On Wed, 2006-07-12 at 05:14 -0500, Robert J. Hansen wrote: > Benny Helms wrote: > > I'm looking for a way to gpg encrypt a file, test that the encryption > > was good and that the file can be extracted, and then to delete the > > original file. > > Forgive a silly question, but what's wrong with decrypting the file as a > way of verifying the encryption worked?
Sorry. I guess I should have given more details. I was just hoping the bare minimum info would be enough because somebody would say, "Oh, that's easy! All you do is..." I have a server with files that are created on a daily basis. Many files. I've reached a point where I want to have those files encrypted each night to prevent security breaches. My intent is to encrypt the file and delete the original. However, if I do that, and then go back a week later to obtain some data from that file, and it says, "Whoa, dude! This gpg file seems to be hosed. I can't open it!", I'm absolutely screwed because our contract requires eternal data retention on some if this stuff. Losing data is unacceptable. But at the same time, having an encrypted version and an unencryted version is equally unacceptable. Basically, I'm looking for a *scripted* way to verify that the newly created gpg file is in good condition and I'll be able to open it at a later date if needed, BEFORE I delete the original file. Frankly, I'm surprised that's not a standard built-in function in gpg. Bzip2 will bzip a file, and only after successfully completing the task, it will automatically delete the original and leave only the bz2 version in place. That's the basic functionality I'm looking for. And I definitely want it to be able to do the job in a script because I don't have a life as it is, let alone sitting here manually decrypting file after file to test their usability in the wee hours of the morning when I should be home with my family. Make sense? > If you've got a Perl script that's doing the encryptions, then have your > Perl script do the verification step, too. I'm doing this with a plain old bash script. Basically... for file in "list of files" do gpg -r username -z 9 --encrypt $file <pseudo code here; if the encryption went well, and the file is a \ good one, delete the original; otherwise email the the hosed file\ name so I can manually encrypt it when I get to work in the morning> done Benny _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
