Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Newer
Older
100644 325 lines (316 sloc) 10.688 kb
1fcd8fa Michael Rash add gpgdir man page
authored
1 .\" Process this file with
2 .\" groff -man -Tascii foo.1
3 .\"
4890777 Michael Rash man page documentation updates for 1.1 release
authored
4 .TH GPGDIR 1 "May, 2007" Linux
1fcd8fa Michael Rash add gpgdir man page
authored
5 .SH NAME
6 .B gpgdir
989ad8f Michael Rash applied gpgdir man page fix from Franck
authored
7 \- recursive directory encryption with GnuPG
1fcd8fa Michael Rash add gpgdir man page
authored
8 .SH SYNOPSIS
9f5d876 Michael Rash - Added --sign and --verify options.
authored
9 .B gpgdir \-e|\-d <directory> [options]
1fcd8fa Michael Rash add gpgdir man page
authored
10 .SH DESCRIPTION
11 .B gpgdir
b5a8206 Michael Rash minor man page wording updates
authored
12 is a perl script that uses the CPAN GnuPG::Interface perl module to recursively
13 encrypt and decrypt directories using gpg.
a6dd122 Michael Rash added -p option, various wording updates
authored
14 .B gpgdir
5b732c0 Michael Rash minor man page update
authored
15 recursively descends through a directory in order to encrypt, decrypt, sign, or
16 verify every file in a directory and all of its subdirectories. By default,
6b0bb17 Michael Rash updated to 0.9.2 options
authored
17 the mtime and atime values of all files will be preserved upon encryption and
18 decryption (this can be disabled with the
9f5d876 Michael Rash - Added --sign and --verify options.
authored
19 .B \-\-no-preserve-times
6b0bb17 Michael Rash updated to 0.9.2 options
authored
20 option). Note that in
9f5d876 Michael Rash - Added --sign and --verify options.
authored
21 .B \-\-encrypt
6b0bb17 Michael Rash updated to 0.9.2 options
authored
22 mode, gpgdir will delete the original files that
23 it successfully encrypts (unless the
9f5d876 Michael Rash - Added --sign and --verify options.
authored
24 .B \-\-no-delete
6b0bb17 Michael Rash updated to 0.9.2 options
authored
25 option is given). However,
26 upon startup gpgdir first asks for a the decryption password to be sure that a
27 dummy file can successfully be encrypted and decrypted. The initial test can
28 be disabled with the
9f5d876 Michael Rash - Added --sign and --verify options.
authored
29 .B \-\-skip-test
6b0bb17 Michael Rash updated to 0.9.2 options
authored
30 option so that a directory can easily be encrypted without having to also
31 specify a password (this is consistent with
32 .B gpg
33 behavior). Also, note that gpgdir is careful not encrypt hidden files and
34 directories. After all, you probably don't want your ~/.gnupg directory or
5b732c0 Michael Rash minor man page update
authored
35 ~/.bashrc file to be encrypted. The GnuPG key
b5a8206 Michael Rash minor man page wording updates
authored
36 .B gpgdir
5b732c0 Michael Rash minor man page update
authored
37 uses to encrypt/decrypt a directory is specified in ~/.gpgdirrc. Also,
4890777 Michael Rash man page documentation updates for 1.1 release
authored
38 .B gpgdir
39 can use the
40 .B wipe
41 program with the
9f5d876 Michael Rash - Added --sign and --verify options.
authored
42 .B \-\-Wipe
4890777 Michael Rash man page documentation updates for 1.1 release
authored
43 command line option to securely delete the original unencrypted files after they
44 have been successfully encrypted. This elevates the security stance of gpgdir
f9e081a Michael Rash added --agent and --no-password
authored
45 since it is more difficult to recover the unencrypted data associated with
46 files from the filesystem after they are encrypted (unlink() does not erase data
47 blocks even though a file is removed).
4890777 Michael Rash man page documentation updates for 1.1 release
authored
48
5b732c0 Michael Rash minor man page update
authored
49 Note that
50 .B gpgdir
51 is not designed to be a replacement for an encrypted filesystem solution like
52 .B encfs
53 or
54 .B ecryptfs.
55 Rather, it is an alternative that allows one to take advantage of the cryptographic
56 properties offered by GnuPG in a recursive manner across an existing filesystem.
57
1fcd8fa Michael Rash add gpgdir man page
authored
58 .SH OPTIONS
f43f136 Michael Rash bugfix for missing .TP tag
authored
59 .TP
1fcd8fa Michael Rash add gpgdir man page
authored
60 .BR \-e ", " \-\^\-encrypt\ \<directory>
9f5d876 Michael Rash - Added --sign and --verify options.
authored
61 Recursively encrypt all files in the directory specified on the command line.
62 All original files will be deleted (a password check is performed first to make
63 sure that the correct password to unlock the private GnuPG key is known to the
64 user).
1fcd8fa Michael Rash add gpgdir man page
authored
65 .TP
66 .BR \-d ", " \-\^\-decrypt\ \<directory>
9f5d876 Michael Rash - Added --sign and --verify options.
authored
67 Recursively decrypt all files in the directory specified on the command line.
68 The encrypted .gpg version of each file will be deleted.
69 .TP
70 .BR \-\^\-sign\ \<directory>
71 Recursively sign all files in the directory specified on the command line. For
72 each file, a detached .asc signature will be created.
73 .TP
74 .BR \-\^\-verify\ \<directory>
75 Recursively verify all .asc signatures for files in the directory specified on the
76 command line.
1fcd8fa Michael Rash add gpgdir man page
authored
77 .TP
e96632f Michael Rash updated to include -g option
authored
78 .BR \-g ", " \-\^\-gnupg-dir\ \<directory>
7c8f261 Michael Rash added --Default-key option
authored
79 Specify which .gnupg directory will be used to find GnuPG keys. The default
e96632f Michael Rash updated to include -g option
authored
80 is ~/.gnupg if this option is not used. This option allows gpgdir to be
81 run as one user but use the keys of another user (assuming permissions are
82 setup correctly, etc.).
83 .TP
6b0bb17 Michael Rash updated to 0.9.2 options
authored
84 .BR \-p ", " \-\^\-pw-file\ \<pw-file>
85 Read decryption password from
86 .B pw-file
87 instead of typing it on the command line.
88 .TP
89 .BR \-t ", " \-\^\-test-mode
90 Run an encryption and decryption test against a dummy file and exit. This
91 test is always run by default in both
9f5d876 Michael Rash - Added --sign and --verify options.
authored
92 .B \-\-encrypt
6b0bb17 Michael Rash updated to 0.9.2 options
authored
93 and
9f5d876 Michael Rash - Added --sign and --verify options.
authored
94 .B \-\-decrypt
6b0bb17 Michael Rash updated to 0.9.2 options
authored
95 mode.
1fcd8fa Michael Rash add gpgdir man page
authored
96 .TP
5313e1b Michael Rash Added --Symmetric option
authored
97 .BR \-S ", " \-\^\-Symmetric
98 Instruct
99 .B gpgdir
100 to encrypt to decrypt files using a symmetric cipher supported by GnuPG
101 (CAST5 is commonly used). This results in a significant speed up for the
102 encryption/decryption process.
103 .TP
4890777 Michael Rash man page documentation updates for 1.1 release
authored
104 .BR \-T ", " \-\^\-Trial-run
105 Show what encrypt/decrypt actions would take place without actually doing
106 them. The filesystem is not changed in any way in this mode.
107 .TP
108 .BR \-I ", " \-\^\-Interactive
109 Prompt the user before actually encrypting or decrypting each file. This
110 is useful to have fine-grained control over
111 .B gpgdir
112 operations as it recurses through a directory structure.
113 .TP
114 .BR \-F ", " \-\^\-Force
115 Tell
116 .B gpgdir
117 to ignore non-fatal error conditions, such as the inability to encrypt or
118 decrypt individual files because of permissions errors.
119 .TP
8c52dcb Michael Rash added --Exclude and --Exclude-from options
authored
120 .BR \-\^\-Exclude\ \<pattern>
121 Instruct gpgdir to skip all files that match
122 .B pattern
123 as a regex match against each filename. This is similar to the
9f5d876 Michael Rash - Added --sign and --verify options.
authored
124 .B \-\-exclude
8c52dcb Michael Rash added --Exclude and --Exclude-from options
authored
125 option in the standard GNU tar command.
126 .TP
127 .BR \-\^\-Exclude-from\ \<file>
128 Instruct gpgdir to exclude all files matched by patterns listed in
129 .B file.
130 This is similar to the
9f5d876 Michael Rash - Added --sign and --verify options.
authored
131 .B \-\-exclude-from
8c52dcb Michael Rash added --Exclude and --Exclude-from options
authored
132 the GNU tar command.
133 .TP
31a9e9e Michael Rash added --Include and --Include-from options
authored
134 .BR \-\^\-Include\ \<pattern>
135 Instruct gpgdir to only include files that match
136 .B pattern
137 as a regex match against each filename.
138 .TP
139 .BR \-\^\-Include-from\ \<file>
140 Instruct gpgdir to only include files matched by patterns listed in
141 .B file.
142 .TP
4890777 Michael Rash man page documentation updates for 1.1 release
authored
143 .BR \-W ", " \-\^\-Wipe
144 Use the
145 .B wipe
146 program to securely delete files after they have been successfully encrypted.
147 .TP
4f1b3a5 Michael Rash - In --Obfuscate-filenames mode, added support for also obfuscating
authored
148 .BR \-O ", " \-\^\-Obfuscate-filenames
6f03cdb Michael Rash version 1.3
authored
149 Tell
150 .B gpgdir
9f5d876 Michael Rash - Added --sign and --verify options.
authored
151 to obfuscate the file names of files that it encrypts (in \-e mode). The
6f03cdb Michael Rash version 1.3
authored
152 names of each file are stored within the file .gpgdir_map_file for every
9f5d876 Michael Rash - Added --sign and --verify options.
authored
153 sub-directory, and this file is itself encrypted. In decryption mode (\-d),
154 the \-O argument reverses the process so that the original files are
4f1b3a5 Michael Rash - In --Obfuscate-filenames mode, added support for also obfuscating
authored
155 restored. Directory names are also obfuscated (except for the top level
156 directory), and stored within the .gpgdir_dir_map_file, and this file itself
157 is also encrypted/decrypted respectively in \-e and \-d mode.
6f03cdb Michael Rash version 1.3
authored
158 .TP
acf1280 Michael Rash added --overwrite-encrypted and --overwrite-decrypted options
authored
159 .BR \-\^\-overwrite-encrypted
160 Overwrite encrypted files even if a previous <file>.gpg file
161 already exists.
162 .TP
163 .BR \-\^\-overwrite-decrypted
164 Overwrite decrypted files even if the previous unencrypted file already exists.
165 .TP
7b7dc53 Michael Rash added --Key-id command line argument so that use_key can be overridden f...
authored
166 .BR \-K ", " \-\^\-Key-id\ \<id>
167 Manually specify a GnuPG key ID from the command line. Because GnuPG
168 supports matching keys with a string,
169 .B id
170 does not strictly have to be a key ID; it can be a string that uniquely
171 matches a key in the GnuPG key ring.
172 .TP
7c8f261 Michael Rash added --Default-key option
authored
173 .BR \-D ", " \-\^\-Default-key
174 Use the key that GnuPG defines as the default, i.e. the key that is specified
175 by the
176 .B default-key
177 variable in ~/.gnupg/options. If the default-key variable is not defined
178 within ~/.gnupg/options, then GnuPG tries to use the first suitable key on
179 its key ring (the initial encrypt/decrypt test makes sure that the user
180 knows the corresponding password for the key).
181 .TP
f9e081a Michael Rash added --agent and --no-password
authored
182 .BR \-a ", " " \-\^\-agent
183 Instruct
184 .B gpgdir
185 to acquire gpg key password from a running
186 .B gpg-agent
187 instance.
188 .TP
20f06a3 Michael Rash minor spacing fix
authored
189 .BR \-A ", " \-\^\-Agent-info\ \<connection\ \info>
4ab563e Michael Rash Added the --Agent-info command line argument so that gpg-agent connectio...
authored
190 Specify the value of the GPG_AGENT_INFO environment variable as returned
191 by the
9f5d876 Michael Rash - Added --sign and --verify options.
authored
192 .B gpg-agent \-\-daemon
4ab563e Michael Rash Added the --Agent-info command line argument so that gpg-agent connectio...
authored
193 command. If the
9f5d876 Michael Rash - Added --sign and --verify options.
authored
194 .B gpgdir \-\-agent
4ab563e Michael Rash Added the --Agent-info command line argument so that gpg-agent connectio...
authored
195 command line argument is used instead of
9f5d876 Michael Rash - Added --sign and --verify options.
authored
196 .B \-\-Agent-info,
4ab563e Michael Rash Added the --Agent-info command line argument so that gpg-agent connectio...
authored
197 then gpgdir assumes that the GPG_AGENT_INFO environment variable has already
198 been set in the current shell.
199 .TP
4890777 Michael Rash man page documentation updates for 1.1 release
authored
200 .BR \-s ", " " \-\^\-skip-test
6b0bb17 Michael Rash updated to 0.9.2 options
authored
201 Skip encryption and decryption test. This will allow
202 .B gpgdir
203 to be used to encrypt a directory without specifying a password (which
204 normally gets used in encryption mode to test to make sure decryption
205 against a dummy file works properly).
a1e283e Michael Rash updated command line args
authored
206 .TP
b70f90d Michael Rash added --quiet option
authored
207 .BR \-q ", " \-\^\-quiet
208 Print as little as possible to the screen when encrypting or decrypting
209 a directory.
210 .TP
6b0bb17 Michael Rash updated to 0.9.2 options
authored
211 .BR \-\^\-no-recurse
212 Instruct gpgdir to not recurse through any subdirectories of the directory
213 that is being encrypted or decrypted.
a1e283e Michael Rash updated command line args
authored
214 .TP
f9e081a Michael Rash added --agent and --no-password
authored
215 .BR \-\^\-no-password
216 Instruct gpgdir to not ask the user for a password. This is only useful
217 when a gpg key literally has no associated password (this is not common).
218 .TP
6b0bb17 Michael Rash updated to 0.9.2 options
authored
219 .BR \-\^\-no-delete
220 Instruct gpgdir to not delete original files at encrypt time.
221 .TP
222 .BR \-\^\-no-preserve times
223 Instruct gpgdir to not preserve original file mtime and atime values
224 upon encryption or decryption.
225 .TP
5f5f981 Michael Rash updated to use the 'C' locale by default
authored
226 .BR \-l ", " " \-\^\-locale\ \<locale>
227 Provide a locale setting other than the default "C" locale.
228 .TP
229 .BR \-\^\-no-locale
230 Do not set the locale at all so that the default system locale will apply.
231 .TP
6b0bb17 Michael Rash updated to 0.9.2 options
authored
232 .BR \-v ", " \-\^\-verbose
233 Run in verbose mode.
a6dd122 Michael Rash added -p option, various wording updates
authored
234 .TP
6b0bb17 Michael Rash updated to 0.9.2 options
authored
235 .BR \-V ", " \-\^\-Version
a1e283e Michael Rash updated command line args
authored
236 Print version number and exit.
237 .TP
238 .BR \-h ", " \-\^\-help
239 Print usage information and exit.
1fcd8fa Michael Rash add gpgdir man page
authored
240 .SH FILES
241 .B ~/.gpgdirrc
242 .RS
243 Contains the key id of the user gpg key that will be used to encrypt
244 or decrypt the files within a directory.
245 .RE
40a103a Michael Rash format fixes
authored
246 .PP
1fcd8fa Michael Rash add gpgdir man page
authored
247 .SH EXAMPLES
248 The following examples illustrate the command line arguments that could
249 be supplied to gpgdir in a few situations:
40a103a Michael Rash format fixes
authored
250 .PP
1fcd8fa Michael Rash add gpgdir man page
authored
251 To encrypt a directory:
40a103a Michael Rash format fixes
authored
252 .PP
9f5d876 Michael Rash - Added --sign and --verify options.
authored
253 .B $ gpgdir \-e /some/dir
4890777 Michael Rash man page documentation updates for 1.1 release
authored
254 .PP
255 To encrypt a directory, and use the wipe command to securely delete the original
256 unencrypted files:
257 .PP
9f5d876 Michael Rash - Added --sign and --verify options.
authored
258 .B $ gpgdir \-W \-e /some/dir
40a103a Michael Rash format fixes
authored
259 .PP
7c8f261 Michael Rash added --Default-key option
authored
260 To encrypt a directory with the default GnuPG key defined in ~/.gnupg/options:
261 .PP
9f5d876 Michael Rash - Added --sign and --verify options.
authored
262 .B $ gpgdir \-e /some/dir \-\-Default-key
7c8f261 Michael Rash added --Default-key option
authored
263 .PP
264 To decrypt a directory with a key specified in ~/.gpgdirrc:
40a103a Michael Rash format fixes
authored
265 .PP
9f5d876 Michael Rash - Added --sign and --verify options.
authored
266 .B $ gpgdir \-d /some/dir
40a103a Michael Rash format fixes
authored
267 .PP
8c52dcb Michael Rash added --Exclude and --Exclude-from options
authored
268 To encrypt a directory but skip all filenames that contain the string "host":
40a103a Michael Rash format fixes
authored
269 .PP
9f5d876 Michael Rash - Added --sign and --verify options.
authored
270 .B $ gpgdir \-e /some/dir \-\-Exclude host
40a103a Michael Rash format fixes
authored
271 .PP
31a9e9e Michael Rash added --Include and --Include-from options
authored
272 To encrypt a directory but only encrypt those files that contain the string "passwd":
40a103a Michael Rash format fixes
authored
273 .PP
9f5d876 Michael Rash - Added --sign and --verify options.
authored
274 .B $ gpgdir \-e /some/dir \-\-Include passwd
40a103a Michael Rash format fixes
authored
275 .PP
4ab563e Michael Rash Added the --Agent-info command line argument so that gpg-agent connectio...
authored
276 To acquire the GnuPG key password from a running gpg-agent daemon in order to decrypt
277 a directory (this requires that gpg-agent has the password):
278 .PP
9f5d876 Michael Rash - Added --sign and --verify options.
authored
279 .B $ gpgdir \-A /tmp/gpg-H4DBhc/S.gpg-agent:7046:1 \-d /some/dir
4ab563e Michael Rash Added the --Agent-info command line argument so that gpg-agent connectio...
authored
280 .PP
414e53e Michael Rash updated docs
authored
281 To encrypt a directory but skip the encryption/decryption test (so you will
282 not be prompted for a decryption password):
40a103a Michael Rash format fixes
authored
283 .PP
9f5d876 Michael Rash - Added --sign and --verify options.
authored
284 .B $ gpgdir \-e /some/dir \-s
40a103a Michael Rash format fixes
authored
285 .PP
1fcd8fa Michael Rash add gpgdir man page
authored
286 To encrypt a directory and no subdirectories:
40a103a Michael Rash format fixes
authored
287 .PP
9f5d876 Michael Rash - Added --sign and --verify options.
authored
288 .B $ gpgdir \-e /some/dir \-\-no-recurse
40a103a Michael Rash format fixes
authored
289 .PP
7c8f261 Michael Rash added --Default-key option
authored
290 To encrypt root's home directory, but use the GnuPG keys associated with the user "bob":
40a103a Michael Rash format fixes
authored
291 .PP
9f5d876 Michael Rash - Added --sign and --verify options.
authored
292 .B # gpgdir \-e /root \-g /home/bob/.gnupg
40a103a Michael Rash format fixes
authored
293 .PP
1fcd8fa Michael Rash add gpgdir man page
authored
294 .SH DEPENDENCIES
295 .B gpgdir
a6dd122 Michael Rash added -p option, various wording updates
authored
296 requires that gpg, the Gnu Privacy Guard (http://www.gnupg.org) is installed.
8c52dcb Michael Rash added --Exclude and --Exclude-from options
authored
297 .B gpgdir
f1e6648 Michael Rash merged changes from gpgdir_GPGINTERFACE branch for GunPG::Interface usag...
authored
298 also requires the GnuPG::Interface perl module from CPAN, but it is bundled with
8c52dcb Michael Rash added --Exclude and --Exclude-from options
authored
299 .B gpgdir
300 and is installed in /usr/lib/gpgdir at install-time so it does not pollute the
301 system perl library tree.
1fcd8fa Michael Rash add gpgdir man page
authored
302
303 .SH "SEE ALSO"
a6dd122 Michael Rash added -p option, various wording updates
authored
304 .BR gpg (1)
1fcd8fa Michael Rash add gpgdir man page
authored
305
306 .SH AUTHOR
a6dd122 Michael Rash added -p option, various wording updates
authored
307 Michael Rash <mbr@cipherdyne.org>
1fcd8fa Michael Rash add gpgdir man page
authored
308
a51de54 Michael Rash minor contributor update
authored
309 .SH CONTRIBUTORS
310 Many people who are active in the open source community have contributed to gpgdir;
311 see the
312 .B CREDITS
313 file in the gpgdir sources.
314
315
1fcd8fa Michael Rash add gpgdir man page
authored
316 .SH BUGS
a1e283e Michael Rash updated command line args
authored
317 Send bug reports to mbr@cipherdyne.org. Suggestions and/or comments are
1fcd8fa Michael Rash add gpgdir man page
authored
318 always welcome as well.
319
320 .SH DISTRIBUTION
321 .B gpgdir
322 is distributed under the GNU General Public License (GPL), and the latest
323 version may be downloaded from
a1e283e Michael Rash updated command line args
authored
324 .B http://www.cipherdyne.org
Something went wrong with that request. Please try again.