The application you need is gpgdir. The gpgdir application allows you to recursively encrypt and decrypt directories on your Linux system. It’s an easy to use command line tool that can save you a lot of time when you have to do a lot of encryption of files. In this article you will see how to install gpgdir and use it for basic directory encryption/decryption.

Getting and installing

The only drawback is that gpgdir is not installed on your distribution by default, it doesn’t come with GnuPG, nor is it included in your repositories. You are going to have to install manually.

If you use an rpm-based distribution you can download the rpm from gpgdir’s download page. Once you have that file downloaded you will issue the command:

rpm -ivh gpgdir-XXX.rpm

Where XXX is the release number.

If you are not using an rpm-based distribution you will have to install from source. This is actually quite easy. First download the source file. Once you have that file on your hard drive (let’s say it’s in ~/Downloads/firefox/) issue the following comands:

cd ~/Downloads/firefox

bunzip2 gpgdir-XXX.tar.bz2

tar -xvf gpgdir-XXX.tar

cd gpgdir-XXX

./install.pl (or sudo ./install.pl)

Where XXX is the release number.

You should now have a working installation of gpgdir.

Using gpgdir

Before you actually run gpgdir you have to have a gpg key generated (The article mentioned at the beginning will describe to you how this is done.) With your gpg key in mind you have to edit a single line in a file before you begin using gpgdir. The file is ~/.gpgdirrc. What you need to do is add your gpg key user name in this file. The line you need to add looks like:

use_key USERNAME

Where USERNAME is your gpg key username (not your Linux system username – although they could be the same). If you’re not sure what your gpg key user name is issue the command:

gpg –list-keys

to see the user names of your keys.

Once you have your configuration file edited you are ready to go.

The basic usage of gpgdir is:

gpgdir -e|-d DIRECTORY OPTIONS

Let’s create a test directory containing two files. So issue the following commands to create your test environment:

mkdir TEST

echo $USER > TEST/user

data > TEST/data

Now you are ready to see how this works. Let’s encrypt the files in our TEST directory.

gpgdir -e TEST

You will be prompted to enter the key’s passphrase. Once you do this you will see something like:

[+] Encrypting files in directory: /home/jlwallen/TEST
[+] Building file list...
[+] Encrypting:  /home/jlwallen/TEST/user
[+] Encrypting:  /home/jlwallen/TEST/date
[+] Total number of files encrypted: 2

If you look in the TEST directory you will now see the following:

date.gpg

user.gpg

To unencrypt these files issue the following command:

gpgdir -d TEST

You will be prompted for the password again. After gpgdir decrypts the files they will no longer be encrypted.

Excluding files

Say you want to encrypt all files in the TEST directory but the user file. To do this you would issue the command:

gpgdir -e TEST –Exclude user

All files in TEST, except user, will now be encrypted.

Final thoughts

Although you can do more with gpgdir, you now have the fundamental usage of the command.

Related posts

• Secure your files: An introduction to GnuPG (4)
• Linux tips: Encrypting and decrypting files from command line with gpg (3)
• Encrypt Thunderbird Email with Enigmail (7)
• Yoggie PICO Personal Mobile Security Computer (3)
• With Ubuntu 9.10 Arrives Wubi 9.10 (1)

GnuPG, in technical terms, utilises a mixture of symmetric-key cryptography and public-key cryptography. This basically means a person generates a pair of keys; one of which is publicly shared and one is not. The publicly shared key is used to people can encrypt data for a specific person whilst the private key is used to decrypt, encrypt and sign data.

If you encrypt data to only be decrypted only by your private key and you carry your private key on another medium of storage, the data you encrypted will be effectively impossible to decipher.

To get started with GnuPG, you must download GnuPG which is free and open-source.

GnuPG is available for effectively all operating systems. After you have downloaded and installed GnuPG, it might be wise to download a graphical interface because it is command line based.

Some GUIs focus on the management of keys, such as the generation of them and storing other people’s public keys, whilst others focus on the encrypting/decrypting.

WinPT is a popular Windows option. As for encrypting and decrypting, there are many choices including Enigmail for Thunderbird, FireGPG for Firefox and WinPT also provides facilities to do this.

With a GUI, it is fairly easy to get to grips with GnuPG. Most key managers provide wizards for the generation of keys.

To obtain someone’s public key, so you can send data to them securely, you could either ask them or go onto a keyserver such as pgp.mit.edu, copy their key into Notepad and then import it into your key manager.

It is essential to send your keys to keyservers, I would suggest pgp.mit.edu, and this can be done either through the GUI or through exporting your public key and uploading it to these sites. Once you have someone’s public key, and you are sure it belongs to them and is not a hoax, you can sign the key inside your key manager and then submit it, so people know that key is authentic.

Key software to get started with GPG

1. GnuPG is absolutely necessary. There is a Windows binary available.
   
2. A GUI is also necessary. For Windows users, WinPT is a safe bet.
3. If you use Thunderbird, install Enigmail. If you use Firefox, install FireGPG.

If you have installed GPG and would like to try it out, feel free to send me an encrypted email. My email is computerjoe (at) gmail.com and my key is on this page.

Related posts

• Encrypt Thunderbird Email with Enigmail (7)
• Cryptography Tutorial (0)
• True Crypt 6 released (3)
• Securing your Pc with True Crypt (27)
• Recursively encrypt directories with gpgdir (3)