Switch to GPG

README.md

@@ -1,6 +1,6 @@
 # zsh-history-sync
 
-Syncs your zsh shell history between computers using git and in encrypted format (using openssl), easily. Only requirement is to have a git repository on Github or similar (recommended private although the history is encrypted).
+Syncs your zsh shell history between computers using git and in encrypted format (using GPG), easily. Only requirement is to have a git repository on Github or similar (recommended private although the history is encrypted).
 
 If you like this or any of my other projects and would like to help with their development, consider [becoming a sponsor](https://github.com/sponsors/vitobotta).
 
@@ -12,7 +12,7 @@ Notes:
 
 ## Installation
 
-You need to clone this repo with the scripts somewhere and run the install script. The installer will ask you for the path to your git repository that you want to use to synchronise the history, as well as a password to encrypt it (the password will be stored in ~/.zsh-history-sync.encryption-key). The install script then updates your .zshrc to load what's required to trigger the synchronisation in background.
+You need to clone this repo with the scripts somewhere and run the install script. The installer will ask you for the path to your git repository that you want to use to synchronise the history, as well the UID of the GPG key you want to use to encrypt the history. The install script then updates your .zshrc to load what's required to trigger the synchronisation in background.
 
 ```bash
 git clone https://github.com/vitobotta/zsh-history-sync.git
@@ -22,20 +22,3 @@ cd zsh-history-sync
 
 source ~/.zshrc
 ```
-
-I recommend you also schedule a sync every minute (just to ensure every command is synced since the automatic sync depends on when the last command was executed). It's better to specify an offset on the second computer, so to minimise the risk of sync conflicts. Using crontab, on the first computer:
-
-```
-* * * * * /path/to/zsh-history-sync/sync-history.sh /path/to/your/repo
-```
-
-On the second computer:
-
-```
-* * * * * sleep 30; /path/to/zsh-history-sync/sync-history.sh /path/to/your/repo
-```
-
-
-
-
-

install.sh

@@ -3,13 +3,13 @@
 echo "Please enter the full path to the git repository you want to use for the syncing:"
 read GIT_REPO_PATH
 
-echo "Please enter the password to use for encryption:"
-read -s ENCRYPTION_PASSWORD
+echo "Please enter your GPG key UID for encryption:"
+read GPG_KEY_UID
 
 SCRIPT_PATH="$(readlink -f "$0")"
 SCRIPT_DIR="$(dirname "$SCRIPT_PATH")"
 
 echo "export ZSH_HISTORY_SYNC_SCRIPT_PATH=${SCRIPT_DIR}/sync-history.sh" >> ~/.zshrc
 echo "export ZSH_HISTORY_SYNC_GIT_REPO_PATH=${GIT_REPO_PATH}" >> ~/.zshrc
-echo "${ENCRYPTION_PASSWORD}" > ${HOME}/.zsh-history-sync.encryption-key
+echo "export ZSH_HISTORY_SYNC_GPG_KEY_UID=${GPG_KEY_UID}" >> ~/.zshrc
 echo source "${SCRIPT_DIR}/zsh.include.sh" >> ~/.zshrc

sync-history.sh

@@ -7,7 +7,6 @@ if [ -e ${lockfile} ] && kill -0 `cat ${lockfile}`; then
   exit
 fi
 
-# make sure the lockfile is removed when we exit and when we receive a signal
 trap "rm -f ${lockfile}; exit" INT TERM EXIT
 echo $$ > ${lockfile}
 
@@ -22,6 +21,8 @@ last_command_timestamp_file="${HOME}/.zsh-history-sync.last-sync"
 encryption_key_file="${HOME}/.zsh-history-sync.encryption-key"
 identifier="$(hostname)"
 
+ZSH_HISTORY_SYNC_GPG_KEY_UID="${ZSH_HISTORY_SYNC_GPG_KEY_UID:-}"
+
 read_file() {
   if [ ! -f $1 ]; then
     echo "$1 doesn't exist, creating..."
@@ -36,6 +37,18 @@ read_file() {
   done
 }
 
+GPG_CMD=$(which gpg)
+
+if [[ -z "$GPG_CMD" ]]; then
+  echo "No GPG binary found."
+  exit 1
+fi
+
+if [[ -z "$ZSH_HISTORY_SYNC_GPG_KEY_UID" ]]; then
+  echo "No GPG key UID specified."
+  exit 1
+fi
+
 current_time=$(date +%s)
 last_executed_time=$(cat $last_command_timestamp_file 2>/dev/null || echo 0)
 
@@ -47,7 +60,7 @@ if (( current_time - last_executed_time >= 30 )) || [ "$force_sync" = "-f" ]; th
 
     if [[ -f $sync_file ]]; then
       temp_sync_file=$(mktemp)
-      openssl enc -aes-256-cbc -md sha256 -d -in "$sync_file" -out "$temp_sync_file" -pass file:"$encryption_key_file" -pbkdf2
+      $GPG_CMD --decrypt "$sync_file" > "$temp_sync_file" 2>/dev/null
       new_items=$(read_file "$temp_sync_file")
       rm "$temp_sync_file"
     else
@@ -58,7 +71,7 @@ if (( current_time - last_executed_time >= 30 )) || [ "$force_sync" = "-f" ]; th
     items=$(echo -e "$source_items\n$new_items" | grep -v '^\:\s[<=>]\{3\}' | awk '!x[$0]++')
 
     echo -e "$items" > $source_file
-    echo -e "$items" | openssl enc -aes-256-cbc -md sha256 -out "$sync_file" -pass file:"$encryption_key_file" -pbkdf2
+    echo -e "$items" | $GPG_CMD --encrypt --trust-model always --yes  --recipient "$ZSH_HISTORY_SYNC_GPG_KEY_UID" --output "$sync_file" 2>/dev/null
 
     fc -R $source_file