Permalink
Switch branches/tags
Nothing to show
Find file
Fetching contributors…
Cannot retrieve contributors at this time
executable file 36 lines (30 sloc) 962 Bytes
#!/bin/sh -x
#
# Usage: secure-edit FILE
#
# Secure editing of GPG-encrypted files.
#
# Written in 2005 by Suraj N. Kurapati <https://github.com/sunaku>
ENCRYPT='gpg2 --encrypt --sign --armor'
DECRYPT='gpg2 --decrypt' # also verifies signature if found
DESTROY='shred --force --zero --remove'
EDIT='vim -n -i NONE' # disable swap file and viminfo
source=$1; shift
encrypt=$(mktemp)
decrypt=$(mktemp)
trap '$DESTROY "$encrypt" "$decrypt"' EXIT
trap 'exit' TERM INT
echo "secure-edit: source=$source decrypt=$decrypt encrypt=$encrypt"
# create new source file if necessary. this
# is useful when securely editing a new file
if ! [ -e "$source" ]; then
touch "$source" &&
$ENCRYPT < /dev/null > "$source" ||
exit $?
fi
touch "$decrypt" "$encrypt" &&
chmod 0600 "$decrypt" "$encrypt" &&
$DECRYPT < "$source" > "$decrypt" &&
$EDIT "$decrypt" &&
$ENCRYPT < "$decrypt" > "$encrypt" &&
cp -p "$encrypt" "$source"