- infos = Information about gpgme plugin is in keys below
- infos/author = Peter Nirschl [email protected]
- infos/licence = BSD
- infos/provides = crypto
- infos/needs =
- infos/recommends =
- infos/placements = postgetstorage presetstorage
- infos/status = unittest configurable memleak experimental unfinished
- infos/metadata = crypto/encrypt gpg/binary
- infos/description = Cryptographic operations wit GnuPG Made Easy (GPGME)
The gpgme plugin is a filter plugin that enables users to encrypt values before they are
persisted and to decrypt values after they have been read from a backend.
The encryption and decryption is designed to work transparently.
The cryptographic operations are performed by GnuPG via the libgpgme library.
libgpgme11version 1.10 or later
The plugin has been tested on Ubuntu 18.04 with libgpgme version 1.10.
You can mount the plugin like this:
kdb mount test.ecf /t gpgme "encrypt/key=DDEBEF9EE2DC931701338212DAF635B17F230E8D"Now you can specify a key user/t/a and protect its content by using:
kdb set user/t/a
kdb meta-set user/t/a crypt/encrypt 1
kdb set user/t/a "secret"The value of user/t/a (for this example: "secret") will be stored encrypted.
You can still access the original value by using kdb get:
kdb get user/t/aThe GPG recipient keys can be specified in two ways:
- The GPG recipient key can be specified as
encrypt/keydirectly. - If you want to specify multiple keys, you can enumerate them under
encrypt/key.
The following example illustrates how multiple GPG recipient keys can be specified:
encrypt/key/#0
encrypt/key/#1
gpgme operates in textmode per default. In textmode the output of GPG is ASCII armored.
Textmode can be disabled by setting /gpgme/textmode to 0 in the plugin configuration.
The encrypted values are valid PGP messages, that can be decrypted and read solely by the GnuPG binary without Elektra.