mti's "Crypto Sweet" (web)
Hallo!
Perhaps the following workflow/script combination will be useful to you or somebody else.
Right now it's useful to me.
Thank you for providing Mac GPG,
Michael
If rm is a sharp knife nCryptarm is a chainsaw.
These two little tools provide the following paranoid workflow / paradigm / metaphor to reduce data exposition time.
You can put a folder or a file into a locker / safe by using the command nCryptarm like this:
$ nCryptarm "My private data"
This will create an encrypted standards-compliant archive (tar.gpg) and securely and definitively erase "My private data" (by using the command srm which is standard on Mac OS X)
To take "My private data" out of the locker / safe you can use the following command:
$ nDecryptar "My private data.tar.gpg"
It will ask for your passphrase and restore "My private data.tar.gpg". When your done with your work you can put the data back into the locker / safe.
Keeping data in the locker / safe guarantees (in theory) that
1) it's not possible to tamper with the data (Data Integrity)
2) no one but you will not even be able to have a look at the data (e.i. only the persons who know the passphrase of the encryption key will be able to access the data)
Another advantage of nCryptarm is the use of the Mac OS X system standard command tar which has been in use for 30+ years and is available on a wide variety of systems. For this you can assume to be able to access your data (reopen your digital locker / safe) even ten years from now.
Disadvantages:
1) nCryptarm & Decryptar can only handle one argument which can be any file or folder name (while gpg-zip 1.4.9 does have problems with whitespace in filenames)
2) it's command line (Finder integration of the described workflow would be nice, though)
3) nCryptarm silently destroys the original data after a successfull encryption pass (which is what it should do and why it exists)
4) the scripts should be called encrypt and decrypt
License: "No license", Public Domain, Do Whatever You Want to Do license, too small to be licensed ...
but please: do not put my name or e-mail address in there.
#!/bin/sh
# mti's Crypto Suite
# 2012-05-23: use gpg-zip's command
ME="nCryptarm"
SOURCE="$1"
if [ -z "$SOURCE" ]; then
echo "$ME: error: no source file specified" > /dev/stderr
exit 1
fi
TARGET=`basename "$SOURCE"`.tar.gpg
if [ -f "$TARGET" ]; then
echo "$ME: error: target exists; won't overwrite: $TARGET" > /dev/stderr
exit 1
fi
echo "$ME: tar c $SOURCE | gpg -veo $TARGET && srm -sRv $SOURCE"
tar c "$SOURCE" | gpg -veo "$TARGET" && srm -sRv "$SOURCE"
#!/bin/sh
# mti's Crypto Suite
# 2012-05-23: use gpg-zip
ME="nDecryptar"
SOURCE="$1"
if [ -z "$SOURCE" ]; then
echo "$ME: error: no source file specified" > /dev/stderr
exit 1
fi
echo "$ME: gpg-zip --decrypt $SOURCE"
gpg-zip --decrypt "$SOURCE"
Comments are currently closed for this discussion. You can start a new one.
Keyboard shortcuts
Generic
| ? | Show this help |
|---|---|
| ESC | Blurs the current field |
Comment Form
| r | Focus the comment reply box |
|---|---|
| ^ + ↩ | Submit the comment |
You can use Command ⌘ instead of Control ^ on Mac
Support Staff 1 Posted by Steve on 27 May, 2013 11:15 AM
Ok, thanks for the info. I'll close this discussion, but it will be here publicly available and readable for anybody interested. :)
Steve closed this discussion on 27 May, 2013 11:15 AM.