GnuPG - How to edit the file without decrypt and save to local disk first?

Dean picture Dean · Oct 2, 2009 · Viewed 16.7k times · Source

I'm using GNUPG to encrypt my ascii files.

I learnt to generate a key, also how to use the it to encrypt and decrypt a file.

There are two ways I used:

gpg -d foo.txt.gpg

and

gpg --output foo.txt --decrypt
foo.txt.gpg

I realized the first method will display the decrypted file on the screen, for example when I executed the command over SSH.

With regard to the second method, I concerned if it will leave a trace on the local pc - the foo.txt file.

Most importantly, I don't know how to edit the contents of the foo file on the fly. Ideally, I would like to open the file over SSH use nano/pico, type my passphrase to decrypt, then edit the file, save it and encrypt it. I very much like to avoid save any files to the local disk.

Any comments are welcome.

Thank you in advance.

Answer

ire_and_curses picture ire_and_curses · Oct 2, 2009

One way is using vim. See this page and this related question.

If you need more flexibility or don't want to use vim, writing a short program to read the decrypted text coming from STDOUT, edit to your liking, and then re-encrypt isn't too difficult. For example, you could use this minimal Python code (104 lines!) to give you the bare bones editor, and then add the stream reading and writing functionality yourself.