Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Newer
Older
100644 325 lines (316 sloc) 10.688 kB
1fcd8fa @mrash add gpgdir man page
authored
1 .\" Process this file with
2 .\" groff -man -Tascii foo.1
3 .\"
4890777 @mrash man page documentation updates for 1.1 release
authored
4 .TH GPGDIR 1 "May, 2007" Linux
1fcd8fa @mrash add gpgdir man page
authored
5 .SH NAME
6 .B gpgdir
989ad8f @mrash applied gpgdir man page fix from Franck
authored
7 \- recursive directory encryption with GnuPG
1fcd8fa @mrash add gpgdir man page
authored
8 .SH SYNOPSIS
9f5d876 @mrash - Added --sign and --verify options.
authored
9 .B gpgdir \-e|\-d <directory> [options]
1fcd8fa @mrash add gpgdir man page
authored
10 .SH DESCRIPTION
11 .B gpgdir
b5a8206 @mrash minor man page wording updates
authored
12 is a perl script that uses the CPAN GnuPG::Interface perl module to recursively
13 encrypt and decrypt directories using gpg.
a6dd122 @mrash added -p option, various wording updates
authored
14 .B gpgdir
5b732c0 @mrash minor man page update
authored
15 recursively descends through a directory in order to encrypt, decrypt, sign, or
16 verify every file in a directory and all of its subdirectories. By default,
6b0bb17 @mrash updated to 0.9.2 options
authored
17 the mtime and atime values of all files will be preserved upon encryption and
18 decryption (this can be disabled with the
9f5d876 @mrash - Added --sign and --verify options.
authored
19 .B \-\-no-preserve-times
6b0bb17 @mrash updated to 0.9.2 options
authored
20 option). Note that in
9f5d876 @mrash - Added --sign and --verify options.
authored
21 .B \-\-encrypt
6b0bb17 @mrash updated to 0.9.2 options
authored
22 mode, gpgdir will delete the original files that
23 it successfully encrypts (unless the
9f5d876 @mrash - Added --sign and --verify options.
authored
24 .B \-\-no-delete
6b0bb17 @mrash updated to 0.9.2 options
authored
25 option is given). However,
26 upon startup gpgdir first asks for a the decryption password to be sure that a
27 dummy file can successfully be encrypted and decrypted. The initial test can
28 be disabled with the
9f5d876 @mrash - Added --sign and --verify options.
authored
29 .B \-\-skip-test
6b0bb17 @mrash updated to 0.9.2 options
authored
30 option so that a directory can easily be encrypted without having to also
31 specify a password (this is consistent with
32 .B gpg
33 behavior). Also, note that gpgdir is careful not encrypt hidden files and
34 directories. After all, you probably don't want your ~/.gnupg directory or
5b732c0 @mrash minor man page update
authored
35 ~/.bashrc file to be encrypted. The GnuPG key
b5a8206 @mrash minor man page wording updates
authored
36 .B gpgdir
5b732c0 @mrash minor man page update
authored
37 uses to encrypt/decrypt a directory is specified in ~/.gpgdirrc. Also,
4890777 @mrash man page documentation updates for 1.1 release
authored
38 .B gpgdir
39 can use the
40 .B wipe
41 program with the
9f5d876 @mrash - Added --sign and --verify options.
authored
42 .B \-\-Wipe
4890777 @mrash man page documentation updates for 1.1 release
authored
43 command line option to securely delete the original unencrypted files after they
44 have been successfully encrypted. This elevates the security stance of gpgdir
f9e081a @mrash added --agent and --no-password
authored
45 since it is more difficult to recover the unencrypted data associated with
46 files from the filesystem after they are encrypted (unlink() does not erase data
47 blocks even though a file is removed).
4890777 @mrash man page documentation updates for 1.1 release
authored
48
5b732c0 @mrash minor man page update
authored
49 Note that
50 .B gpgdir
51 is not designed to be a replacement for an encrypted filesystem solution like
52 .B encfs
53 or
54 .B ecryptfs.
55 Rather, it is an alternative that allows one to take advantage of the cryptographic
56 properties offered by GnuPG in a recursive manner across an existing filesystem.
57
1fcd8fa @mrash add gpgdir man page
authored
58 .SH OPTIONS
f43f136 @mrash bugfix for missing .TP tag
authored
59 .TP
1fcd8fa @mrash add gpgdir man page
authored
60 .BR \-e ", " \-\^\-encrypt\ \<directory>
9f5d876 @mrash - Added --sign and --verify options.
authored
61 Recursively encrypt all files in the directory specified on the command line.
62 All original files will be deleted (a password check is performed first to make
63 sure that the correct password to unlock the private GnuPG key is known to the
64 user).
1fcd8fa @mrash add gpgdir man page
authored
65 .TP
66 .BR \-d ", " \-\^\-decrypt\ \<directory>
9f5d876 @mrash - Added --sign and --verify options.
authored
67 Recursively decrypt all files in the directory specified on the command line.
68 The encrypted .gpg version of each file will be deleted.
69 .TP
70 .BR \-\^\-sign\ \<directory>
71 Recursively sign all files in the directory specified on the command line. For
72 each file, a detached .asc signature will be created.
73 .TP
74 .BR \-\^\-verify\ \<directory>
75 Recursively verify all .asc signatures for files in the directory specified on the
76 command line.
1fcd8fa @mrash add gpgdir man page
authored
77 .TP
e96632f @mrash updated to include -g option
authored
78 .BR \-g ", " \-\^\-gnupg-dir\ \<directory>
7c8f261 @mrash added --Default-key option
authored
79 Specify which .gnupg directory will be used to find GnuPG keys. The default
e96632f @mrash updated to include -g option
authored
80 is ~/.gnupg if this option is not used. This option allows gpgdir to be
81 run as one user but use the keys of another user (assuming permissions are
82 setup correctly, etc.).
83 .TP
6b0bb17 @mrash updated to 0.9.2 options
authored
84 .BR \-p ", " \-\^\-pw-file\ \<pw-file>
85 Read decryption password from
86 .B pw-file
87 instead of typing it on the command line.
88 .TP
89 .BR \-t ", " \-\^\-test-mode
90 Run an encryption and decryption test against a dummy file and exit. This
91 test is always run by default in both
9f5d876 @mrash - Added --sign and --verify options.
authored
92 .B \-\-encrypt
6b0bb17 @mrash updated to 0.9.2 options
authored
93 and
9f5d876 @mrash - Added --sign and --verify options.
authored
94 .B \-\-decrypt
6b0bb17 @mrash updated to 0.9.2 options
authored
95 mode.
1fcd8fa @mrash add gpgdir man page
authored
96 .TP
5313e1b @mrash Added --Symmetric option
authored
97 .BR \-S ", " \-\^\-Symmetric
98 Instruct
99 .B gpgdir
100 to encrypt to decrypt files using a symmetric cipher supported by GnuPG
101 (CAST5 is commonly used). This results in a significant speed up for the
102 encryption/decryption process.
103 .TP
4890777 @mrash man page documentation updates for 1.1 release
authored
104 .BR \-T ", " \-\^\-Trial-run
105 Show what encrypt/decrypt actions would take place without actually doing
106 them. The filesystem is not changed in any way in this mode.
107 .TP
108 .BR \-I ", " \-\^\-Interactive
109 Prompt the user before actually encrypting or decrypting each file. This
110 is useful to have fine-grained control over
111 .B gpgdir
112 operations as it recurses through a directory structure.
113 .TP
114 .BR \-F ", " \-\^\-Force
115 Tell
116 .B gpgdir
117 to ignore non-fatal error conditions, such as the inability to encrypt or
118 decrypt individual files because of permissions errors.
119 .TP
8c52dcb @mrash added --Exclude and --Exclude-from options
authored
120 .BR \-\^\-Exclude\ \<pattern>
121 Instruct gpgdir to skip all files that match
122 .B pattern
123 as a regex match against each filename. This is similar to the
9f5d876 @mrash - Added --sign and --verify options.
authored
124 .B \-\-exclude
8c52dcb @mrash added --Exclude and --Exclude-from options
authored
125 option in the standard GNU tar command.
126 .TP
127 .BR \-\^\-Exclude-from\ \<file>
128 Instruct gpgdir to exclude all files matched by patterns listed in
129 .B file.
130 This is similar to the
9f5d876 @mrash - Added --sign and --verify options.
authored
131 .B \-\-exclude-from
8c52dcb @mrash added --Exclude and --Exclude-from options
authored
132 the GNU tar command.
133 .TP
31a9e9e @mrash added --Include and --Include-from options
authored
134 .BR \-\^\-Include\ \<pattern>
135 Instruct gpgdir to only include files that match
136 .B pattern
137 as a regex match against each filename.
138 .TP
139 .BR \-\^\-Include-from\ \<file>
140 Instruct gpgdir to only include files matched by patterns listed in
141 .B file.
142 .TP
4890777 @mrash man page documentation updates for 1.1 release
authored
143 .BR \-W ", " \-\^\-Wipe
144 Use the
145 .B wipe
146 program to securely delete files after they have been successfully encrypted.
147 .TP
4f1b3a5 @mrash - In --Obfuscate-filenames mode, added support for also obfuscating
authored
148 .BR \-O ", " \-\^\-Obfuscate-filenames
6f03cdb @mrash version 1.3
authored
149 Tell
150 .B gpgdir
9f5d876 @mrash - Added --sign and --verify options.
authored
151 to obfuscate the file names of files that it encrypts (in \-e mode). The
6f03cdb @mrash version 1.3
authored
152 names of each file are stored within the file .gpgdir_map_file for every
9f5d876 @mrash - Added --sign and --verify options.
authored
153 sub-directory, and this file is itself encrypted. In decryption mode (\-d),
154 the \-O argument reverses the process so that the original files are
4f1b3a5 @mrash - In --Obfuscate-filenames mode, added support for also obfuscating
authored
155 restored. Directory names are also obfuscated (except for the top level
156 directory), and stored within the .gpgdir_dir_map_file, and this file itself
157 is also encrypted/decrypted respectively in \-e and \-d mode.
6f03cdb @mrash version 1.3
authored
158 .TP
acf1280 @mrash added --overwrite-encrypted and --overwrite-decrypted options
authored
159 .BR \-\^\-overwrite-encrypted
160 Overwrite encrypted files even if a previous <file>.gpg file
161 already exists.
162 .TP
163 .BR \-\^\-overwrite-decrypted
164 Overwrite decrypted files even if the previous unencrypted file already exists.
165 .TP
7b7dc53 @mrash added --Key-id command line argument so that use_key can be overridde…
authored
166 .BR \-K ", " \-\^\-Key-id\ \<id>
167 Manually specify a GnuPG key ID from the command line. Because GnuPG
168 supports matching keys with a string,
169 .B id
170 does not strictly have to be a key ID; it can be a string that uniquely
171 matches a key in the GnuPG key ring.
172 .TP
7c8f261 @mrash added --Default-key option
authored
173 .BR \-D ", " \-\^\-Default-key
174 Use the key that GnuPG defines as the default, i.e. the key that is specified
175 by the
176 .B default-key
177 variable in ~/.gnupg/options. If the default-key variable is not defined
178 within ~/.gnupg/options, then GnuPG tries to use the first suitable key on
179 its key ring (the initial encrypt/decrypt test makes sure that the user
180 knows the corresponding password for the key).
181 .TP
f9e081a @mrash added --agent and --no-password
authored
182 .BR \-a ", " " \-\^\-agent
183 Instruct
184 .B gpgdir
185 to acquire gpg key password from a running
186 .B gpg-agent
187 instance.
188 .TP
20f06a3 @mrash minor spacing fix
authored
189 .BR \-A ", " \-\^\-Agent-info\ \<connection\ \info>
4ab563e @mrash Added the --Agent-info command line argument so that gpg-agent connec…
authored
190 Specify the value of the GPG_AGENT_INFO environment variable as returned
191 by the
9f5d876 @mrash - Added --sign and --verify options.
authored
192 .B gpg-agent \-\-daemon
4ab563e @mrash Added the --Agent-info command line argument so that gpg-agent connec…
authored
193 command. If the
9f5d876 @mrash - Added --sign and --verify options.
authored
194 .B gpgdir \-\-agent
4ab563e @mrash Added the --Agent-info command line argument so that gpg-agent connec…
authored
195 command line argument is used instead of
9f5d876 @mrash - Added --sign and --verify options.
authored
196 .B \-\-Agent-info,
4ab563e @mrash Added the --Agent-info command line argument so that gpg-agent connec…
authored
197 then gpgdir assumes that the GPG_AGENT_INFO environment variable has already
198 been set in the current shell.
199 .TP
4890777 @mrash man page documentation updates for 1.1 release
authored
200 .BR \-s ", " " \-\^\-skip-test
6b0bb17 @mrash updated to 0.9.2 options
authored
201 Skip encryption and decryption test. This will allow
202 .B gpgdir
203 to be used to encrypt a directory without specifying a password (which
204 normally gets used in encryption mode to test to make sure decryption
205 against a dummy file works properly).
a1e283e @mrash updated command line args
authored
206 .TP
b70f90d @mrash added --quiet option
authored
207 .BR \-q ", " \-\^\-quiet
208 Print as little as possible to the screen when encrypting or decrypting
209 a directory.
210 .TP
6b0bb17 @mrash updated to 0.9.2 options
authored
211 .BR \-\^\-no-recurse
212 Instruct gpgdir to not recurse through any subdirectories of the directory
213 that is being encrypted or decrypted.
a1e283e @mrash updated command line args
authored
214 .TP
f9e081a @mrash added --agent and --no-password
authored
215 .BR \-\^\-no-password
216 Instruct gpgdir to not ask the user for a password. This is only useful
217 when a gpg key literally has no associated password (this is not common).
218 .TP
6b0bb17 @mrash updated to 0.9.2 options
authored
219 .BR \-\^\-no-delete
220 Instruct gpgdir to not delete original files at encrypt time.
221 .TP
222 .BR \-\^\-no-preserve times
223 Instruct gpgdir to not preserve original file mtime and atime values
224 upon encryption or decryption.
225 .TP
5f5f981 @mrash updated to use the 'C' locale by default
authored
226 .BR \-l ", " " \-\^\-locale\ \<locale>
227 Provide a locale setting other than the default "C" locale.
228 .TP
229 .BR \-\^\-no-locale
230 Do not set the locale at all so that the default system locale will apply.
231 .TP
6b0bb17 @mrash updated to 0.9.2 options
authored
232 .BR \-v ", " \-\^\-verbose
233 Run in verbose mode.
a6dd122 @mrash added -p option, various wording updates
authored
234 .TP
6b0bb17 @mrash updated to 0.9.2 options
authored
235 .BR \-V ", " \-\^\-Version
a1e283e @mrash updated command line args
authored
236 Print version number and exit.
237 .TP
238 .BR \-h ", " \-\^\-help
239 Print usage information and exit.
1fcd8fa @mrash add gpgdir man page
authored
240 .SH FILES
241 .B ~/.gpgdirrc
242 .RS
243 Contains the key id of the user gpg key that will be used to encrypt
244 or decrypt the files within a directory.
245 .RE
40a103a @mrash format fixes
authored
246 .PP
1fcd8fa @mrash add gpgdir man page
authored
247 .SH EXAMPLES
248 The following examples illustrate the command line arguments that could
249 be supplied to gpgdir in a few situations:
40a103a @mrash format fixes
authored
250 .PP
1fcd8fa @mrash add gpgdir man page
authored
251 To encrypt a directory:
40a103a @mrash format fixes
authored
252 .PP
9f5d876 @mrash - Added --sign and --verify options.
authored
253 .B $ gpgdir \-e /some/dir
4890777 @mrash man page documentation updates for 1.1 release
authored
254 .PP
255 To encrypt a directory, and use the wipe command to securely delete the original
256 unencrypted files:
257 .PP
9f5d876 @mrash - Added --sign and --verify options.
authored
258 .B $ gpgdir \-W \-e /some/dir
40a103a @mrash format fixes
authored
259 .PP
7c8f261 @mrash added --Default-key option
authored
260 To encrypt a directory with the default GnuPG key defined in ~/.gnupg/options:
261 .PP
9f5d876 @mrash - Added --sign and --verify options.
authored
262 .B $ gpgdir \-e /some/dir \-\-Default-key
7c8f261 @mrash added --Default-key option
authored
263 .PP
264 To decrypt a directory with a key specified in ~/.gpgdirrc:
40a103a @mrash format fixes
authored
265 .PP
9f5d876 @mrash - Added --sign and --verify options.
authored
266 .B $ gpgdir \-d /some/dir
40a103a @mrash format fixes
authored
267 .PP
8c52dcb @mrash added --Exclude and --Exclude-from options
authored
268 To encrypt a directory but skip all filenames that contain the string "host":
40a103a @mrash format fixes
authored
269 .PP
9f5d876 @mrash - Added --sign and --verify options.
authored
270 .B $ gpgdir \-e /some/dir \-\-Exclude host
40a103a @mrash format fixes
authored
271 .PP
31a9e9e @mrash added --Include and --Include-from options
authored
272 To encrypt a directory but only encrypt those files that contain the string "passwd":
40a103a @mrash format fixes
authored
273 .PP
9f5d876 @mrash - Added --sign and --verify options.
authored
274 .B $ gpgdir \-e /some/dir \-\-Include passwd
40a103a @mrash format fixes
authored
275 .PP
4ab563e @mrash Added the --Agent-info command line argument so that gpg-agent connec…
authored
276 To acquire the GnuPG key password from a running gpg-agent daemon in order to decrypt
277 a directory (this requires that gpg-agent has the password):
278 .PP
9f5d876 @mrash - Added --sign and --verify options.
authored
279 .B $ gpgdir \-A /tmp/gpg-H4DBhc/S.gpg-agent:7046:1 \-d /some/dir
4ab563e @mrash Added the --Agent-info command line argument so that gpg-agent connec…
authored
280 .PP
414e53e @mrash updated docs
authored
281 To encrypt a directory but skip the encryption/decryption test (so you will
282 not be prompted for a decryption password):
40a103a @mrash format fixes
authored
283 .PP
9f5d876 @mrash - Added --sign and --verify options.
authored
284 .B $ gpgdir \-e /some/dir \-s
40a103a @mrash format fixes
authored
285 .PP
1fcd8fa @mrash add gpgdir man page
authored
286 To encrypt a directory and no subdirectories:
40a103a @mrash format fixes
authored
287 .PP
9f5d876 @mrash - Added --sign and --verify options.
authored
288 .B $ gpgdir \-e /some/dir \-\-no-recurse
40a103a @mrash format fixes
authored
289 .PP
7c8f261 @mrash added --Default-key option
authored
290 To encrypt root's home directory, but use the GnuPG keys associated with the user "bob":
40a103a @mrash format fixes
authored
291 .PP
9f5d876 @mrash - Added --sign and --verify options.
authored
292 .B # gpgdir \-e /root \-g /home/bob/.gnupg
40a103a @mrash format fixes
authored
293 .PP
1fcd8fa @mrash add gpgdir man page
authored
294 .SH DEPENDENCIES
295 .B gpgdir
a6dd122 @mrash added -p option, various wording updates
authored
296 requires that gpg, the Gnu Privacy Guard (http://www.gnupg.org) is installed.
8c52dcb @mrash added --Exclude and --Exclude-from options
authored
297 .B gpgdir
f1e6648 @mrash merged changes from gpgdir_GPGINTERFACE branch for GunPG::Interface u…
authored
298 also requires the GnuPG::Interface perl module from CPAN, but it is bundled with
8c52dcb @mrash added --Exclude and --Exclude-from options
authored
299 .B gpgdir
300 and is installed in /usr/lib/gpgdir at install-time so it does not pollute the
301 system perl library tree.
1fcd8fa @mrash add gpgdir man page
authored
302
303 .SH "SEE ALSO"
a6dd122 @mrash added -p option, various wording updates
authored
304 .BR gpg (1)
1fcd8fa @mrash add gpgdir man page
authored
305
306 .SH AUTHOR
a6dd122 @mrash added -p option, various wording updates
authored
307 Michael Rash <mbr@cipherdyne.org>
1fcd8fa @mrash add gpgdir man page
authored
308
a51de54 @mrash minor contributor update
authored
309 .SH CONTRIBUTORS
310 Many people who are active in the open source community have contributed to gpgdir;
311 see the
312 .B CREDITS
313 file in the gpgdir sources.
314
315
1fcd8fa @mrash add gpgdir man page
authored
316 .SH BUGS
a1e283e @mrash updated command line args
authored
317 Send bug reports to mbr@cipherdyne.org. Suggestions and/or comments are
1fcd8fa @mrash add gpgdir man page
authored
318 always welcome as well.
319
320 .SH DISTRIBUTION
321 .B gpgdir
322 is distributed under the GNU General Public License (GPL), and the latest
323 version may be downloaded from
a1e283e @mrash updated command line args
authored
324 .B http://www.cipherdyne.org
Something went wrong with that request. Please try again.