I'm using GNUPG to encrypt my ascii files.
我使用GNUPG加密我的ascii文件。
I learnt to generate a key, also how to use the it to encrypt and decrypt a file.
我学会了生成密钥,以及如何使用it对文件进行加密和解密。
There are two ways I used:
我用了两种方法:
gpg -d foo.txt.gpg
and
和
gpg --output foo.txt --decrypt
foo.txt.gpg
I realized the first method will display the decrypted file on the screen, for example when I executed the command over SSH.
我意识到第一个方法将在屏幕上显示解密文件,例如当我通过SSH执行命令时。
With regard to the second method, I concerned if it will leave a trace on the local pc - the foo.txt file.
关于第二个方法,我担心它是否会在本地pc - foo上留下一个跟踪。txt文件。
Most importantly, I don't know how to edit the contents of the foo file on the fly. Ideally, I would like to open the file over SSH use nano/pico, type my passphrase to decrypt, then edit the file, save it and encrypt it. I very much like to avoid save any files to the local disk.
最重要的是,我不知道如何动态编辑foo文件的内容。理想情况下,我希望使用nano/pico通过SSH打开文件,输入密码对其进行解密,然后编辑文件,保存文件并对其进行加密。我非常希望避免将任何文件保存到本地磁盘。
Any comments are welcome.
欢迎提出任何意见。
Thank you in advance.
提前谢谢你。
14 个解决方案
#1
5
One way is using vim
. See this page and this related question.
一种方法是使用vim。请看这一页和这个相关的问题。
If you need more flexibility or don't want to use vim
, writing a short program to read the decrypted text coming from STDOUT, edit to your liking, and then re-encrypt isn't too difficult. For example, you could use this minimal Python code (104 lines!) to give you the bare bones editor, and then add the stream reading and writing functionality yourself.
如果您需要更大的灵活性,或者不想使用vim,那么编写一个简短的程序来读取来自STDOUT的解密文本,根据自己的喜好进行编辑,然后重新加密并不太难。例如,您可以使用这个最小的Python代码(104行!)来提供基本的编辑器,然后自己添加流读取和编写功能。
#2
4
I wrote a python script to solve this (for Linux only). It works by decrypting the file into /dev/shm to ensure that the unencrypted data is never written to disk (although it is possible for any of the programs using the data to be swapped to disk; this is almost always a concern).
我编写了一个python脚本来解决这个问题(仅适用于Linux)。它通过将文件解密为/dev/shm来确保未加密的数据不会写入磁盘(尽管使用数据的任何程序都有可能被交换到磁盘);这几乎总是一个问题。
This has some benefits over some of the other posted answers:
这比其他发布的答案有一些好处:
- Only need to type the password once
- 只需要输入一次密码
- Works with any editor
- 适用于任何编辑器
Here is the code:
这是代码:
#!/usr/bin/python
import os, sys, subprocess, getpass, stat, shutil
editor = 'nano'
dataFile = sys.argv[1]
## make a backup of the encrypted file
bakFile = dataFile+'-gpgedit_backup'
shutil.copy(dataFile, bakFile)
dstat = os.stat(dataFile)
## create temporary directory in tmpfs to work from
tmpDir = '/dev/shm/gpgedit'
n = 0
while True:
try:
os.mkdir(tmpDir+str(n))
break
except OSError as err:
if err.errno != 17: ## file already exists
raise
n += 1
tmpDir += str(n)
os.chmod(tmpDir, stat.S_IRUSR | stat.S_IWUSR | stat.S_IXUSR)
try:
## Get password
passwd = getpass.getpass()
## decrypt file
tmpFile = os.path.join(tmpDir, 'data')
cmd = "gpg -d --passphrase-fd 0 --output %s %s" % (tmpFile, dataFile)
proc = subprocess.Popen(cmd, shell=True, stdin=subprocess.PIPE)
proc.stdin.write(passwd)
proc.stdin.close()
if proc.wait() != 0:
raise Exception("Error decrypting file.")
## record stats of tmp file
stat = os.stat(tmpFile)
## invoke editor
os.system('%s %s' % (editor, tmpFile))
## see whether data has changed
stat2 = os.stat(tmpFile)
if stat.st_mtime == stat2.st_mtime and stat.st_size == stat2.st_size:
raise Exception("Data unchanged; not writing encrypted file.")
## re-encrypt, write back to original file
cmd = "gpg --yes --symmetric --passphrase-fd 0 --output %s %s" % (dataFile, tmpFile)
proc = subprocess.Popen(cmd, shell=True, stdin=subprocess.PIPE)
proc.stdin.write(passwd)
proc.stdin.close()
if proc.wait() != 0:
raise Exception("Error encrypting file.")
except:
## If there was an error AND the data file was modified, restore the backup.
dstat2 = os.stat(dataFile)
if dstat.st_mtime != dstat2.st_mtime or dstat.st_size != dstat2.st_size:
print "Error occurred, restored encrypted file from backup."
shutil.copy(bakFile, dataFile)
raise
finally:
shutil.rmtree(tmpDir)
os.remove(bakFile)
#3
2
One thing to bear in mind is that holding unencrypted data in memory is no guarantee that it wont find its way to disk. If the system in question is under heavy load any unencrypted data may be written to the swap partition. Similarly, if the system is put into sleep mode, the state of any suspended processes will be stored to disk. If your program is running on a embedded system, it's conceivable that your memory and "disk" are one and the same.
需要记住的一点是,在内存中保存未加密的数据并不能保证不会找到磁盘。如果问题中的系统负载过重,任何未加密的数据都可以写入交换分区。类似地,如果系统进入休眠模式,则任何挂起进程的状态都将存储到磁盘。如果您的程序在嵌入式系统上运行,那么您的内存和“磁盘”是完全相同的。
The mlock()
system call will protect allocated memory from getting swapped to disk. However, this requires administrative privileges and limits you to a low-level language where you are directly responsible for memory management.
mlock()系统调用将保护分配的内存不被交换到磁盘。但是,这需要管理特权,并将您限制为直接负责内存管理的低级语言。
That said, it is prudent to avoid creating files with unencrypted data. Just know that this doesn't offer you 100% safety if the underlying system is compromised.
也就是说,谨慎的做法是避免使用未加密的数据创建文件。只要知道,如果底层系统受到破坏,这不会提供100%的安全性。
#5
1
An alternative is to have a tmp filesystem in ram using tmpfs then when you power off it's gone for ever.
另一种方法是使用tmpfs在ram中拥有一个tmp文件系统,然后当您关闭它时,它将永远消失。
#6
1
Inspired by Luke's answer, I wrote a Python script myself. Hopefully, somebody will find this useful. Here are the core features:
受到Luke的启发,我自己编写了一个Python脚本。希望有人会发现这个有用。以下是其核心特点:
- uses temporary file under /dev/shm using a secure method to generate tempfile
- 在/dev/shm下使用临时文件,使用安全方法生成tempfile
- creates backup file in case of failures
- 在发生故障时创建备份文件
- both encryption modes (public key/symmetric)
- 两种加密模式(公钥/对称)
- create a new file on-the-fly
- 动态创建一个新文件
- choose your editor through environment variables
- 通过环境变量选择编辑器
Further information can be found in the script itself. It currently won't work on any non *nix-machine.
进一步的信息可以在脚本中找到。它目前不能在任何非*nix机器上工作。
To install the script just put it in any directory on your path and make it executable.
要安装脚本,只需将它放在路径上的任何目录中,并使其可执行。
现在得到它!
Warning: Backup your data! The script comes without any warranty!
警告:备份你的数据!剧本没有任何保证!
#7
0
If your editor can read input from a pipe, and save to a pipe, then you can actually use the version of gpg that decrypts to stdout and encrypts from stdin. Unfortunately, for nano, reading from a pipe is only planned for 2.4. E.g. for gvim, you can bind decryption and encryption (through pipes) to a key.
如果您的编辑器可以从管道中读取输入,并将其保存到管道中,那么您实际上可以使用gpg版本,该版本对stdout进行解密并对stdin进行加密。不幸的是,对于nano来说,从管道读取数据的计划仅为2.4。对于gvim,可以将解密和加密(通过管道)绑定到密钥。
#8
0
To open gpg files, editing them and then ecrypt/save again use: kgpg icon in systray has option: Editor... Press on it, then open the gpg file, then on the bottom there is a button to decrypt it and voila you have your file in the editor, after you made any changes just press Encrypt and then save it.
要打开gpg文件,编辑它们,然后ecrypt/save再次使用:systray中kgpg图标有选项:编辑器…按下它,打开gpg文件,然后在底部有一个按钮来解密它,你在编辑器中有你的文件,在你做了任何修改后,只要按下加密,然后保存它。
#9
0
Just today I have found out about a way of doing all that in vim!
就在今天,我发现了在vim中做所有这些事情的方法!
here is the link: full howto on setting up vim for gpg files
这里是链接:关于为gpg文件设置vim的完整方法
works like a charm, just in that tutorial, the link to the plugin is url to a page so not to wget it, but go to the page and select the one you want to download.
就像一个符咒一样,在这个教程中,链接到插件的链接是指向一个页面的url,所以不要去wget,而是去到页面,选择你想要下载的那个。
#10
0
I detest vi, so i had to make up some glue around nano. This is what i came up with. Downside is that you have to enter password again when encrypting.
我讨厌vi,所以我不得不在nano上涂些胶水。这就是我想到的。缺点是在加密时必须重新输入密码。
alias file_ed="gpg file.txt.gpg; nano file.txt; gpg -c --force-mdc -o file.txt.gpg_temp file.txt; mv file.txt.gpg_temp file.txt.gpg; rm file.txt"
别名file_ed = " gpg file.txt.gpg;纳米file.txt;gpg -c——force-mdc -o file.txt。gpg_temp file.txt;mv file.txt。gpg_temp file.txt.gpg;rm file.txt”
It isn't very secure from the filesystem point of view, but I fear other users and myself, not root.
从文件系统的角度来看,它不是很安全,但我担心的是其他用户和我自己,而不是root用户。
#11
0
viencrypt by Paul Tarjan is a script for editing GPG encrypted files on the fly.
Paul Tarjan编写的viencrypt是动态编辑GPG加密文件的脚本。
#12
0
Using the editor joe ( aka Joe's Own Editor ) in a command similar to
在类似的命令中使用编辑器joe(即joe自己的编辑器)
gpg --decrypt foo.txt.gpg | joe - | gpg --armor --recipient name@example.com --encrypt > bar.txt.gpg
gpg——解密foo.txt。gpg | joe - | gpg——装甲——收件人name@example.com——加密> bar.txt.gpg
will do what you're looking for.
会做你想要的。
The -
in joe -
tells joe to take its input from stdin and to write its output to stdout when you save the file (hit ctrl+k and then x to save). Joe will initially display some crufty output from gpg; this can be cleared by hitting ctrl+r to refresh the screen.
在joe中,joe告诉joe从stdin中获取输入,并在保存文件时将输出写入stdout(按ctrl+k,然后x保存)。Joe将首先显示gpg的一些粗糙输出;这可以通过按ctrl+r刷新屏幕来清除。
I use > bar.txt.gpg
to specify the output file instead of --output bar.txt.gpg
because the --output
flag causes gpg to open an interactive dialogue if you're overwriting the output file, and this confuses joe.
我使用> bar.txt。gpg指定输出文件而不是——输出bar.txt。gpg因为——output标志导致gpg在覆盖输出文件时打开一个交互式对话,这让joe很困惑。
#13
0
I have spent countless hours on this quest, too: simply encrypt a text file with a passphrase with simple open+read/write access. I didn't want to deal with private/public keys nor keyrings bound to an OS login, blah, blah, blah. File encryption with passphrase only is so simple and so universal and perfect for a simple text file to hold passwords. No bloat nor complication of a database-driven solution like KeePass, etc. (which also requires data entry into multiple GUI elements rather than just typing your passwords in a searchable text file). The gold standard on Windows is Steganos LockNote. How to do it on Linux? Surprisingly very difficult to find, but...
我也花了无数个小时来研究这个问题:简单地用一个开放+读/写访问的密码加密一个文本文件。我不想处理私钥/公钥或绑定到OS登录的密匙,等等。使用密码的文件加密是如此简单,如此普遍和完美的一个简单的文本文件保存密码。没有膨胀或数据库驱动的解决方案(比如KeePass等)的复杂性(它还要求数据进入多个GUI元素,而不是仅仅在可搜索的文本文件中输入密码)。Windows上的黄金标准是Steganos LockNote。如何在Linux上执行?非常难找,但是……
I finally converged on the recommendation I consider best: cream. http://cream.sourceforge.net/ Cream is a facade to vim to make it more-user-friendly ... useful for other family members (I am a Linux geek at work comfortable with vi[m], but I needed something more accessible for my family).
最后我总结了我认为最好的推荐:奶油。http://cream.sourceforge.net/ Cream是vim的门面,使其更加用户友好……对其他家庭成员有用(我是一个在工作上与vi[m]相处融洽的Linux极客,但我需要一些更适合我的家庭的东西)。
Just enter:
输入:
"vim -x yourfile.txt"
“vim - x yourfile.txt”
It will be saved as encrypted with a passphrase.
它将以密码的方式保存。
You can use vim or cream at this point:
这时你可以使用vim或cream:
"vim yourfile.txt" or "cream yourfile.txt".
“vim yourfile。txt”或“奶油yourfile.txt”。
Either one will natively open "yourfile.txt" and prompt for the passphrase and transparently allow edits and re-saving as encrypted. FINALLY the quest has been completed !!!!
其中任何一个都会自动打开“你的文件”。txt"和密码提示符,透明地允许编辑和重新保存为加密。终于任务完成了!!!
#14
0
Here is a slight improvement to @Luke's answer. It makes two small improvements:
@Luke的回答有一点小的改进。它有两个小的改进:
-
It avoids the stack trace if the file is unmodified during the edit session.
如果在编辑会话期间未修改文件,则避免堆栈跟踪。
-
It restores the original gpg file if re-encryption back to the original gpg file was attempted, which is a little safer than checking the modification dates of the edit file.
如果重新加密回到原来的gpg文件,它将恢复原来的gpg文件,这比检查编辑文件的修改日期要安全一些。
#!/usr/bin/python
# Downloaded from https://*.com/questions/1510105/gnupg-how-to-edit-the-file-without-decrypt-and-save-to-local-disk-first/12289967#12289967
# and then slightly improved.
import os, sys, subprocess, getpass, stat, shutil
editor = 'nano'
dataFile = sys.argv[1]
## make a backup of the encrypted file
bakFile = dataFile+'-gpgedit_backup'
shutil.copy(dataFile, bakFile)
dstat = os.stat(dataFile)
## create temporary directory in tmpfs to work from
tmpDir = '/dev/shm/gpgedit'
n = 0
while True:
try:
os.mkdir(tmpDir+str(n))
break
except OSError as err:
if err.errno != 17: ## file already exists
raise
n += 1
tmpDir += str(n)
os.chmod(tmpDir, stat.S_IRUSR | stat.S_IWUSR | stat.S_IXUSR)
reEncrypted = False
try:
## Get password
passwd = getpass.getpass()
## decrypt file
tmpFile = os.path.join(tmpDir, 'data')
cmd = "gpg -d --cipher-algo AES256 --passphrase-fd 0 --output %s %s" % (tmpFile, dataFile)
proc = subprocess.Popen(cmd, shell=True, stdin=subprocess.PIPE)
proc.stdin.write(passwd)
proc.stdin.close()
if proc.wait() != 0:
raise Exception("Error decrypting file.")
## record stats of tmp file
stat = os.stat(tmpFile)
## invoke editor
os.system('%s %s' % (editor, tmpFile))
## see whether data has changed
stat2 = os.stat(tmpFile)
if stat.st_mtime == stat2.st_mtime and stat.st_size == stat2.st_size:
print "Data unchanged; not re-writing encrypted file."
else:
## re-encrypt, write back to original file
reEncrypted = True
cmd = "gpg --yes --symmetric --cipher-algo AES256 --passphrase-fd 0 --output %s %s" % (dataFile, tmpFile)
proc = subprocess.Popen(cmd, shell=True, stdin=subprocess.PIPE)
proc.stdin.write(passwd)
proc.stdin.close()
if proc.wait() != 0:
raise Exception("Error encrypting file.")
except:
## If there was an error AND re-encryption was attempted, restore the backup.
if reEncrypted:
print "Error occurred; restoring encrypted file from backup."
shutil.copy(bakFile, dataFile)
raise
finally:
shutil.rmtree(tmpDir)
os.remove(bakFile)
I would have posted these suggested improvements as comments to @Luke's answer -- which I like a lot -- but did not have enough reputation points to do so. :(
我本来会把这些改进建议作为对@Luke的回答的评论——我很喜欢——但是没有足够的声望来这么做。:(
#1
5
One way is using vim
. See this page and this related question.
一种方法是使用vim。请看这一页和这个相关的问题。
If you need more flexibility or don't want to use vim
, writing a short program to read the decrypted text coming from STDOUT, edit to your liking, and then re-encrypt isn't too difficult. For example, you could use this minimal Python code (104 lines!) to give you the bare bones editor, and then add the stream reading and writing functionality yourself.
如果您需要更大的灵活性,或者不想使用vim,那么编写一个简短的程序来读取来自STDOUT的解密文本,根据自己的喜好进行编辑,然后重新加密并不太难。例如,您可以使用这个最小的Python代码(104行!)来提供基本的编辑器,然后自己添加流读取和编写功能。
#2
4
I wrote a python script to solve this (for Linux only). It works by decrypting the file into /dev/shm to ensure that the unencrypted data is never written to disk (although it is possible for any of the programs using the data to be swapped to disk; this is almost always a concern).
我编写了一个python脚本来解决这个问题(仅适用于Linux)。它通过将文件解密为/dev/shm来确保未加密的数据不会写入磁盘(尽管使用数据的任何程序都有可能被交换到磁盘);这几乎总是一个问题。
This has some benefits over some of the other posted answers:
这比其他发布的答案有一些好处:
- Only need to type the password once
- 只需要输入一次密码
- Works with any editor
- 适用于任何编辑器
Here is the code:
这是代码:
#!/usr/bin/python
import os, sys, subprocess, getpass, stat, shutil
editor = 'nano'
dataFile = sys.argv[1]
## make a backup of the encrypted file
bakFile = dataFile+'-gpgedit_backup'
shutil.copy(dataFile, bakFile)
dstat = os.stat(dataFile)
## create temporary directory in tmpfs to work from
tmpDir = '/dev/shm/gpgedit'
n = 0
while True:
try:
os.mkdir(tmpDir+str(n))
break
except OSError as err:
if err.errno != 17: ## file already exists
raise
n += 1
tmpDir += str(n)
os.chmod(tmpDir, stat.S_IRUSR | stat.S_IWUSR | stat.S_IXUSR)
try:
## Get password
passwd = getpass.getpass()
## decrypt file
tmpFile = os.path.join(tmpDir, 'data')
cmd = "gpg -d --passphrase-fd 0 --output %s %s" % (tmpFile, dataFile)
proc = subprocess.Popen(cmd, shell=True, stdin=subprocess.PIPE)
proc.stdin.write(passwd)
proc.stdin.close()
if proc.wait() != 0:
raise Exception("Error decrypting file.")
## record stats of tmp file
stat = os.stat(tmpFile)
## invoke editor
os.system('%s %s' % (editor, tmpFile))
## see whether data has changed
stat2 = os.stat(tmpFile)
if stat.st_mtime == stat2.st_mtime and stat.st_size == stat2.st_size:
raise Exception("Data unchanged; not writing encrypted file.")
## re-encrypt, write back to original file
cmd = "gpg --yes --symmetric --passphrase-fd 0 --output %s %s" % (dataFile, tmpFile)
proc = subprocess.Popen(cmd, shell=True, stdin=subprocess.PIPE)
proc.stdin.write(passwd)
proc.stdin.close()
if proc.wait() != 0:
raise Exception("Error encrypting file.")
except:
## If there was an error AND the data file was modified, restore the backup.
dstat2 = os.stat(dataFile)
if dstat.st_mtime != dstat2.st_mtime or dstat.st_size != dstat2.st_size:
print "Error occurred, restored encrypted file from backup."
shutil.copy(bakFile, dataFile)
raise
finally:
shutil.rmtree(tmpDir)
os.remove(bakFile)
#3
2
One thing to bear in mind is that holding unencrypted data in memory is no guarantee that it wont find its way to disk. If the system in question is under heavy load any unencrypted data may be written to the swap partition. Similarly, if the system is put into sleep mode, the state of any suspended processes will be stored to disk. If your program is running on a embedded system, it's conceivable that your memory and "disk" are one and the same.
需要记住的一点是,在内存中保存未加密的数据并不能保证不会找到磁盘。如果问题中的系统负载过重,任何未加密的数据都可以写入交换分区。类似地,如果系统进入休眠模式,则任何挂起进程的状态都将存储到磁盘。如果您的程序在嵌入式系统上运行,那么您的内存和“磁盘”是完全相同的。
The mlock()
system call will protect allocated memory from getting swapped to disk. However, this requires administrative privileges and limits you to a low-level language where you are directly responsible for memory management.
mlock()系统调用将保护分配的内存不被交换到磁盘。但是,这需要管理特权,并将您限制为直接负责内存管理的低级语言。
That said, it is prudent to avoid creating files with unencrypted data. Just know that this doesn't offer you 100% safety if the underlying system is compromised.
也就是说,谨慎的做法是避免使用未加密的数据创建文件。只要知道,如果底层系统受到破坏,这不会提供100%的安全性。
#4
#5
1
An alternative is to have a tmp filesystem in ram using tmpfs then when you power off it's gone for ever.
另一种方法是使用tmpfs在ram中拥有一个tmp文件系统,然后当您关闭它时,它将永远消失。
#6
1
Inspired by Luke's answer, I wrote a Python script myself. Hopefully, somebody will find this useful. Here are the core features:
受到Luke的启发,我自己编写了一个Python脚本。希望有人会发现这个有用。以下是其核心特点:
- uses temporary file under /dev/shm using a secure method to generate tempfile
- 在/dev/shm下使用临时文件,使用安全方法生成tempfile
- creates backup file in case of failures
- 在发生故障时创建备份文件
- both encryption modes (public key/symmetric)
- 两种加密模式(公钥/对称)
- create a new file on-the-fly
- 动态创建一个新文件
- choose your editor through environment variables
- 通过环境变量选择编辑器
Further information can be found in the script itself. It currently won't work on any non *nix-machine.
进一步的信息可以在脚本中找到。它目前不能在任何非*nix机器上工作。
To install the script just put it in any directory on your path and make it executable.
要安装脚本,只需将它放在路径上的任何目录中,并使其可执行。
现在得到它!
Warning: Backup your data! The script comes without any warranty!
警告:备份你的数据!剧本没有任何保证!
#7
0
If your editor can read input from a pipe, and save to a pipe, then you can actually use the version of gpg that decrypts to stdout and encrypts from stdin. Unfortunately, for nano, reading from a pipe is only planned for 2.4. E.g. for gvim, you can bind decryption and encryption (through pipes) to a key.
如果您的编辑器可以从管道中读取输入,并将其保存到管道中,那么您实际上可以使用gpg版本,该版本对stdout进行解密并对stdin进行加密。不幸的是,对于nano来说,从管道读取数据的计划仅为2.4。对于gvim,可以将解密和加密(通过管道)绑定到密钥。
#8
0
To open gpg files, editing them and then ecrypt/save again use: kgpg icon in systray has option: Editor... Press on it, then open the gpg file, then on the bottom there is a button to decrypt it and voila you have your file in the editor, after you made any changes just press Encrypt and then save it.
要打开gpg文件,编辑它们,然后ecrypt/save再次使用:systray中kgpg图标有选项:编辑器…按下它,打开gpg文件,然后在底部有一个按钮来解密它,你在编辑器中有你的文件,在你做了任何修改后,只要按下加密,然后保存它。
#9
0
Just today I have found out about a way of doing all that in vim!
就在今天,我发现了在vim中做所有这些事情的方法!
here is the link: full howto on setting up vim for gpg files
这里是链接:关于为gpg文件设置vim的完整方法
works like a charm, just in that tutorial, the link to the plugin is url to a page so not to wget it, but go to the page and select the one you want to download.
就像一个符咒一样,在这个教程中,链接到插件的链接是指向一个页面的url,所以不要去wget,而是去到页面,选择你想要下载的那个。
#10
0
I detest vi, so i had to make up some glue around nano. This is what i came up with. Downside is that you have to enter password again when encrypting.
我讨厌vi,所以我不得不在nano上涂些胶水。这就是我想到的。缺点是在加密时必须重新输入密码。
alias file_ed="gpg file.txt.gpg; nano file.txt; gpg -c --force-mdc -o file.txt.gpg_temp file.txt; mv file.txt.gpg_temp file.txt.gpg; rm file.txt"
别名file_ed = " gpg file.txt.gpg;纳米file.txt;gpg -c——force-mdc -o file.txt。gpg_temp file.txt;mv file.txt。gpg_temp file.txt.gpg;rm file.txt”
It isn't very secure from the filesystem point of view, but I fear other users and myself, not root.
从文件系统的角度来看,它不是很安全,但我担心的是其他用户和我自己,而不是root用户。
#11
0
viencrypt by Paul Tarjan is a script for editing GPG encrypted files on the fly.
Paul Tarjan编写的viencrypt是动态编辑GPG加密文件的脚本。
#12
0
Using the editor joe ( aka Joe's Own Editor ) in a command similar to
在类似的命令中使用编辑器joe(即joe自己的编辑器)
gpg --decrypt foo.txt.gpg | joe - | gpg --armor --recipient name@example.com --encrypt > bar.txt.gpg
gpg——解密foo.txt。gpg | joe - | gpg——装甲——收件人name@example.com——加密> bar.txt.gpg
will do what you're looking for.
会做你想要的。
The -
in joe -
tells joe to take its input from stdin and to write its output to stdout when you save the file (hit ctrl+k and then x to save). Joe will initially display some crufty output from gpg; this can be cleared by hitting ctrl+r to refresh the screen.
在joe中,joe告诉joe从stdin中获取输入,并在保存文件时将输出写入stdout(按ctrl+k,然后x保存)。Joe将首先显示gpg的一些粗糙输出;这可以通过按ctrl+r刷新屏幕来清除。
I use > bar.txt.gpg
to specify the output file instead of --output bar.txt.gpg
because the --output
flag causes gpg to open an interactive dialogue if you're overwriting the output file, and this confuses joe.
我使用> bar.txt。gpg指定输出文件而不是——输出bar.txt。gpg因为——output标志导致gpg在覆盖输出文件时打开一个交互式对话,这让joe很困惑。
#13
0
I have spent countless hours on this quest, too: simply encrypt a text file with a passphrase with simple open+read/write access. I didn't want to deal with private/public keys nor keyrings bound to an OS login, blah, blah, blah. File encryption with passphrase only is so simple and so universal and perfect for a simple text file to hold passwords. No bloat nor complication of a database-driven solution like KeePass, etc. (which also requires data entry into multiple GUI elements rather than just typing your passwords in a searchable text file). The gold standard on Windows is Steganos LockNote. How to do it on Linux? Surprisingly very difficult to find, but...
我也花了无数个小时来研究这个问题:简单地用一个开放+读/写访问的密码加密一个文本文件。我不想处理私钥/公钥或绑定到OS登录的密匙,等等。使用密码的文件加密是如此简单,如此普遍和完美的一个简单的文本文件保存密码。没有膨胀或数据库驱动的解决方案(比如KeePass等)的复杂性(它还要求数据进入多个GUI元素,而不是仅仅在可搜索的文本文件中输入密码)。Windows上的黄金标准是Steganos LockNote。如何在Linux上执行?非常难找,但是……
I finally converged on the recommendation I consider best: cream. http://cream.sourceforge.net/ Cream is a facade to vim to make it more-user-friendly ... useful for other family members (I am a Linux geek at work comfortable with vi[m], but I needed something more accessible for my family).
最后我总结了我认为最好的推荐:奶油。http://cream.sourceforge.net/ Cream是vim的门面,使其更加用户友好……对其他家庭成员有用(我是一个在工作上与vi[m]相处融洽的Linux极客,但我需要一些更适合我的家庭的东西)。
Just enter:
输入:
"vim -x yourfile.txt"
“vim - x yourfile.txt”
It will be saved as encrypted with a passphrase.
它将以密码的方式保存。
You can use vim or cream at this point:
这时你可以使用vim或cream:
"vim yourfile.txt" or "cream yourfile.txt".
“vim yourfile。txt”或“奶油yourfile.txt”。
Either one will natively open "yourfile.txt" and prompt for the passphrase and transparently allow edits and re-saving as encrypted. FINALLY the quest has been completed !!!!
其中任何一个都会自动打开“你的文件”。txt"和密码提示符,透明地允许编辑和重新保存为加密。终于任务完成了!!!
#14
0
Here is a slight improvement to @Luke's answer. It makes two small improvements:
@Luke的回答有一点小的改进。它有两个小的改进:
-
It avoids the stack trace if the file is unmodified during the edit session.
如果在编辑会话期间未修改文件,则避免堆栈跟踪。
-
It restores the original gpg file if re-encryption back to the original gpg file was attempted, which is a little safer than checking the modification dates of the edit file.
如果重新加密回到原来的gpg文件,它将恢复原来的gpg文件,这比检查编辑文件的修改日期要安全一些。
#!/usr/bin/python
# Downloaded from https://*.com/questions/1510105/gnupg-how-to-edit-the-file-without-decrypt-and-save-to-local-disk-first/12289967#12289967
# and then slightly improved.
import os, sys, subprocess, getpass, stat, shutil
editor = 'nano'
dataFile = sys.argv[1]
## make a backup of the encrypted file
bakFile = dataFile+'-gpgedit_backup'
shutil.copy(dataFile, bakFile)
dstat = os.stat(dataFile)
## create temporary directory in tmpfs to work from
tmpDir = '/dev/shm/gpgedit'
n = 0
while True:
try:
os.mkdir(tmpDir+str(n))
break
except OSError as err:
if err.errno != 17: ## file already exists
raise
n += 1
tmpDir += str(n)
os.chmod(tmpDir, stat.S_IRUSR | stat.S_IWUSR | stat.S_IXUSR)
reEncrypted = False
try:
## Get password
passwd = getpass.getpass()
## decrypt file
tmpFile = os.path.join(tmpDir, 'data')
cmd = "gpg -d --cipher-algo AES256 --passphrase-fd 0 --output %s %s" % (tmpFile, dataFile)
proc = subprocess.Popen(cmd, shell=True, stdin=subprocess.PIPE)
proc.stdin.write(passwd)
proc.stdin.close()
if proc.wait() != 0:
raise Exception("Error decrypting file.")
## record stats of tmp file
stat = os.stat(tmpFile)
## invoke editor
os.system('%s %s' % (editor, tmpFile))
## see whether data has changed
stat2 = os.stat(tmpFile)
if stat.st_mtime == stat2.st_mtime and stat.st_size == stat2.st_size:
print "Data unchanged; not re-writing encrypted file."
else:
## re-encrypt, write back to original file
reEncrypted = True
cmd = "gpg --yes --symmetric --cipher-algo AES256 --passphrase-fd 0 --output %s %s" % (dataFile, tmpFile)
proc = subprocess.Popen(cmd, shell=True, stdin=subprocess.PIPE)
proc.stdin.write(passwd)
proc.stdin.close()
if proc.wait() != 0:
raise Exception("Error encrypting file.")
except:
## If there was an error AND re-encryption was attempted, restore the backup.
if reEncrypted:
print "Error occurred; restoring encrypted file from backup."
shutil.copy(bakFile, dataFile)
raise
finally:
shutil.rmtree(tmpDir)
os.remove(bakFile)
I would have posted these suggested improvements as comments to @Luke's answer -- which I like a lot -- but did not have enough reputation points to do so. :(
我本来会把这些改进建议作为对@Luke的回答的评论——我很喜欢——但是没有足够的声望来这么做。:(