Encryting both file contents and file name with GnuPG

Atom Smasher atom at smasher.org
Sun Jan 2 20:23:38 CET 2011

On Sun, 2 Jan 2011, Neil Phillips wrote:

> gpg should be able to give a hash, something like;
> gpg -output sha1("a filename") -e filename

depending on your [*nix or cygwin] shell, it ~can~ do that...

gpg -o $(sha1 -qs filename) -e filename -r keyid

the exact command is system dependent; the example above would basically 
work as-is on freebsd with zsh or bash. cygwin or linux would be 
*slightly* more complicated. the idea is that shells like zsh and newer 
versions of bash use '$(...)' as a form of command substitution. older 
shells (bash & bourne) use back-quotes but the concept is the same. all 
shells have some form of variables...

gpg -o ${file_name_hashed} -e filename -r keyid

in any case, if you also want to populate a db of some sort, whether a 
flat-file or DBMS, you'll probably need three lines in a script:
  1) calculate the hash
  2) encrypt the file -- gpg -o ${file_name_hashed} -e filename -r keyid
  3) add an entry to a db

the first line creates a variable (eg, $file_name_hashed) and the next two 
lines refer to it.

just make sure you're hashing the file-NAME, not it's contents. of course, 
if you don't lose your db, then there's nothing wrong with hashing the 
contents, or even a counter or random string. hashing the file-NAME is 
just an idea that makes recovery of the db possible if you know the format 
and range of the file-names (and any secret that may be used). the real 
trick is to just do something secure and consistent... sha1 does the job.


  762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808

 	"The livestock sector is a major player [in climate
 	 change], responsible for 18% of greenhouse gas
 	 emissions measured in CO2 equivalent. This is a higher
 	 share than transport."
 		-- Livestock's long shadow, 2006
 		UN report sponsored by WTO, EU, AS-AID, FAO, et al

More information about the Gnupg-users mailing list