[clue] gpg question
David L. Anselmi
anselmi at anselmi.us
Sun Aug 26 22:04:29 MDT 2012
Mike Bean wrote:
> Also, this might be a stupid question, but my google-fu has failed me for
> the time being, I can't help but wonder if I'm missing something obvious.
> Maybe a command flag somewhere in the man files I'm not seeing.
>
> I can't help but notice that gpg -e leaves behind a copy of the original
> file. Kinda defeats the purpose for example if you're wanting to use it on
> a laptop to cover your tracks.
I think the thing you're missing is gpg's more common use case: I make a file, I encrypt it to send
to *you*.
In that case the cipher text is useless to *me*. My only usable copy is the plain text.
PGP (and thus gpg) wasn't written to protect data at rest. As everyone else has pointed out, you
can't really do that unless you prevent the plain text from hitting your disk. And even if you do
you have to worry about your private key/pass phrase hitting your disk. And then an encrypted file
system isn't a sledgehammer, it's the easy way to get what you want.
I haven't looked but I think encrypted file systems are easy to set up from your favorite installer.
I did set one up on flash media and that was easy. Converting an existing file system can't be
any harder than copying the partition (like you used to when it ran out of space, before LVM).
Heck, maybe LVM makes the conversion painless too.
Dave
More information about the clue
mailing list