OK, I see the encryptFile function in the cntools.library that provides this “feature”:
# Command : encryptFile [file] [password]
# Description : Encrypt file with GPG
# Parameters : file > Path for file to encrypt, will get a new .gpg file extention added to filename
# : password > Password to encrypt file with
encryptFile() {
exec >&6 2>&7 # normal stdout/stderr
sleep 0.1
echo "${2}" | gpg --symmetric --yes --batch --cipher-algo AES256 --passphrase-fd 0 --output "${1}.gpg" "${1}" &>/dev/null && \
safeDel "${1}" >/dev/null || {
exec >&8 2>&9 # custom stdout/stderr
println ERROR "${FG_RED}ERROR${NC}: failed to encrypt ${1}"
return 1
}
exec >&8 2>&9 # custom stdout/stderr
println DEBUG "${1} successfully encrypted"
}
So cntools encourages cold keys to be actually hot and on the same machine!