Looking for simple wrapper for symmetric key file encryption

Sun Jan 19 07:50:49 CET 2014

So no one got back to me.

Does anyone use symmetric file encryption? What is the best practice 
here? I heard of another solution which was to mount an encrypted 
directory with fuser to drop files into. I think I would wounder how 
safe the passphrase was for mounted filesystems, though I know of some 
techniques for protecting them.

Any pointers regarding best practices for  symmetric file encryption 
would be much appreciated.

     Thanks,
     Clif

On 01/17/2014 01:15 PM, Mr. Clif wrote:
> Greetings!
>
> I've been happily using pgp and gpg off and on for decades. One thing 
> I never quite figured out was what the best way to use it for 
> encrypting sensitive files on disk. After doing that one has to 
> remember to cleanup after themselves and delete all the leftover 
> plaintext versions of the file, or it kind of defeats the whole 
> purpose, and its pretty easy to make a mistake when doing it manually. 
> I always felt that GPG should help you a bit more in that regard. Now 
> I know that full disk encryption might be a way around this, but it 
> seems like overkill if you just have a couple of files to protect.
>
> I have searched high and low and checked out GnuPG Shell, GPA, 
> Seahorse, XAP, and some other misc wrappers but nothing seemed to fit 
> my use case. So I wrote a simple wrapper in perl. Basically it just 
> lets you toggle a file between plaintext and encrypted forms without 
> letting the plaintext version touch/remain on the disk, unless that is 
> what you want.
>
> #! /usr/bin/perl -U
> #       This Perl script is a wrapper around GPG to decrypt or encrypt 
> a file.
> #    It's goal is to try to prevent plaintext from touching, or remaining
> #    on the disk, something GPG fails to do. If there is a new file 
> created
> #    It will be in the same directory as the original unless you 
> specify a new
> #    path in a second arg.
> #
> #    By Clif 12/05/13
> #
>
> # External utilities
> $GPG   = "/usr/bin/gpg";              # GnuPG 1.4.15
> $SHRED = "/usr/bin/shred";                      # secure file deleter 
> (GNU coreutils) 8.13
>
> # Arguments
> ($arg, $dest) = @ARGV;
>
> # Break down the pathname
> $path = $1 if $arg  =~ /^(.*?)(\/[^\/]*)$/;
> $file = $1 if $arg  =~ /([^\/]+)\/?$/;
> $base = $1 if $file =~ /^(.+?)(\.[^.]*)?$/;
> $ext  = $1 if $file =~ /\.([^. ]*)\s*$/;
>
> # Get destination
> if ($dest) {
>      $destp = 1;
>      $dest .= "/$base" if (-d $dest);
>      $dest =~ s/\.asc\s*$//;
> } else { $dest = $path ? "$path/$base" : $base }
>
> # Is this a planetext or an encrypted file?
>
> if (-r $arg) {
>     if ($ext eq "asc") {                    # Encrypted
>         if ($destp) { system("$GPG -o $dest $arg") }
>         else        { system("$GPG -o -     $arg") }
>     } else {                        # Plaintext
>         unlink "${dest}.asc";
>         $err = system("$GPG -o ${dest}.asc -ca --cipher-algo AES256 
> $arg");
>         if ($err) { print "ERROR = $err\n" }
>         else      { system("$SHRED -un9 $arg") }
>     }
> } else { warn "No such file: $arg\n" }
> # All done
>
>
> Obviously it could be much more thorough but I just wanted to get the 
> idea across. I was also thinking about adding a RAM based editing 
> feature but I didn't want to reinvent the wheel if someone knows of a 
> similar project.
>
>     Thanks for any comments you might have,
>     Clif
>
>