Skip to content

Instantly share code, notes, and snippets.

@cellularmitosis
Last active May 4, 2020 09:29
Show Gist options
  • Save cellularmitosis/613020af77ffc9a50fb3dc2162da98c2 to your computer and use it in GitHub Desktop.
Save cellularmitosis/613020af77ffc9a50fb3dc2162da98c2 to your computer and use it in GitHub Desktop.
encrypt.sh and decrypt.sh

Blog 2019/4/29

<- previous | index | next ->

encrypt.sh and decrypt.sh

Just a couple of simple wrappers around gpg.

#!/bin/bash
set -e -o pipefail
# By default, gpg-agent will cache any passphrase that you enter.
# This means that if you decrypt a file once, you can then decrypt it
# a second time without being prompted for a passphrase. Yikes!
# Unfortunately, there doesn't seem to be a way to disable passphrase
# caching on a per-invocation basis -- you must use a config file.
# Here, we refuse to run if the user hasn't disabled passphrase caching, to
# protect newbs. Savvy users who desire passphrase caching will edit this
# script.
if [ ! -e "${HOME}/.gnupg/gpg-agent.conf" ]
then
echo "default-cache-ttl 0" > "${HOME}/.gnupg/gpg-agent.conf"
fi
if grep --silent --invert-match "default-cache-ttl 0" "${HOME}/.gnupg/gpg-agent.conf"
then
echo "ERROR: gpg-agent passphrase caching hasn't been disabled, refusing to run!"
fi
nice gpg --use-embedded-filename "${1}"
#!/bin/bash
set -e -o pipefail
# By default, gpg-agent will cache any passphrase that you enter.
# This means that if you decrypt a file once, you can then decrypt it
# a second time without being prompted for a passphrase. Yikes!
# Unfortunately, there doesn't seem to be a way to disable passphrase
# caching on a per-invocation basis -- you must use a config file.
# Here, we refuse to run if the user hasn't disabled passphrase caching, to
# protect newbs. Savvy users who desire passphrase caching will edit this
# script.
if [ ! -e "${HOME}/.gnupg/gpg-agent.conf" ]
then
echo "default-cache-ttl 0" > "${HOME}/.gnupg/gpg-agent.conf"
fi
if grep --silent --invert-match "default-cache-ttl 0" "${HOME}/.gnupg/gpg-agent.conf"
then
echo "ERROR: gpg-agent passphrase caching hasn't been disabled, refusing to run!"
fi
nice gpg --symmetric --cipher-algo AES256 "${1}"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment