Thinking About File Encryption (again)

Some of you might recall my article the other day about vim encryption. It is a very nice way to encrypt the file but has some holes in the process. Having extra files laying around while the encrypted file is open is not good enough, though with enough physical security it could be fairly safe.

Along comes gpg with another option for me to try. I’ve spent a fair amount of time digitally signing my documents with my gpg key. I’ve distributed my public key and kept my private key safe as well for when I do need to decrypt something important.

Today in my travels around the interweb, I came across a bit about gpg encryption and thought that it might be able to accommodate my request of a simple encryption utility for my passwords file. So lets have a look at it and see the results.

The simplest thing to do is to take my unencrypted passwords file and encrypt it with gpg:

$ gpg -c passwords
Enter passphrase: my pass phrase
Repeat passphrase: my pass phrase
$ ls passwords*
passwords passwords.gpg

Well, there’s my problem, right there. Did you see it? I did! The problem is that I now have two files, one encrypted and one not. I don’t want the unencrypted one anymore now that I have the encrypted one. Except, what if the encrypted one didn’t work? What if I lose the encrypted file, what if it’s on a bad block? Well, there’s my dilemma. And I am still waiting for a better solution, ho hum, I guess I’ll keep looking.

Meanwhile, back at the gpg ranch, I’ll show you how to decrypt the file so you can read it again.

$ gpg passwords.gpg
gpg: CAST5 encrypted data
Enter passphrase: my pass phrase
gpg: encrypted with 1 passphrase

And my file is restored to its original state. This is good for sure, but I think it isn’t quite what I am looking for… Thank you for trying gpg, I’ll keep looking. vim encryption seems appropriate for now.



This entry was posted in Editors, Tech, Tools. Bookmark the permalink.

One Response to Thinking About File Encryption (again)

  1. James Rushton says:

    Hi, just thought I’d let you know a few changes to your .vimrc can let you use gpg transparently for editing files (without making unencrypted files or leaving temporary data around). Take a look here:

    The gpg encryption is much stronger than vim -c too. That’s pretty much how I store my account list, though I only write the passwords on a printout.

Leave a Reply

Your email address will not be published. Required fields are marked *