mrash Added the --Agent-info command line argument so that gpg-agent connec…
authored
186 command. If the
9f5d876 @mrash - Added --sign and --verify options.
authored
187 .B gpgdir \-\-agent
4ab563e @mrash Added the --Agent-info command line argument so that gpg-agent connec…
authored
188 command line argument is used instead of
9f5d876 @mrash - Added --sign and --verify options.
authored
189 .B \-\-Agent-info,
4ab563e @mrash Added the --Agent-info command line argument so that gpg-agent connec…
authored
190 then gpgdir assumes that the GPG_AGENT_INFO environment variable has already
191 been set in the current shell.
192 .TP
4890777 @mrash man page documentation updates for 1.1 release
authored
193 .BR \-s ", " " \-\^\-skip-test
6b0bb17 @mrash updated to 0.9.2 options
authored
194 Skip encryption and decryption test. This will allow
195 .B gpgdir
196 to be used to encrypt a directory without specifying a password (which
197 normally gets used in encryption mode to test to make sure decryption
198 against a dummy file works properly).
a1e283e @mrash updated command line args
authored
199 .TP
b70f90d @mrash added --quiet option
authored
200 .BR \-q ", " \-\^\-quiet
201 Print as little as possible to the screen when encrypting or decrypting
202 a directory.
203 .TP
6b0bb17 @mrash updated to 0.9.2 options
authored
204 .BR \-\^\-no-recurse
205 Instruct gpgdir to not recurse through any subdirectories of the directory
206 that is being encrypted or decrypted.
a1e283e @mrash updated command line args
authored
207 .TP
f9e081a @mrash added --agent and --no-password
authored
208 .BR \-\^\-no-password
209 Instruct gpgdir to not ask the user for a password. This is only useful
210 when a gpg key literally has no associated password (this is not common).
211 .TP
6b0bb17 @mrash updated to 0.9.2 options
authored
212 .BR \-\^\-no-delete
213 Instruct gpgdir to not delete original files at encrypt time.
214 .TP
215 .BR \-\^\-no-preserve times
216 Instruct gpgdir to not preserve original file mtime and atime values
217 upon encryption or decryption.
218 .TP
5f5f981 @mrash updated to use the 'C' locale by default
authored
219 .BR \-l ", " " \-\^\-locale\ \<locale>
220 Provide a locale setting other than the default "C" locale.
221 .TP
222 .BR \-\^\-no-locale
223 Do not set the locale at all so that the default system locale will apply.
224 .TP
6b0bb17 @mrash updated to 0.9.2 options
authored
225 .BR \-v ", " \-\^\-verbose
226 Run in verbose mode.
a6dd122 @mrash added -p option, various wording updates
authored
227 .TP
6b0bb17 @mrash updated to 0.9.2 options
authored
228 .BR \-V ", " \-\^\-Version
a1e283e @mrash updated command line args
authored
229 Print version number and exit.
230 .TP
231 .BR \-h ", " \-\^\-help
232 Print usage information and exit.
1fcd8fa @mrash add gpgdir man page
authored
233 .SH FILES
234 .B ~/.gpgdirrc
235 .RS
236 Contains the key id of the user gpg key that will be used to encrypt
237 or decrypt the files within a directory.
238 .RE
40a103a @mrash format fixes
authored
239 .PP
1fcd8fa @mrash add gpgdir man page
authored
240 .SH EXAMPLES
241 The following examples illustrate the command line arguments that could
242 be supplied to gpgdir in a few situations:
40a103a @mrash format fixes
authored
243 .PP
1fcd8fa @mrash add gpgdir man page
authored
244 To encrypt a directory:
40a103a @mrash format fixes
authored
245 .PP
9f5d876 @mrash - Added --sign and --verify options.
authored
246 .B $ gpgdir \-e /some/dir
4890777 @mrash man page documentation updates for 1.1 release
authored
247 .PP
248 To encrypt a directory, and use the wipe command to securely delete the original
249 unencrypted files:
250 .PP
9f5d876 @mrash - Added --sign and --verify options.
authored
251 .B $ gpgdir \-W \-e /some/dir
40a103a @mrash format fixes
authored
252 .PP
7c8f261 @mrash added --Default-key option
authored
253 To encrypt a directory with the default GnuPG key defined in ~/.gnupg/options:
254 .PP
9f5d876 @mrash - Added --sign and --verify options.
authored
255 .B $ gpgdir \-e /some/dir \-\-Default-key
7c8f261 @mrash added --Default-key option
authored
256 .PP
257 To decrypt a directory with a key specified in ~/.gpgdirrc:
40a103a @mrash format fixes
authored
258 .PP
9f5d876 @mrash - Added --sign and --verify options.
authored
259 .B $ gpgdir \-d /some/dir
40a103a @mrash format fixes
authored
260 .PP
8c52dcb @mrash added --Exclude and --Exclude-from options
authored
261 To encrypt a directory but skip all filenames that contain the string "host":
40a103a @mrash format fixes
authored
262 .PP
9f5d876 @mrash - Added --sign and --verify options.
authored
263 .B $ gpgdir \-e /some/dir \-\-Exclude host
40a103a @mrash format fixes
authored
264 .PP
31a9e9e @mrash added --Include and --Include-from options
authored
265 To encrypt a directory but only encrypt those files that contain the string "passwd":
40a103a @mrash format fixes
authored
266 .PP
9f5d876 @mrash - Added --sign and --verify options.
authored
267 .B $ gpgdir \-e /some/dir \-\-Include passwd
40a103a @mrash format fixes
authored
268 .PP
4ab563e @mrash Added the --Agent-info command line argument so that gpg-agent connec…
authored
269 To acquire the GnuPG key password from a running gpg-agent daemon in order to decrypt
270 a directory (this requires that gpg-agent has the password):
271 .PP
9f5d876 @mrash - Added --sign and --verify options.
authored
272 .B $ gpgdir \-A /tmp/gpg-H4DBhc/S.gpg-agent:7046:1 \-d /some/dir
4ab563e @mrash Added the --Agent-info command line argument so that gpg-agent connec…
authored
273 .PP
414e53e @mrash updated docs
authored
274 To encrypt a directory but skip the encryption/decryption test (so you will
275 not be prompted for a decryption password):
40a103a @mrash format fixes
authored
276 .PP
9f5d876 @mrash - Added --sign and --verify options.
authored
277 .B $ gpgdir \-e /some/dir \-s
40a103a @mrash format fixes
authored
278 .PP
1fcd8fa @mrash add gpgdir man page
authored
279 To encrypt a directory and no subdirectories:
40a103a @mrash format fixes
authored
280 .PP
9f5d876 @mrash - Added --sign and --verify options.
authored
281 .B $ gpgdir \-e /some/dir \-\-no-recurse
40a103a @mrash format fixes
authored
282 .PP
7c8f261 @mrash added --Default-key option
authored
283 To encrypt root's home directory, but use the GnuPG keys associated with the user "bob":
40a103a @mrash format fixes
authored
284 .PP
9f5d876 @mrash - Added --sign and --verify options.
authored
285 .B # gpgdir \-e /root \-g /home/bob/.gnupg
40a103a @mrash format fixes
authored
286 .PP
1fcd8fa @mrash add gpgdir man page
authored
287 .SH DEPENDENCIES
288 .B gpgdir
a6dd122 @mrash added -p option, various wording updates
authored
289 requires that gpg, the Gnu Privacy Guard (http://www.gnupg.org) is installed.
8c52dcb @mrash added --Exclude and --Exclude-from options
authored
290 .B gpgdir
f1e6648 @mrash merged changes from gpgdir_GPGINTERFACE branch for GunPG::Interface u…
authored
291 also requires the GnuPG::Interface perl module from CPAN, but it is bundled with
8c52dcb @mrash added --Exclude and --Exclude-from options
authored
292 .B gpgdir
293 and is installed in /usr/lib/gpgdir at install-time so it does not pollute the
294 system perl library tree.
1fcd8fa @mrash add gpgdir man page
authored
295
296 .SH "SEE ALSO"
a6dd122 @mrash added -p option, various wording updates
authored
297 .BR gpg (1)
1fcd8fa @mrash add gpgdir man page
authored
298
299 .SH AUTHOR
a6dd122 @mrash added -p option, various wording updates
authored
300 Michael Rash <mbr@cipherdyne.org>
1fcd8fa @mrash add gpgdir man page
authored
301
a51de54 @mrash minor contributor update
authored
302 .SH CONTRIBUTORS
303 Many people who are active in the open source community have contributed to gpgdir;
304 see the
305 .B CREDITS
306 file in the gpgdir sources.
307
308
1fcd8fa @mrash add gpgdir man page
authored
309 .SH BUGS
a1e283e @mrash updated command line args
authored
310 Send bug reports to mbr@cipherdyne.org. Suggestions and/or comments are
1fcd8fa @mrash add gpgdir man page
authored
311 always welcome as well.
312
313 .SH DISTRIBUTION
314 .B gpgdir
315 is distributed under the GNU General Public License (GPL), and the latest
316 version may be downloaded from
a1e283e @mrash updated command line args
authored
317 .B http://www.cipherdyne.org
Something went wrong with that request. Please try again.