Encrypting directories
Noel D. Torres Taño
ndtt at ll.iac.es
Tue Jul 1 23:47:09 CEST 2003
Gordon Worley wrote:
>
> Many users have requested that I add directory encryption to
> GPGFileTool, a gpg front-end on OS X for performing cryptographic
> operations on files. GnuPG doesn't do this itself, but there are many
> ways in which I can wrap up directories into a single file for them.
>
> Initially I thought to tar the directories before encryption/signing
> since this is a very compatible format and on Mac OS X will only cause
> problems for files with resource forks (I plan to eventually add
> support for some other archival format, but I think tar is a good
> start). The problem is that I can't find a way to use tar without
> writing a file. I'd like to use pipes, although that probably isn't
> secure, either.
>
> The best that I can come up with so far is to write the archive to disk
> in a special directory in the user's home folder with permissions 700,
> read in the file's data, and then immediately use rm -P to securely
> delete the file.
>
> Any suggestions on better ways to do this would be appreciated.
>
What about using a "named pipe"? (mknod). This allows you to work as
with a file (incluiding mode 700), but it isn't a regular file so you
don't need to rm -P it.
Envite (a.k.a. Noel Torres)
More information about the Gnupg-devel
mailing list