[clue] gpg question
Michael Fierro
miguelito at biffster.org
Sat Aug 25 13:05:26 MDT 2012
On Sat, Aug 25, 2012 at 11:41 AM, Yaverot <Yaverot at computermail.net> wrote:
>
> --- miguelito at biffster.org wrote:
>
> >> Why not just use an encrypted file system?
>
> >Sometimes you need a hammer instead of a sledgehammer.
>
> "Cover your tracks" is a sledgehammer requirement. GPG shouldn't care about what filesystem it is on. Is it a FAT variant, so you can "just" ovewrite the data from a random source? Is it ext3 or 4 where you have to worry about journaling? Is it a CoW setup, a SSD, ZFS or btrfs -> can you even overwrite the "plaintext" data?
I think we got off-track from the original question: how can you get
gnupg to delete a file after it encrypts it.
> If you're worrying about this then you definitely don't want GPG to "do it wrong" by just issuing a rm.
The best idea is to have gnupg to not have an option to delete, but to
be able to pass this functionality on to the OS. You can then use
OS-specific utilities to delete the file at whatever security level
you need. (e.g. using shred or srm to overwrite the file.
gpg --batch ---armor --encrypt $1 --outfile secure.gpg
if [ $@ ] then
shred --remove
--
Michael Fierro biffster at gmail.com
"The truth of the matter is, I'm a bright enough guy, but I'm hardly a
genius." - Cory Doctorow
More information about the clue
mailing list