summaryrefslogtreecommitdiff
path: root/README
blob: 58f32e70445e74767296b8d05b5b2d77c8022adc (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
Usage summary
-----------------------------------------------

    git pull
    gpg -d file.gpg > file.txt
    edit file.txt
    make file.gpg
    rm file.txt
    git commit file.gpg
    git push

Makefile configuration
-----------------------------------------------

    user1 := <key id>
    user2 := <key id>
    user3 := <key id>
    files := file1 file2
    file2_readers := user1 user2
    file2_readers := user2 user3

Details
-----------------------------------------------

The Makefile will encrypt certain files to the right people.

usage: "make foo.gpg" will encrypt foo.txt

* If unencrypted file exists and is newer than the encrypted, it will
  encrypt it.
* If the unencrypted file exists and is not newer than the encrypted, it
  will report "up to date" and won't encrypt it
* If the unencrypted file doesn't exist, it will say you are dumb.
 
If you don't have one of the keys needed for encrypting:

   gpg --recv-keys <fingerprint>
   gpg --fingerprint --keyid-format long <fingerprint>

IT IS IMPERATIVE THAT YOU VERIFY THE FINGERPRINT.
gpg does not verify the fingerprint when you run --recv-keys.

To add additional files to be encrypted:

   files          := file_a file_b
   file_a_readers := user1 user2
   file_b_readers := user3 user4

Files should be named without their suffix. The actual source file must
always end in .txt, and the encrypted file will always end in .gpg.

After you change the x_readers list for a file, you will need to run
`touch x.txt` in order for `make` to encrypt `x.gpg`.