Encrypting pool files using cntools question

OK, I see the encryptFile function in the cntools.library that provides this “feature”:

# Command     : encryptFile [file] [password]
# Description : Encrypt file with GPG
# Parameters  : file      >  Path for file to encrypt, will get a new .gpg file extention added to filename
#             : password  >  Password to encrypt file with
encryptFile() {
  exec >&6 2>&7 # normal stdout/stderr
  sleep 0.1
  echo "${2}" | gpg --symmetric --yes --batch --cipher-algo AES256 --passphrase-fd 0 --output "${1}.gpg" "${1}" &>/dev/null && \
  safeDel "${1}" >/dev/null || {
    exec >&8 2>&9 # custom stdout/stderr
    println ERROR "${FG_RED}ERROR${NC}: failed to encrypt ${1}"
    return 1
  }
  exec >&8 2>&9 # custom stdout/stderr
  println DEBUG "${1} successfully encrypted"
}

So cntools encourages cold keys to be actually hot and on the same machine!

1 Like