On Sun, 2 Jan 2011, Neil Phillips wrote:

gpg should be able to give a hash, something like;
gpg -output sha1("a filename") -e filename

depending on your [*nix or cygwin] shell, it ~can~ do that...

gpg -o $(sha1 -qs filename) -e filename -r keyid

the exact command is system dependent; the example above would basically work as-is on freebsd with zsh or bash. cygwin or linux would be *slightly* more complicated. the idea is that shells like zsh and newer versions of bash use '$(...)' as a form of command substitution. older shells (bash & bourne) use back-quotes but the concept is the same. all shells have some form of variables...

gpg -o ${file_name_hashed} -e filename -r keyid

in any case, if you also want to populate a db of some sort, whether a flat-file or DBMS, you'll probably need three lines in a script:
 1) calculate the hash
 2) encrypt the file -- gpg -o ${file_name_hashed} -e filename -r keyid
 3) add an entry to a db

the first line creates a variable (eg, $file_name_hashed) and the next two lines refer to it.

just make sure you're hashing the file-NAME, not it's contents. of course, if you don't lose your db, then there's nothing wrong with hashing the contents, or even a counter or random string. hashing the file-NAME is just an idea that makes recovery of the db possible if you know the format and range of the file-names (and any secret that may be used). the real trick is to just do something secure and consistent... sha1 does the job.


 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808

        "The livestock sector is a major player [in climate
         change], responsible for 18% of greenhouse gas
         emissions measured in CO2 equivalent. This is a higher
         share than transport."
                -- Livestock's long shadow, 2006
                UN report sponsored by WTO, EU, AS-AID, FAO, et al

Gnupg-users mailing list

Reply via email to