safe encrypting process?

Steve steve at cyberianhamster.com
Mon Feb 2 19:36:59 EST 2004


I'd like to encrypt some info that could later be searched, but I'm
trying to figure out an optimal/safe way to go about doing it.

For the actual encryption, I'd put the information in a plaintext file
> gpg -c foo.txt > foo.gpg (encrypt with gpg)
> shred -u foo.txt* (shred the old plaintext file and any backup copies
of it)

If I wanted to search the file, I'd
> gpg --decrypt foo.gpg | grep whatever

Modifying the file would be:
> gpg --decrypt foo.gpg > foo.txt
> joe foo.txt (and make modification)
> gpg -c foo.txt > foo.gpg
> shred -u foo.txt* (to get rid of plaintext file and any backup copies)

And then I could script this so I wouldn't have to bother with typing in
everything. But I'm curious about the weaknesses of using such a method
for encrypted information. In particular, any sort of temporary files
which would have stuff during the plaintext post-decryption process (tmp
file from joe, for example). Is there a simpler, better way of going
about this?

Steve






More information about the Discuss mailing list