Reading and Writing to a GPG encrypted file “securely”
I have been using two commands blogged about by a friend Steve Harris to store my passwords on my mac osx laptop. He illustrated two commands “useful” and “viuseful” which open an gpg encrypted file using less and vi respectively. Opening the file in less, allows for safe read-only access to the contents of the encrypted file. The vi mode of operation as described by Steve leaves a temporary copy of the file that exists in plaintext briefly while it’s being encrypted.
With a little help from one of my current colleagues Sid I have altered Steve’s example by writing the temp file to a ramdisk, which is subsequently srm’d.
The fact that this implementation never writes the contents of the unencrypted file to disk, I reckon I can go as far as saying that it was a little *more* secure than Steve’s original post 🙂
<br />
#Password config<br />
USEFUL_FILE="$HOME/.passwords/your_password_file.txt.gpg"<br />
USEFUL_KEYID="XXXXXXXX"<br />
RDLABEL="ramdisk"<br />
RAMDISK="/Volumes/$RDLABEL" # Please no spaces<br />
FILE="passtmp" # Please no spaces
</code>
<br />
function useful {<br />
gpg --trust-model always -d $USEFUL_FILE | less<br />
}<br />
<br />
function ramdisk {<br />
let SIZE=$1*2<br />
# Check if the ramdisk is already mounted<br />
if [[ $(mount | grep "$RAMDISK " | wc -l) -eq 0 ]]; then<br />
diskutil erasevolume HFS+ "$RDLABEL" $(hdiutil attach -nomount ram://$SIZE) &> /dev/null<br />
fi<br />
}<br />
function cleanup {
if [[ -e “$RAMDISK/$FILE” ]]; then
srm -f “$RAMDISK/$FILE”
umount “$RAMDISK”
fi
}</p>
function viuseful {
ramdisk 4096 # 4MB
cp "$USEFUL_FILE" "$USEFUL_FILE~"
vi '+set viminfo=' '+set noswapfile' '+r !gpg --trust-model always --quiet -d '"$USEFUL_FILE"' 2>/dev/null' '+1d' '+redraw!' "$RAMDISK/$FILE"
if [ -s "$RAMDISK/$FILE" ]; then
gpg --trust-model always --yes -r "$USEFUL_KEYID" -o "$USEFUL_FILE" -e "$RAMDISK/$FILE"
else
echo "File not changed"
fi
cleanup
}
So yeah, a big shout out to both Steve and Sid, for now I have a secure(-ish) way of storing a bunch of passwords and stuff.
If someone would like to tell me how to create the RAMDISK on a linux machine I would love to know!
Leaving Garlik. In Search of New Adventures
Today I am writing a little note to say goodbye and big thank you to all at Garlik. After spending the last (nearly) 4 years of my life working, living, and breathing Garlik, I have decided to start a new adventure. Garlik was wonderful place to work, we built some exciting applications, ones which delivered utility to people, as well as ones which innovated, to the highest standard, pushing boundaries in the development of commercial semantic web applications.
I have decided to leave my role as the Senior Research Engineer at Garlik, and I am now mega excited to be starting my new job working at the award winning London start-up PeerIndex.
I would like to say a big thank you to Steve Harris, and the rest of the team at Garlik. I have had a ball of a time working with/or being sat next to Steve since starting my PhD at Southampton University. We built some awesome things using what I believe to be the first industrial scale commercial semantic web technology stack. Obviously I am biased.
Finally, I would like to say a big thank you to the whole of the Semantic Web community, all the folk on #swig, and all the lovely people working on making the web a better place at the W3C. And to all the people at Southampton Uni, who got me into web technology in a way I never was before. The Semantic Web will enable the data web of the future, am sure of it.
I am looking forward to staying as involved with the community as I have been over the last few years, but most of all am looking forward to starting this next adventure in my life, as Head of Research Engineering at PeerIndex.
Using Git
I have been making use of git, initially designed and developed by Linus Torvalds, over the last few years in both my personal and professional lives.
Git is a fantastic piece of software, I have been using it for everything including document/paper writing, to adding version control to my /etc directory on my linux boxes.
In this post I will summarise how I have been using git over the last few years. Firstly though, I should mention a friend/former colleague of mine tialaramex who helped me out get my head around using git to start with.
Cloning a repository:
git clone [email protected]:mischat/sprotocol.git
or, the following command which will clone the repo to a directory named “sprotocol-dev”
<br />
git clone [email protected]:mischat/sprotocol.git sprotocol-dev
If this is your first time using git you can set your name and email address, so that your changes are labelled correctly when you push them upstream.
git config user.email "[email protected]"<br />
git config user.name "Your Name"
Note that you can use the –global flag to set them globally, instead of just in a given repo.
Setting up a git repo.
You can always use an online service such as github – this will allow for pointing and clicking.
But sometimes you may wish to setup your own git repository. You can do it like so:
mkdir LAMEREPO<br />
cd LAMEREPO<br />
git init --shared=group<br />
vim README "Readme file for LAMEREPO"<br />
git add README<br />
git commit -m "Initial commit for LAMEREPO"
Branches in git.
You can create branches in git, you may want to do this if you are planning on making considerable changes to your repo. Branches are most useful!
To find out which branch you are currently in:
git branch
To create a new branch, in turn checking it out:
git checkout -b lamebranch
To check out the master branch:
git checkout master
To merge branches, firstly you should checkout the branch which you want to merge into, and then use the merge command:
git checkout master<br />
git merge lamebranch
Finally, you can delete branches in git using the -d flag:
git branch -d lamebranch
Note that when deleting a branch you can use -D which will delete the branch if it was pushed upstream at any point in time.
If you would like to track a remote branch, perhaps one created by someone else committing to the repo. This will allow you to track any changes made to a remote branch.
git checkout --track -b lame origin/lame
If you would like to create a remote branch, so that other people can track it, you need to create a local branch, and then you need to push it upstream to origin.
git checkout -b lamebranch<br />
git push origin lamebranch:lamebranch<br />
look in git/config (make sure it is a remote branch)
Cherry-picking changes in git
If you find that you would like to select commits from a different branch, and merge into a different branch without having to merge the whole lot, you can cherry-pick git commits individually.
git cherry-pick 1d67bdbbdb4b98d142bdcce1b78cbe4d2d396afd
Tagging your git repo
You can also create tags in a git repo. This is how I make tags in my repos:
git tag -a "TAG _NAME"<br />
git push --tags
Cloning a repo so that multiple people can update it.
This is useful when working in a team.
<br />
git clone [email protected]:mischat/sprotocol.git<br />
cd sprotocol<br />
git config --add core.sharedRepository group<br />
chown -R username:sharedgroup .<br />
find -type d -print0 | xargs -0 chmod g+s {}
I should mention that I always use rebase when pulling commits from upstream on to my version of a repo. I have added an alias to my global git configuration, which allows me to type git up whenever I wish to grab upstream commits.
git config --global --add alias.up 'pull --rebase'
And finally, I also make constant use of git’s stashing and popping functions. Most useful if you have changes you wish not to commit.
git stash<br />
git up (or git pull)<br />
git stash pop
I have a blog post coming up on how one can add a submodule to a git repo. Thanks for your attention!