Mailing List Archive: Sign a lot of files

Sign a lot of files

thomasb at trash

Feb 16, 2000, 12:40 PM

Post #1 of 6 (880 views)

Hi all!

I've got the following problem: I have a directory tree which should be
shared to others via anonymous-ftp. How can I make a detached signature
on all files in this directory tree without suplying my passphrase for
each file to gpg?

There might be a possibility to use "find" for my problem, but I
couldn'f figure out how to use it. I tried gpg in conjunction with
the option "--passphrase-fd 0" and I used "--exec gpg -ba {} < /tmp/pp"
as an option for find, but gpg complained about a wrong passphrase
(surely, I put the right passphrase in /tmp/pp).
Eventually I tried "gpg -ba *" directly in the shell, but gpg signed
only one file in the directory and ignored the other files in the
directory (I'm using zsh as shell).

Any help would be appreciated.

Cheers,
Thomas
--
Thomas Bader <thomasb@trash.net>, Powered by LINUX 2.2
Infos und Tipps zu Linux, HOWTOs des DLHP <http://www.t-bader.ch/>
=> Actually, Microsoft is sort of mixture between the Borg and Ferengi.

Re: Sign a lot of files [ In reply to ]

Feb 16, 2000, 8:34 PM

Post #2 of 6 (864 views)

On Wed, Feb 16, 2000 at 08:40:58PM +0100, Thomas Bader wrote:
> Hi all!
>
> I've got the following problem: I have a directory tree which should be
> shared to others via anonymous-ftp. How can I make a detached signature
> on all files in this directory tree without suplying my passphrase for
> each file to gpg?

for f in `find . -type f -print` ; do
gpg --passphrase-fd 0 --yes -ba "$f" < /tmp/pp
done

You might want to do something smarter if you have quotes embeded in your
filenames.

> There might be a possibility to use "find" for my problem, but I
> couldn'f figure out how to use it. I tried gpg in conjunction with
> the option "--passphrase-fd 0" and I used "--exec gpg -ba {} < /tmp/pp"
> as an option for find, but gpg complained about a wrong passphrase
> (surely, I put the right passphrase in /tmp/pp).

Yes, find -exec does weird things. On my FreeBSD box it signs the first file
but not the others.

Re: Sign a lot of files [ In reply to ]

thomasb at trash

Feb 17, 2000, 10:54 AM

Post #3 of 6 (867 views)

On Thu, 17 Feb 2000, Rémi Guyomarch wrote:

Hi!

> for f in `find . -type f -print` ; do
> gpg --passphrase-fd 0 --yes -ba "$f" < /tmp/pp
> done

Yes, of course! I didn't look at the builtins of my shell :)

Another question: Is it possible to say gpg it has to create a signature
with ".sig" as extension, not ".asc"? I know, I could do it with a
script, but this isn't such elegant as to say gpg to do it.
I know, ".sig" is for signatures in binary form, but I need ascii
armored signatures to share them via FTP and I think ".sig" sounds much
better as ".asc".

> You might want to do something smarter if you have quotes embeded in your
> filenames.

No, I don't have quotes in my filenames.

> Yes, find -exec does weird things. On my FreeBSD box it signs the first file
> but not the others.

find -exec on my Linux box does weird things too. It signs no file at
all.

Cheers,
Thomas
--
Thomas Bader <thomasb@trash.net>, Powered by LINUX 2.2
Infos und Tipps zu Linux, HOWTOs des DLHP <http://www.t-bader.ch/>
=> Failure is not an option. It comes bundled with your Microsoft product.

Re: Sign a lot of files [ In reply to ]

Feb 17, 2000, 5:38 PM

Post #4 of 6 (867 views)

On Thu, Feb 17, 2000 at 06:54:59PM +0100, Thomas Bader wrote:
> On Thu, 17 Feb 2000, Rémi Guyomarch wrote:
>
> Hi!
>
> > for f in `find . -type f -print` ; do
> > gpg --passphrase-fd 0 --yes -ba "$f" < /tmp/pp
> > done
>
> Yes, of course! I didn't look at the builtins of my shell :)
>
> Another question: Is it possible to say gpg it has to create a signature
> with ".sig" as extension, not ".asc"? I know, I could do it with a
> script, but this isn't such elegant as to say gpg to do it.

Add "--output $f.sig" to the gpg command line.

Re: Sign a lot of files [ In reply to ]

thomasb at trash

Feb 18, 2000, 11:36 AM

Post #5 of 6 (864 views)

On Fri, 18 Feb 2000, Rémi Guyomarch wrote:

Hi!

> Add "--output $f.sig" to the gpg command line.

Yea, thank you very much for pointing me to the right direction.

Cheers,
Thomas
--
Thomas Bader <thomasb@trash.net>, Powered by LINUX 2.2
Infos und Tipps zu Linux, HOWTOs des DLHP <http://www.t-bader.ch/>
=> Actually, Microsoft is sort of mixture between the Borg and Ferengi.

Re: Sign a lot of files [ In reply to ]

fnn0yhmu at umail

Feb 23, 2000, 9:24 PM

Post #6 of 6 (864 views)

On Wed, 16 Feb 2000 20:40:58 +0100, Thomas Bader <thomasb@trash.net> wrote:
>I've got the following problem: I have a directory tree which should be
>shared to others via anonymous-ftp. How can I make a detached signature
>on all files in this directory tree without suplying my passphrase for
>each file to gpg?
>
>There might be a possibility to use "find" for my problem, but I
>couldn'f figure out how to use it. I tried gpg in conjunction with
>the option "--passphrase-fd 0" and I used "--exec gpg -ba {} < /tmp/pp"
>as an option for find, but gpg complained about a wrong passphrase
>(surely, I put the right passphrase in /tmp/pp).
>Eventually I tried "gpg -ba *" directly in the shell, but gpg signed
>only one file in the directory and ignored the other files in the
>directory (I'm using zsh as shell).

Depending on how the FTP server is used, an alternative is to make one
big signed file that lists all the little files:

find -type f -print0 | xargs -0 gpg --print-md sha1 > signatures.txt
gpg -ba signatures.txt

This would be more interesting to mirror operators than anyone else, but
it provides a signed file that lists secure hashes of all the files on
the FTP site.

--
OpenPGP email preferred at <zblaxell@feedme.hungrycats.org>.
OpenPGP key available on www.keyserver.net and other fine keyservers.
OpenPGP fingerprint: 2B32 546D 21A5 0DB2 20C8 AF10 1D4A 610E 6972 2DEE