Man Linux: Main Page and Category List


       gpgdir - recursive directory encryption with GnuPG


       gpgdir -e|-d <directory> [options]


       gpgdir is a perl script that uses the CPAN GnuPG::Interface perl module
       to recursively encrypt  and  decrypt  directories  using  gpg.   gpgdir
       recursively  descends  through  a  directory  in  order to make sure it
       encrypts or  decrypts  every  file  in  a  directory  and  all  of  its
       subdirectories.   By  default  the  mtime and atime values of all files
       will be preserved upon encryption and decryption (this can be  disabled
       with  the  --no-preserve-times  option).   Note that in --encrypt mode,
       gpgdir will delete the original files  that  it  successfully  encrypts
       (unless the --no-delete option is given).  However, upon startup gpgdir
       first asks for a the decryption password to be sure that a  dummy  file
       can  successfully  be encrypted and decrypted.  The initial test can be
       disabled with the --skip-test option so that a directory can easily  be
       encrypted without having to also specify a password (this is consistent
       with gpg behavior).  Also, note that  gpgdir  is  careful  not  encrypt
       hidden  files and directories.  After all, you probably don’t want your
       ~/.gnupg directory or ~/.bashrc file to be encrypted.  The  key  gpgdir
       uses to encrypt/decrypt a directory is specified in ~/.gpgdirrc.

       Finally,  gpgdir  can use the wipe program with the --Wipe command line
       option to securely delete the original  unencrypted  files  after  they
       have been successfully encrypted.  This elevates the security stance of
       gpgdir since it is more  difficult  to  recover  the  unencrypted  data
       associated  with  files  from  the  filesystem after they are encrypted
       (unlink() does not erase data blocks even though a file is removed).


       -e, --encrypt <directory>
              Recursively encrypt all files in the directory specified on  the
              command  line.   All  original files will be deleted (a password
              check is performed first to make sure that the correct  password
              to unlock the private GnuPG key is known to the user).

       -d, --decrypt <directory>
              Recursively  decrypt all files in the directory specified on the
              command line.  The encrypted .gpg version of each file  will  be

       --sign <directory>
              Recursively  sign  all  files  in the directory specified on the
              command line.  For each file, a detached .asc signature will  be

       --verify <directory>
              Recursively   verify  all  .asc  signatures  for  files  in  the
              directory specified on the command line.

       -g, --gnupg-dir <directory>
              Specify which .gnupg directory will be used to find GnuPG  keys.
              The default is ~/.gnupg if this option is not used.  This option
              allows gpgdir to be run as one user but use the keys of  another
              user (assuming permissions are setup correctly, etc.).

       -p, --pw-file <pw-file>
              Read  decryption  password  from pw-file instead of typing it on
              the command line.

       -t, --test-mode
              Run an encryption and decryption test against a dummy  file  and
              exit.   This test is always run by default in both --encrypt and
              --decrypt mode.

       -S, --Symmetric
              Instruct gpgdir to encrypt to decrypt files  using  a  symmetric
              cipher  supported  by  GnuPG  (CAST5  is  commonly  used).  This
              results in a significant speed up for the  encryption/decryption

       -T, --Trial-run
              Show  what  encrypt/decrypt  actions  would  take  place without
              actually doing them.  The filesystem is not changed in  any  way
              in this mode.

       -I, --Interactive
              Prompt  the  user  before actually encrypting or decrypting each
              file.  This is useful to have fine-grained control  over  gpgdir
              operations as it recurses through a directory structure.

       -F, --Force
              Tell  gpgdir  to  ignore non-fatal error conditions, such as the
              inability to encrypt or  decrypt  individual  files  because  of
              permissions errors.

       --Exclude <pattern>
              Instruct  gpgdir to skip all files that match pattern as a regex
              match against each filename.  This is similar to  the  --exclude
              option in the standard GNU tar command.

       --Exclude-from <file>
              Instruct  gpgdir to exclude all files matched by patterns listed
              in file.  This is similar to  the  --exclude-from  the  GNU  tar

       --Include <pattern>
              Instruct  gpgdir  to  only include files that match pattern as a
              regex match against each filename.

       --Include-from <file>
              Instruct gpgdir to only include files matched by patterns listed
              in file.

       -W, --Wipe
              Use  the  wipe  program to securely delete files after they have
              been successfully encrypted.

       -O, --Obfuscate-filename
              Tell gpgdir to  obfuscate  the  file  names  of  files  that  it
              encrypts (in -e mode).  The names of each file are stored within
              the file .gpgdir_map_file for every sub-directory, and this file
              is  itself  encrypted.  In decryption mode (-d), the -O argument
              reverses the process so that the original files are restored.

              Overwrite encrypted files even if  a  previous  <file>.gpg  file
              already exists.

              Overwrite  decrypted files even if the previous unencrypted file
              already exists.

       -K, --Key-id <id>
              Manually specify a GnuPG key ID from the command line.   Because
              GnuPG supports matching keys with a string, id does not strictly
              have to be a key ID; it can be a string that uniquely matches  a
              key in the GnuPG key ring.

       -D, --Default-key
              Use the key that GnuPG defines as the default, i.e. the key that
              is specified by the default-key  variable  in  ~/.gnupg/options.
              If    the   default-key   variable   is   not   defined   within
              ~/.gnupg/options, then GnuPG tries to use the first suitable key
              on  its  key  ring  (the initial encrypt/decrypt test makes sure
              that the user knows the corresponding password for the key).

       -a,  --agent
              Instruct gpgdir to acquire gpg key password from a running  gpg-
              agent instance.

       -A, --Agent-info <connection info>
              Specify  the value of the GPG_AGENT_INFO environment variable as
              returned by  the  gpg-agent  --daemon  command.  If  the  gpgdir
              --agent  command  line argument is used instead of --Agent-info,
              then gpgdir assumes that the GPG_AGENT_INFO environment variable
              has already been set in the current shell.

       -s,  --skip-test
              Skip  encryption and decryption test.  This will allow gpgdir to
              be used to encrypt a directory  without  specifying  a  password
              (which  normally  gets  used  in encryption mode to test to make
              sure decryption against a dummy file works properly).

       -q, --quiet
              Print as little as possible to the  screen  when  encrypting  or
              decrypting a directory.

              Instruct gpgdir to not recurse through any subdirectories of the
              directory that is being encrypted or decrypted.

              Instruct gpgdir to not ask the user for  a  password.   This  is
              only  useful when a gpg key literally has no associated password
              (this is not common).

              Instruct gpgdir to not delete original files at encrypt time.

              Instruct gpgdir to not preserve original file  mtime  and  atime
              values upon encryption or decryption.

       -l,  --locale <locale>
              Provide a locale setting other than the default "C" locale.

              Do  not  set the locale at all so that the default system locale
              will apply.

       -v, --verbose
              Run in verbose mode.

       -V, --Version
              Print version number and exit.

       -h, --help
              Print usage information and exit.


              Contains the key id of the user gpg key that  will  be  used  to
              encrypt or decrypt the files within a directory.


       The following examples illustrate the command line arguments that could
       be supplied to gpgdir in a few situations:

       To encrypt a directory:

       $ gpgdir -e /some/dir

       To encrypt a directory, and use the wipe command to securely delete the
       original unencrypted files:

       $ gpgdir -W -e /some/dir

       To   encrypt  a  directory  with  the  default  GnuPG  key  defined  in

       $ gpgdir -e /some/dir --Default-key

       To decrypt a directory with a key specified in ~/.gpgdirrc:

       $ gpgdir -d /some/dir

       To encrypt a directory but skip all filenames that contain  the  string

       $ gpgdir -e /some/dir --Exclude host

       To  encrypt  a  directory but only encrypt those files that contain the
       string "passwd":

       $ gpgdir -e /some/dir --Include passwd

       To acquire the GnuPG key password from a running  gpg-agent  daemon  in
       order  to  decrypt  a  directory  (this requires that gpg-agent has the

       $ gpgdir -A /tmp/gpg-H4DBhc/S.gpg-agent:7046:1 -d /some/dir

       To encrypt a directory but skip the encryption/decryption test (so  you
       will not be prompted for a decryption password):

       $ gpgdir -e /some/dir -s

       To encrypt a directory and no subdirectories:

       $ gpgdir -e /some/dir --no-recurse

       To  encrypt  root’s  home  directory, but use the GnuPG keys associated
       with the user "bob":

       # gpgdir -e /root -g /home/bob/.gnupg


       gpgdir requires that gpg, the Gnu Privacy Guard  (
       is  installed.   gpgdir  also requires the GnuPG::Interface perl module
       from  CPAN,  but  it  is  bundled  with  gpgdir  and  is  installed  in
       /usr/lib/gpgdir  at install-time so it does not pollute the system perl
       library tree.




       Michael Rash <>


       Many  people  who  are  active  in  the  open  source  community   have
       contributed to gpgdir; see the CREDITS file in the gpgdir sources.


       Send bug reports to Suggestions and/or comments are
       always welcome as well.


       gpgdir is distributed under the GNU General Public License  (GPL),  and
       the latest version may be downloaded from