appending to gpg file?

Andreas Heinlein aheinlein at gmx.com
Tue Nov 18 09:52:49 CET 2008


David Shaw schrieb:
> On Mon, Nov 17, 2008 at 02:41:50PM -0500, David Kennedy wrote:
>   
>> Thanks for the help!
>>
>> I'm using an app to pipe events (text strings) through an instance of gpg to
>> a file.  This works great for me now, in an ideal environment.
>>
>> Two issues:
>> 1)The problem occurs if/when the app breaks, breaking the pipe and killing
>> my stream.  GPG terminates, and the resulting file is unreadable (i get an
>> error decrypting it after entering in the passphrase).  so, the whole log is
>> no good.
>>
>> 2)Then, what if i'd like to start the app again, and stream back to the same
>> file?
>>
>> My thought is to individually encrypt each "line" in the output file as its
>> own gpg encrypted package.  No dependencies on other individual "lines" not
>> being corrupt, as long as some sort of delimiter is in place.
>>     
>
> (please don't top-post)
>
> Do this:
>
>   echo "my log line" | gpg --armor >> my_log_file.txt
>
> (Use whatever gpg options you like.  The important bit is that you
> have --armor in there)
>
> You will end up with a log file that looks like this:
>
>   -----BEGIN PGP MESSAGE-----
>   (Lots of base64 stuff)
>   -----END PGP MESSAGE-----
>   -----BEGIN PGP MESSAGE-----
>   (Lots of base64 stuff)
>   -----END PGP MESSAGE-----
>   -----BEGIN PGP MESSAGE-----
>   (Lots of base64 stuff)
>   -----END PGP MESSAGE-----
>
> and so on.  To decrypt, split up the file so that each BEGIN/END pair
> is in its own file, and decrypt that.
>
> Note this is a pretty space-inefficient way to store things, but it
> does answer your question of how to do it.  There might be a better
> way to solve the original problem, but I'm not sure what what is from
> your email.
>
>   
>From what he wrote, this looks like it could be solved better with
filesystem encryption like eCryptfs or encrypted
loopback/dm_crypt/TrueCrypt/etc. That would imply, however, that access
to the file/volume can be restricted securely as long as it's open.

Bye,
Andreas



More information about the Gnupg-users mailing list