[RndTbl] simple text file encryption/editor

Fri Apr 17 10:26:38 CDT 2009

Someone was asking for an easy way to encrypt single files.  Here's
what I use all the time.  I call the program "gpp" (from GPg Pico).
Read notes before using.  Do not use on non-text files.  If you want
to encrypt non-text files just use gpg -c manually and delete the
original files.

You may need to adjust the path to perl and bash, and possibly cp,
but it should work as-is on any lsb linux system.  Must have gpg
installed, but I don't think anyone doesn't!

#!/usr/bin/perl -w
#
# v3.0 (c) Trevor Cordes; may be used & distributed freely

# use only on text files;
# edit the $editor var to set to your favorite editor (vi, emacs, nano);
# when first run on a text file, will encrypt it and delete original;
# when used on encrypted files (ending in .gpg)	will decrypt, load
#  into your editor, then re-encrypt once edited;
# when dealing with encrypted files, makes a backup copy in /tmp which
#  it leaves there for safety;
# note:	when editing, the file exists in plaintext on the disk,	so it's
#  not as nice/secure as an in-memory system would be during the edit;
# note:	backspace & arrows don't work when entering pw,	so just	^C if
#  you make a typo;
# relies on gpg's convention (-c) encryption, which is only as good as
#  your	password so make it good/long depending	on how secure you want
#  to be against brute force or	dictionary attacks;
# if you use emacs or an editor	that automatically makes backup files,
#  you must disable that or use	a simpler editor, otherwise you'll
#  leave plaintext file droppings everywhere;

$editor="/usr/bin/nano -t -z -w";

$ENV{SHELL}='/bin/bash';

$ef=shift;
-f $ef or die "not a file: $ef";

if (($uf)=($ef=~/^(.+?)(\.gpg)$/i)) {

  -f $uf and die "plaintext file already exists, will not overwrite ($uf)";

  $noslashesf=$ef;
  $noslashesf=~tr#/#_#;

  $efexists=1;

} else {

  $uf=$ef;
  $ef="$ef.gpg";
  $efexists=0;

}

# get pw
print "Enter password: ";
system "stty",'-icanon','-echo','eol',"\001";
$SIG{'INT'}='cleanup';

do {
  $char=getc(STDIN);
  print '*' if $char ne "\n";
  $pgppw.=$char;
} until $char eq "\n";
print "\n";
system "stty",'icanon','echo','eol','^@';
$unsttyd=1;

if ($efexists) {

  $baknum=0;
  $baknum++ while (-f "/tmp/$noslashesf.bak$baknum$$");
  system "/bin/cp -p $ef /tmp/$noslashesf.bak$baknum$$";

  open(PW,"| gpg --passphrase-fd 0 --batch $ef 2>/dev/null") or die;
  print PW $pgppw;
  close(PW);

  die "bad password\n" if !-s $uf or (-s $uf)<(-s $ef)-100;

  system "$editor $uf";

  unlink $ef if -f $ef;

}

open(PW,"| gpg -c --passphrase-fd 0 -z9 --batch $uf >/dev/null 2>&1")
 or die;
print PW $pgppw;
close(PW);

-f $ef
 or die "encryptions seems to have failed, leaving plaintext as is ($uf)";

unlink $uf if -f $uf;

#system "ls -ld $uf*";
#print "\nLooks like success!\n";

&cleanup;

sub cleanup{
  if (!$unsttyd) {
    system "stty",'icanon','echo','eol','^@';
    print "\n";
  }
  exit;
}