Science Score: 44.0%
This score indicates how likely this project is to be science-related based on various indicators:
-
✓CITATION.cff file
Found CITATION.cff file -
✓codemeta.json file
Found codemeta.json file -
✓.zenodo.json file
Found .zenodo.json file -
○DOI references
-
○Academic publication links
-
○Committers with academic emails
-
○Institutional organization owner
-
○JOSS paper metadata
-
○Scientific vocabulary similarity
Low similarity (8.7%) to scientific vocabulary
Keywords
Repository
Use GPG to encrypt a file using our best settings
Basic Info
- Host: GitHub
- Owner: SixArm
- Language: Shell
- Default Branch: main
- Size: 72.3 KB
Statistics
- Stars: 68
- Watchers: 2
- Forks: 14
- Open Issues: 2
- Releases: 0
Topics
Metadata Files
README.md
gpg-encrypt:
encrypt a file using our best settings
Syntax:
gpg-encrypt <file>
Example:
$ gpg-encrypt example.txt
Output is a new encrypted file:
example.txt.gpg
To decrypt the file:
gpg -d example.txt.gpg
Settings
Symmetric encryption, i.e. we use the same password for encryption and decryption. We choose this because our users can understand symmetric more easily than asymmetic.
Encryption using the aes256 cipher algorithm. We choose this because it's a good balance of strong, fast, and portable.
Digesting using the sha256 digest algorithm. We choose this because it's a good balance of strong, fast, and portable.
No compression, because typically our files are small or already compressed. We choose this to maximize portability, PGP compatibility, and speed.
Explicit settings, rather than depending on defaults.
Suitable for GPG v2; backwards-compatible with GPG v1 when possible.
To get our settings, we use these gpg options:
--symmetric: Encrypt with symmetric cipher only This command asks for a passphrase.--cipher-algo aes256: Use AES256 as the cipher algorithm--digest-algo sha256: Use SHA256 as the digest algorithm.--cert-digest-algo sha256: Use SHA256 as the message digest algorithm used when signing a key.--compress-algo none -z 0: Do not compress the file.--s2k-mode 3: Use passphrase mangling iteration mode.--s2k-digest-algo sha256: Use SHA256 as the passphrase iteration algorithm.--s2k-count 65011712: Use the maximum number of passphrase iterations.--force-mdc: Use modification detection code.--quiet: Try to be as quiet as possible.--no-greeting: Suppress the initial copyright message but do not enter batch mode.--pinentry-mode=loopbackUse the terminal for PIN entry.
More examples
To encrypt a file:
$ gpg-encrypt foo
To encrypt a file to a specific output file name:
$ gpg-encrypt foo --output goo.gpg
To encrypt a directory:
$ tar --create foo | gpg-encrypt --output foo.tar.gpg
To encrypt a file then delete it:
$ gpg-encrypt foo && rm foo
To encrypt a directory then delete it:
$ tar -c foo | gpg-encrypt --output foo.tar.gpg && rm -rf foo
Advice
We tend to use these naming conventions:
GPG file name extension
.gpg.tar file extension
.tar.
We tend to skip compression:
We tend to use
gpgwithout using compression.We tend to use
tarwithout using compression.
Troubleshooting
TTY
If you get error messages like this:
gpg: Inappropriate ioctl for device
gpg: problem with the agent: Inappropriate ioctl for device
gpg: error creating passphrase: Operation cancelled
gpg: symmetric encryption of `[stdin]' failed: Operation cancelled
Then try this:
$ export GPG_TTY=$(tty)
Restart
If you get error message like this:
gpg: WARNING: server 'gpg-agent' is older than us (2.2.6 < 2.2.7)
gpg: Note: Outdated servers may lack important security fixes.
gpg: Note: Use the command "gpgconf --kill all" to restart them.
gpg: signal Interrupt caught ... exiting
Then try this:
$ gpgconf --kill all
See also
These commands are similar:
gpg-encrypt: use GPG to encrypt a file using our best settings.gpg-decrypt: use GPG to decrypt a file using our best settings.openssl-encrypt: use OpenSLL to encrypt a file using our best settings.openssl-decrypt: use OpenSSL to decrypt a file using our best settings.
Command
The command is:
gpg \
--symmetric \
--cipher-algo aes256 \
--digest-algo sha256 \
--cert-digest-algo sha256 \
--compress-algo none -z 0 \
--s2k-mode 3 \
--s2k-digest-algo sha256 \
--s2k-count 65011712 \
--force-mdc \
--quiet --no-greeting \
--pinentry-mode=loopback \
"$@"
Older versions
If you use GPG v1, and you want to skip the GPG user agent, then you may want to add this option:
--no-use-agent
Alternatives
Here's an alternative to wrapping GPG, using .gnupg/gpg.conf:
personal-cipher-preferences AES256 AES
personal-digest-preferences SHA256 SHA512
personal-compress-preferences Uncompressed
default-preference-list SHA256 SHA512 AES256 AES Uncompressed
cert-digest-algo SHA256
s2k-cipher-algo AES256
s2k-digest-algo SHA256
s2k-mode 3
s2k-count 65011712
disable-cipher-algo 3DES
weak-digest SHA1
force-mdc
Note that these options impact compatibility with other GPG/PGP clients.
Credit: User twr here
FAQ
Q. What is this getting you that a simple 'gpg -c' isn't?
A. These options are good for GPG v1 a.k.a. GPGP classic. GPG v1 has stranger defaults than GPG v2. The default ciphers are CAST5, (very slow) compression is on by default, hashes are RIPEMD. The defaults are a bit obscure and very slow: something like two dozen MB/s encryption/decryption speed, on a machine that can do AEAD at 2.5-4 GB/s (AES-GCM or Chapoly). A large part of that is the compression (zlib-ish I think), though. Credit: users accqq and throwawayish here
Thanks
Thanks for all the comments on Hacker News, with special thanks to users vesinisa, twr, tptacek, txtutu, acqq, throwawayish, RMarcus
Tracking
- Command: gpg-encrypt
- Website: https://sixarm.com/gpg-encrypt
- Cloning: https://github.com/sixarm/gpg-encrypt
- Version: 4.0.0
- Created: 2010-05-20
- Updated: 2018-11-01
- License: GPL
- Contact: Joel Parker Henderson (joel@joelparkerhenderson.com)
- Tracker: 064750fa2efe1ca54b518a2ba8b4c34e
Owner
- Name: SixArm
- Login: SixArm
- Kind: organization
- Email: sixarm@sixarm.com
- Location: San Francisco
- Website: http://sixarm.com
- Twitter: sixarm
- Repositories: 580
- Profile: https://github.com/SixArm
SixArm Software
Citation (CITATION.cff)
cff-version: 1.2.0
title: gpg-encrypt:<br>encrypt a file using our best settings
message: >-
If you use this work and you want to cite it,
then you can use the metadata from this file.
type: software
authors:
- given-names: Joel Parker
family-names: Henderson
email: joel@joelparkerhenderson.com
affiliation: joelparkerhenderson.com
orcid: 'https://orcid.org/0009-0000-4681-282X'
identifiers:
- type: url
value: 'https://github.com/SixArm/gpg-encrypt/'
description: gpg-encrypt:<br>encrypt a file using our best settings
repository-code: 'https://github.com/SixArm/gpg-encrypt/'
abstract: >-
gpg-encrypt:<br>encrypt a file using our best settings
license: See license file
GitHub Events
Total
- Watch event: 1
- Push event: 1
Last Year
- Watch event: 1
- Push event: 1
Committers
Last synced: 7 months ago
Top Committers
| Name | Commits | |
|---|---|---|
| Joel Parker Henderson | j****l@j****m | 21 |
Committer Domains (Top 20 + Academic)
Issues and Pull Requests
Last synced: 7 months ago
All Time
- Total issues: 2
- Total pull requests: 1
- Average time to close issues: 16 minutes
- Average time to close pull requests: N/A
- Total issue authors: 2
- Total pull request authors: 1
- Average comments per issue: 1.5
- Average comments per pull request: 0.0
- Merged pull requests: 0
- Bot issues: 0
- Bot pull requests: 0
Past Year
- Issues: 0
- Pull requests: 0
- Average time to close issues: N/A
- Average time to close pull requests: N/A
- Issue authors: 0
- Pull request authors: 0
- Average comments per issue: 0
- Average comments per pull request: 0
- Merged pull requests: 0
- Bot issues: 0
- Bot pull requests: 0
Top Authors
Issue Authors
- otto-dev (1)
- lukechilds (1)
Pull Request Authors
- Slamdunk (1)