SYNOPSIS

       gpgdir -e|-d <directory> [options]


DESCRIPTION

       gpgdir is a perl script that uses the CPAN GnuPG::Interface perl module
       to recursively encrypt  and  decrypt  directories  using  gpg.   gpgdir
       recursively  descends through a directory in order to encrypt, decrypt,
       sign, or verify every file in a directory and all  of  its  subdirecto-
       ries.  By default, the mtime and atime values of all files will be pre-
       served upon encryption and decryption (this can be  disabled  with  the
       --no-preserve-times  option).  Note that in --encrypt mode, gpgdir will
       delete the original files that it  successfully  encrypts  (unless  the
       --no-delete  option is given).  However, upon startup gpgdir first asks
       for a the decryption password to be sure that a dummy file can success-
       fully  be  encrypted  and  decrypted.  The initial test can be disabled
       with the --skip-test option so that a directory can easily be encrypted
       without  having to also specify a password (this is consistent with gpg
       behavior).  Also, note that gpgdir is careful not encrypt hidden  files
       and  directories.   After  all,  you  probably don't want your ~/.gnupg
       directory or ~/.bashrc file to be encrypted.  The GnuPG key gpgdir uses
       to  encrypt/decrypt  a  directory  is  specified in ~/.gpgdirrc.  Also,
       gpgdir can use the wipe program with the --Wipe command line option  to
       securely  delete  the  original  unencrypted files after they have been
       successfully encrypted.  This elevates the security  stance  of  gpgdir
       since  it  is more difficult to recover the unencrypted data associated
       with files from the filesystem after they are encrypted (unlink()  does
       not erase data blocks even though a file is removed).

       Note  that  gpgdir is not designed to be a replacement for an encrypted
       filesystem solution like encfs or ecryptfs.  Rather, it is an  alterna-
       tive  that allows one to take advantage of the cryptographic properties
       offered by GnuPG in a recursive manner across an existing filesystem.



OPTIONS

       -e, --encrypt <directory>
              Recursively encrypt all files in the directory specified on  the
              command  line.   All  original files will be deleted (a password
              check is performed first to make sure that the correct  password
              to unlock the private GnuPG key is known to the user).

       -d, --decrypt <directory>
              Recursively  decrypt all files in the directory specified on the
              command line.  The encrypted .gpg version of each file  will  be
              deleted.

       --sign <directory>
              Recursively  sign  all  files  in the directory specified on the
              command line.  For each file, a detached .asc signature will  be
              created.

       --verify <directory>
              Run an encryption and decryption test against a dummy  file  and
              exit.   This test is always run by default in both --encrypt and
              --decrypt mode.

       -S, --Symmetric
              Instruct gpgdir to encrypt to decrypt files  using  a  symmetric
              cipher  supported  by  GnuPG  (CAST5  is  commonly  used).  This
              results in a significant speed up for the  encryption/decryption
              process.

       -T, --Trial-run
              Show what encrypt/decrypt actions would take place without actu-
              ally doing them.  The filesystem is not changed in  any  way  in
              this mode.

       -I, --Interactive
              Prompt  the  user  before actually encrypting or decrypting each
              file.  This is useful to have fine-grained control  over  gpgdir
              operations as it recurses through a directory structure.

       -F, --Force
              Tell  gpgdir  to  ignore non-fatal error conditions, such as the
              inability to encrypt or decrypt individual files because of per-
              missions errors.

       --Exclude <pattern>
              Instruct  gpgdir to skip all files that match pattern as a regex
              match against each filename.  This is similar to  the  --exclude
              option in the standard GNU tar command.

       --Exclude-from <file>
              Instruct  gpgdir to exclude all files matched by patterns listed
              in file.  This is similar to the --exclude-from the GNU tar com-
              mand.

       --Include <pattern>
              Instruct  gpgdir  to  only include files that match pattern as a
              regex match against each filename.

       --Include-from <file>
              Instruct gpgdir to only include files matched by patterns listed
              in file.

       -W, --Wipe
              Use  the  wipe  program to securely delete files after they have
              been successfully encrypted.

       -O, --Obfuscate-filenames
              Tell gpgdir to  obfuscate  the  file  names  of  files  that  it
              encrypts (in -e mode).  The names of each file are stored within
              the file .gpgdir_map_file for every sub-directory, and this file
              is  itself  encrypted.  In decryption mode (-d), the -O argument

       -K, --Key-id <id>
              Manually specify a GnuPG key ID from the command line.   Because
              GnuPG supports matching keys with a string, id does not strictly
              have to be a key ID; it can be a string that uniquely matches  a
              key in the GnuPG key ring.

       -D, --Default-key
              Use the key that GnuPG defines as the default, i.e. the key that
              is specified by the default-key  variable  in  ~/.gnupg/options.
              If    the   default-key   variable   is   not   defined   within
              ~/.gnupg/options, then GnuPG tries to use the first suitable key
              on  its  key  ring  (the initial encrypt/decrypt test makes sure
              that the user knows the corresponding password for the key).

       -a,  --agent
              Instruct gpgdir to acquire gpg key password from a running  gpg-
              agent instance.

       -A, --Agent-info <connection info>
              Specify  the value of the GPG_AGENT_INFO environment variable as
              returned by  the  gpg-agent  --daemon  command.  If  the  gpgdir
              --agent  command  line argument is used instead of --Agent-info,
              then gpgdir assumes that the GPG_AGENT_INFO environment variable
              has already been set in the current shell.

       -s,  --skip-test
              Skip  encryption and decryption test.  This will allow gpgdir to
              be used to encrypt a directory  without  specifying  a  password
              (which  normally  gets  used  in encryption mode to test to make
              sure decryption against a dummy file works properly).

       -q, --quiet
              Print as little as possible to the  screen  when  encrypting  or
              decrypting a directory.

       --no-recurse
              Instruct gpgdir to not recurse through any subdirectories of the
              directory that is being encrypted or decrypted.

       --no-password
              Instruct gpgdir to not ask the user for  a  password.   This  is
              only  useful when a gpg key literally has no associated password
              (this is not common).

       --no-delete
              Instruct gpgdir to not delete original files at encrypt time.

       --no-preservetimes
              Instruct gpgdir to not preserve original file  mtime  and  atime
              values upon encryption or decryption.

       -l,  --locale <locale>


FILES

       ~/.gpgdirrc
              Contains the key id of the user gpg key that  will  be  used  to
              encrypt or decrypt the files within a directory.



EXAMPLES

       The following examples illustrate the command line arguments that could
       be supplied to gpgdir in a few situations:

       To encrypt a directory:

       $ gpgdir -e /some/dir

       To encrypt a directory, and use the wipe command to securely delete the
       original unencrypted files:

       $ gpgdir -W -e /some/dir

       To   encrypt  a  directory  with  the  default  GnuPG  key  defined  in
       ~/.gnupg/options:

       $ gpgdir -e /some/dir --Default-key

       To decrypt a directory with a key specified in ~/.gpgdirrc:

       $ gpgdir -d /some/dir

       To encrypt a directory but skip all filenames that contain  the  string
       "host":

       $ gpgdir -e /some/dir --Exclude host

       To  encrypt  a  directory but only encrypt those files that contain the
       string "passwd":

       $ gpgdir -e /some/dir --Include passwd

       To acquire the GnuPG key password from a running  gpg-agent  daemon  in
       order  to  decrypt  a  directory  (this requires that gpg-agent has the
       password):

       $ gpgdir -A /tmp/gpg-H4DBhc/S.gpg-agent:7046:1 -d /some/dir

       To encrypt a directory but skip the encryption/decryption test (so  you
       will not be prompted for a decryption password):

       $ gpgdir -e /some/dir -s

       To encrypt a directory and no subdirectories:




SEE ALSO

       gpg(1)



AUTHOR

       Michael Rash <mbr@cipherdyne.org>



CONTRIBUTORS

       Many people who are active in the open source community  have  contrib-
       uted to gpgdir; see the CREDITS file in the gpgdir sources.




BUGS

       Send bug reports to mbr@cipherdyne.org. Suggestions and/or comments are
       always welcome as well.



DISTRIBUTION

       gpgdir is distributed under the GNU General Public License  (GPL),  and
       the latest version may be downloaded from http://www.cipherdyne.org



Linux                              May, 2007                         GPGDIR(1)

Man(1) output converted with man2html