Signing already-encrypted files (all to self)?

Chris Poole lists at
Mon Nov 14 12:11:56 CET 2011

On Fri, Nov 11, 2011 at 11:03 PM, Jerome Baum
<jerome+person at> wrote:
> Now the thing that I _do_ wonder about, Chris, is why you want to hash
> the plaintext files? Why not hash them encrypted? (No need to
> decrypt-then-hash-then-encrypt a bunch of files.)

That's perfectly acceptable, I'm just unsure of how to match the encrypted files
that haven't already been hashed. Here's what I do:

1. Run getmail, which puts a few more files in the maildir directory
2. `find maildir/ -not -name '*.gpg' | gpg ...` to encrypt these new files

At this point in the script now, I would want to hash the new files, but now
they'll have the `.gpg` output extension. I guess the easiest thing is just to
have gpg output with a filename `.tempgpg` or something, then hash, and then
rename to `.gpg`. (How else to match only these newly-encrypted files, when the
directory has thousands of files already ending in `.gpg`?)


Chris Poole
[PGP BAD246F9]

More information about the Gnupg-users mailing list