#!/bin/bash # $Id: ged,v 1.2 2004/03/16 13:06:56 oliver Exp $ # $Log: ged,v $ # Revision 1.2 2004/03/16 13:06:56 oliver # also delete .swp files from vi # # Revision 1.1 2002/07/07 14:38:09 oliver # Initial revision # # # calls an editor on a gpg encrypted files, effectively a wrapper # # # Placed in the public domain by Oliver Beckstein # # NO WARRANTY. Prog=$(basename $0) # these can be set from the environment # or simply set your name as the default instead of ${USER} : ${RECIPIENT:=${USER}} : ${GEDITOR:=vi} GPG_DECRYPT="gpg ${VERBOSE}" GPG_ENCRYPT="gpg ${VERBOSE} --encrypt --recipient ${RECIPIENT}" VERBOSE="--verbose" USAGE="Usage: ${Prog} [OPTIONS] FILE 1) decrypt FILE --> TMP_FILE 2) ${GEDITOR} TMP_FILE 3) encrypt to RECIPIENT 4) shred TMP_FILE Uses gpg and keys in ~/.gnupg; set variable GEDITOR [${GEDITOR}]. FILE is encrypted to RECIPIENT [${RECIPIENT}]. Permissions on FILE are set to 400 (r-- --- ---) afterwards. OPTIONS: -h, --help print this help -v, --verbose be chatty (verbose is the default) -q, --quiet do not be verbose -r, --recipient RECIPIENT overrides content of the environment variable " while [ $# -gt 0 ]; do case "$1" in -h|--help) echo "${USAGE}"; exit 0; ;; -v|--verbose) VERBOSE="--verbose";; -q|--quiet) VERBOSE='';; -r|--recipient) shift; RECIPIENT=$1;; -*) echo "Unknown option '$1'." exit 1; ;; *) GPG_FILE=$1; test -e ${GPG_FILE} || \ { echo "WARNING: '${GPG_FILE}' does not exist."; } ;; esac; shift; done; SECRET_FILE=${GPG_FILE%%.gpg} if [ "${GPG_FILE}" = "${SECRET_FILE}" ]; then SECRET_FILE=${GPG_FILE}.tmp GPG_DECRYPT="${GPG_DECRYPT} --decrypt --output ${SECRET_FILE}" GPG_ENCRYPT="${GPG_ENCRYPT} --output ${GPG_FILE}" echo "WARNING: The input file '${GPG_FILE}' does not have the .gpg suffix" echo " Intermediate file will be called '${SECRET_FILE}'" fi if [ -e ${GPG_FILE} ]; then echo "Unlocking permissions of ${GPG_FILE}" chmod ${VERBOSE} 600 ${GPG_FILE} echo "Decrypting ${GPG_FILE}:" ${GPG_DECRYPT} ${GPG_FILE} else echo "Creating new file ${SECRET_FILE}" sleep 1 fi ${GEDITOR} ${SECRET_FILE} echo echo "Encrypting to '${RECIPIENT}':" ${GPG_ENCRYPT} ${SECRET_FILE} echo "Locking permissions of '${GPG_FILE}'" chmod ${VERBOSE} 400 ${GPG_FILE} if type -p shred >/dev/null 2>&1; then SHRED="shred --remove --iterations=10" else echo "WARNING: revert to unsafe 'rm' ('shred' not found)" SHRED="rm -f" fi echo -n "Shredding ${SECRET_FILE} (and backup files)" dir=$(dirname ${SECRET_FILE}) base=$(basename ${SECRET_FILE}) list=$(find ${dir} -mindepth 1 -maxdepth 1 -name "\#${base}" \ -o -name "${base}[~#]" -o -name "${base}" -o -name ".${base}*") #xargs is an alternative to the for loop but so we can print # a dot for each file shredded #| xargs --no-run-if-empty -i ${SHRED} '{}' for f in ${list}; do echo -n "." ${SHRED} ${f}; done echo " done!" exit 0