Encryting both file contents and file name with GnuPG

[Atom Smasher]

On Sun, 2 Jan 2011, Neil Phillips wrote:

> gpg should be able to give a hash, something like;
> gpg -output sha1("a filename") -e filename
===============

depending on your [*nix or cygwin] shell, it ~can~ do that...

gpg -o $(sha1 -qs filename) -e filename -r keyid

the exact command is system dependent; the example above would basically 
work as-is on freebsd with zsh or bash. cygwin or linux would be 
*slightly* more complicated. the idea is that shells like zsh and newer 
versions of bash use '$(...)' as a form of command substitution. older 
shells (bash & bourne) use back-quotes but the concept is the same. all 
shells have some form of variables...

gpg -o ${file_name_hashed} -e filename -r keyid

in any case, if you also want to populate a db of some sort, whether a 
flat-file or DBMS, you'll probably need three lines in a script:
  1) calculate the hash
  2) encrypt the file -- gpg -o ${file_name_hashed} -e filename -r keyid
  3) add an entry to a db

the first line creates a variable (eg, $file_name_hashed) and the next two 
lines refer to it.

just make sure you're hashing the file-NAME, not it's contents. of course, 
if you don't lose your db, then there's nothing wrong with hashing the 
contents, or even a counter or random string. hashing the file-NAME is 
just an idea that makes recovery of the db possible if you know the format 
and range of the file-names (and any secret that may be used). the real 
trick is to just do something secure and consistent... sha1 does the job.


-- 
         ...atom

  ________________________
  http://atom.smasher.org/
  762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
  -------------------------------------------------

 	"The livestock sector is a major player [in climate
 	 change], responsible for 18% of greenhouse gas
 	 emissions measured in CO2 equivalent. This is a higher
 	 share than transport."
 		-- Livestock's long shadow, 2006
 		UN report sponsored by WTO, EU, AS-AID, FAO, et al