Cryptsym

From Eugene Maker Space
Revision as of 19:04, 23 January 2014 by Clif" comment="reprev (talk | contribs) (Imported from TWiki)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search


Cryptsym (All the good names were taken) stands for Crypto Symmetric file manager. It's a very simple command line wrapper for GPG in perl which tries to keep the plantext version of your sensitive files from touching or remaining on your hard drive. GPG is a wonderful program but it just isn't set up to worry about the details of your work flow in this way. My goal was to make a very simple script that people would feel comfortable using to help protect against making unfortunate mistakes with their sensitive data. If you have more than a few such files you might consider creating an encrypted directory, file system, partition, or drive. Beware the trade-offs here, how would backups work? Would you back up the plaintext versions of these files in these areas, or exclude them entirely? If you encrypt just the files, then that is what gets backed up, simple. So If you're not ready to jump into the file system encryption arena just yet, read on.

The only requirements are gpg, shred, stty, and in v0.2, an editor. No Perl modules are used.

Sample invocations:

  • cryptsym foo
  • cryptsym foo path/to/new/dir/or/file
  • cryptsym foo.asc | less
  • cryptsym -e foo.asc
    • Edit in ram (v0.2 only)

If there is a new file created It will be in the same directory as the original, however plaintext goes to stdout by default and could be piped into something else. If you call it with a second argument it will put the resulting file in that directory, and or give it a new name. If you are encrypting, it uses shred to try to scrub the remains off your hard drive so the platters are nice and shinny again. ;-)

Change Log:

V0.1:

This one just toggles the file between plaintext and encrypted forms. Only one page of code!

V0.2:

Added an external editor option that will edit a file in place and (re)encrypt when you're done. You need to localize some config settings at the start of the script to your system, like your favorite editor and where your RAM disk is (Very important). I had to write a passphrase (pinentry) routine for this, and I was able to obfuscate it so it wasn't just sitting in ram waiting to be mined. I know it's not perfect but it's some protection anyway.

Downloads:

Similar projects:

If you're looking for a wrapper with a slick GUI frontend, Check out Ryan Sawhill's Pyrite here.

-- Main.ClifCox - 21 Jan 2014