blob: 21915d561fb6e95bd61d6c42f9563f6e707a52a0 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
|
Usage summary
-----------------------------------------------
git pull
gpg -d file.gpg > file.txt
edit file.txt
make file.gpg
rm file.txt
git commit file.gpg
git push
OpenPGP keyrings: see bottom
-----------------------------------------------
Makefile configuration
-----------------------------------------------
user1 := <key id>
user2 := <key id>
user3 := <key id>
files := file1 file2
file2_readers := user1 user2
file2_readers := user2 user3
Details
-----------------------------------------------
The Makefile will encrypt certain files to the right people.
usage: "make foo.gpg" will encrypt foo.txt
* If unencrypted file exists and is newer than the encrypted, it will
encrypt it.
* If the unencrypted file exists and is not newer than the encrypted, it
will report "up to date" and won't encrypt it
* If the unencrypted file doesn't exist, it will say you are dumb.
If you don't have one of the keys needed for encrypting:
gpg --recv-keys <fingerprint>
gpg --fingerprint --keyid-format long <fingerprint>
IT IS IMPERATIVE THAT YOU VERIFY THE FINGERPRINT.
gpg does not verify the fingerprint when you run --recv-keys.
To add additional files to be encrypted:
files := file_a file_b
file_a_readers := user1 user2
file_b_readers := user3 user4
Files should be named without their suffix. The actual source file must
always end in .txt, and the encrypted file will always end in .gpg.
After you change the x_readers list for a file, you will need to run
`touch x.txt` in order for `make` to encrypt `x.gpg`.
OpenPGP keys
-----------------------------------------------
The keys and keyring are inside a tar file. To open:
cd $(pwd)/gpg-keys/reports/
gpg-tar -C --decrypt reports.tar.gpg
export GNUPGHOME=$(pwd)/.gnupg/
Do what you want to do, like decrypting messages or signing new ones. Maybe even import it to your keyring. Password is in
afterwards:
rm -rf .gnupg
But if you made changes:
gpgtar --encrypt --output reports-gpg.tar -r kwadronaut@autistici.org -r cyberta@riseup.net -r makechanges@riseup.net -r mcnair@riseup.net reports
|
