Signing already-encrypted files (all to self)?

Chris Poole lists at chrispoole.com
Mon Nov 14 15:51:57 CET 2011


On Mon, Nov 14, 2011 at 2:42 PM, Peter Lebbing <peter at digitalbrains.com> wrote:
> The trick obviously is that find can do multiple executions. I didn't know this
> either, I just tried it out :). There are different variations. This one outputs
> the hashes on stdout, and I don't know a way to separate the stdout's, for when
> the encryption command would start printing stuff on stdout.

Thank you. Doing something like this had totally slipped my mind. I actually
pass find's output to xargs anyway, so could do something like

    find . -not -name '*.gpg' -print0 | xargs -0I{} 'bash -c "gpg {}
&& md5 {} >> hashes"'

This solution now seems, well, very obvious.

> And also note that encrypting identical plaintexts will lead to different
> ciphertexts, and hence, hashes. If you sometimes re-encrypt the same data, you
> need to be aware of this or you'll think your files have been tampered with
> because the hash no longer checks out.

Yes I'm aware of this, thanks. (This was why I was going to hash the plaintexts
in the first place.)



More information about the Gnupg-users mailing list