Using GPG to encrypt tape backups

Daniel Carrera dcarrera@math.toronto.edu
Mon Aug 5 22:16:10 2002 

I have an interesting solution.  You can get expect to run your backup and
answer "yes" when the question comes.  Expect is used to control
interactive programs.

I don't know much about expect, but here is the solution I have.

First make a single shell script that contains your backup.  Expect won't
be happy if you use pipes inside an expect script.

#!/bin/sh
tar cf - backup| gpg -e -r daniel -z 9 -o /dev/nst0

I called this fle encrypt.sh, and made it executable.  Then I made the
expect script:

#!/usr/bin/expect -f

# Spawn the program.
spawn ./encrypt.sh

# Wait for the computer to ask "Overwrite (y/N)?"
# Then sned the characters  y <return> to the process.
expect "Overwrite (y/N)?"  {send "y\r"}


I don't know what the usual extension for expect is, so I called it
'encrypt.xpt'.  I made it executable.  I tried it and it worked fine.

Expect uses TCL, so you can use all the flow-control constructs of TCL.
The spawn line has the form:

spawn program args

If you type 'spawn prog1 | prog2' it will treat "|" and "prog2" as
arguments for prog1.  That's why we needed the shell script.

For more information check out "http://expect.nist.gov/" or your nearest
man page :-)

Cheers,
Daniel.



On Fri, 2 Aug 2002, Carl Litt wrote:

> I'm trying to use GPG as a filter to encrypt my tape backups:
>
> tar cf - backup | gpg -e -r myID -z 9 -o /dev/nst0
>
> The problem is that GPG wants to prompt because /dev/nst0 exists.
> If I answer "y" it works fine, but I'm trying to automate this.  If I use
> --batch, it complains about the existing file and aborts.
>
> I have also tried without the output option, instead redirecting
> stdout to /dev/nst0, but I get "write error: Invalid argument" errors.
> I even tried piping gpg to dd of=/dev/nst0 bs=512, but no go either.
>
> It does't seem to be possible to use gpg as a filter in this manner.
> Does anyone have any ideas?  I would like to see an option to
> overwrite the output file, but chances are slim that will be done.
> Creating a temporary file and dumping that is not an option.
>
> Thanks,
>
> Carl Litt
> Network Administrator
> Execulink Internet
>
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>