diff options
| author | Aaron Ball <nullspoon@oper.io> | 2018-04-04 07:46:57 -0600 |
|---|---|---|
| committer | Aaron Ball <nullspoon@oper.io> | 2018-04-04 07:53:39 -0600 |
| commit | 24e8a342aeb7da6d6acf6c4261a6a71e3ba2a4d4 (patch) | |
| tree | bcd83ca353b45934dd771a2299d9f33c57a2b6b7 /gpgsecure.sh | |
| download | gpgsecure-24e8a342aeb7da6d6acf6c4261a6a71e3ba2a4d4.tar.gz gpgsecure-24e8a342aeb7da6d6acf6c4261a6a71e3ba2a4d4.tar.xz | |
Initial commit of gpgsecure
This is just a very basic version. It requires the user to shutdown the
decrypted archive.
It does however write to RAM (/tmp) so the decrypted copies never touch
permanent storage. In the event that it does touch persistent storage,
all of the files are shredded on shutdown of the archive.
Diffstat (limited to 'gpgsecure.sh')
| -rwxr-xr-x | gpgsecure.sh | 64 |
1 files changed, 64 insertions, 0 deletions
diff --git a/gpgsecure.sh b/gpgsecure.sh new file mode 100755 index 0000000..9aa3048 --- /dev/null +++ b/gpgsecure.sh @@ -0,0 +1,64 @@ +#!/usr/bin/env bash +# GPGSecure is a shell script that manages GPG encrypted archives +# Copyright (C) 2018 Aaron Ball <nullspoon@oper.io> +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + + +export KEY # GPG key to encrypt the container with +export DIR # Directory path to present the gpg archive to +export TMP # Temp directory in memory to decrypt to + +shutdown() { + printf 'Re-encrypting for shutdown\n' + tar -C "${TMP}" -c . | gpg -e --recipient "${KEY}" > "${DIR}.tar.gpg" + printf 'Shredding\n' + # Shred all files in memory + find "${TMP}" -type f -exec shred -n 100 -f -u "{}" \; + # Delete the link + rm "${DIR}" + # Delete the temp dir from memory + rm -rf "${TMP}" +} + +main() { + DIR="${1}" + if [ -z "${DIR:-}" ]; then + printf 'Directory to decrypt required\n' + return 1 + fi + + # Convert DIR to absolute path to avoid cd issues + DIR="$(cd $(dirname ${DIR}) && pwd)/$(basename ${DIR})" + # Create a temp dir in memory to extract to for safety + TMP=$(mktemp -d /tmp/dec-XXXXXXXXXXXXXX) + # Link! + ln -s "${TMP}" "${DIR}" + + if [ ! -f "${DIR}.tar.gpg" ]; then + # Tell the user if that encrypted archive does not exist. + printf 'Encrypted archive does not exist. Creating.\n' + else + # Extract the encrypted tarchive if it exists + gpg -d ${DIR}.tar.gpg | tar -C "${TMP}" -x + fi + + printf 'Do some secure work and press enter to re-encrypt when done\n' + read + + shutdown + return $? +} + +main ${@} |