- infos = Information about gpgme plugin is in keys below
- infos/author = Peter Nirschl peter.nirschl@gmail.com
- infos/licence = BSD
- infos/provides = crypto
- infos/needs =
- infos/recommends =
- infos/placements = postgetstorage presetstorage
- infos/status = unittest configurable memleak experimental unfinished
- infos/metadata = crypto/encrypt gpg/binary
- infos/description = Cryptographic operations wit GnuPG Made Easy (GPGME)
The gpgme
plugin is a filter plugin that enables users to encrypt values before they are
persisted and to decrypt values after they have been read from a backend.
The encryption and decryption is designed to work transparently.
The cryptographic operations are performed by GnuPG via the libgpgme
library.
See installation.
The package is called libelektra5-experimental
.
libgpgme11
version 1.10 or later
The plugin has been tested on Ubuntu 18.04 with libgpgme
version 1.10.
You can mount the plugin like this:
kdb mount test.ecf /t gpgme "encrypt/key=DDEBEF9EE2DC931701338212DAF635B17F230E8D"
Now you can specify a key user:/t/a
and protect its content by using:
kdb set user:/t/a
kdb meta-set user:/t/a crypt/encrypt 1
kdb set user:/t/a "secret"
The value of user:/t/a
(for this example: "secret") will be stored encrypted.
You can still access the original value by using kdb get
:
kdb get user:/t/a
The GPG recipient keys can be specified in two ways:
- The GPG recipient key can be specified as
encrypt/key
directly. - If you want to specify multiple keys, you can enumerate them under
encrypt/key
.
The following example illustrates how multiple GPG recipient keys can be specified:
encrypt/key/#0
encrypt/key/#1
gpgme
operates in textmode per default. In textmode the output of GPG is ASCII armored.
Textmode can be disabled by setting /gpgme/textmode
to 0
in the plugin configuration.
The encrypted values are valid PGP messages, that can be decrypted and read solely by the GnuPG binary without Elektra.