The answer is basically no, not without custom code.
gpg can operate on pipes, so if there were an easy way to destructively send data to a pipe, this might be doable. But there isn't.
Another idea to keep from using up the disk quickly is encrypt chunks at a time (in custom software).
while !eof:
read()
encrypt()
write()
seek()
It appears that ccrypt is able to operate in-place because the encrypted data is the same length as the decrypted data (I know little of crypto, but this might just be a general property of block ciphers). GPG/PGP does stuff like compressing and adding headers, so the output data won't be the same length. If it is shorter, no problem (the above custom code should work). If it is longer, more work would need to be done to place overflow somewhere else.
This custom code adds complexity (and obscurity) to encryption and decryption.
gpg does it by opening a new file using the original filename and appending a .gpg extension, then writing the encrypted data out to the new file. if everything works fine, it deletes the original file.
I don't think you'd want to use actual in-place encryption, where it would read a byte, crypt it, write it back out to the file, etc... what happens if something kills the gpg process half-way through? You've now got a corrupted file, with half of the plaintext dangling in the breeze.
发布评论
评论(2)
答案基本上是否定的,没有自定义代码就不行。
gpg 可以在管道上操作,因此如果有一种简单的方法可以破坏性地将数据发送到管道,那么这可能是可行的。 但是没有。
避免快速耗尽磁盘的另一个想法是一次加密块(在定制软件中)。
看来 ccrypt 能够就地操作,因为加密的数据与解密的数据长度相同(我对加密知之甚少,但这可能只是 分组密码)。 GPG/PGP 会进行压缩和添加标头等操作,因此输出数据的长度不会相同。如果它更短,没问题(上面的自定义代码应该可以工作)。如果它更长,则需要做更多的工作才能将溢出放置在其他地方。
此自定义代码增加了加密和解密的复杂性(和模糊性)。
The answer is basically no, not without custom code.
gpg can operate on pipes, so if there were an easy way to destructively send data to a pipe, this might be doable. But there isn't.
Another idea to keep from using up the disk quickly is encrypt chunks at a time (in custom software).
It appears that ccrypt is able to operate in-place because the encrypted data is the same length as the decrypted data (I know little of crypto, but this might just be a general property of block ciphers). GPG/PGP does stuff like compressing and adding headers, so the output data won't be the same length. If it is shorter, no problem (the above custom code should work). If it is longer, more work would need to be done to place overflow somewhere else.
This custom code adds complexity (and obscurity) to encryption and decryption.
gpg 的实现方法是使用原始文件名打开一个新文件并附加 .gpg 扩展名,然后将加密数据写入新文件。如果一切正常,它将删除原始文件。
我认为你不想使用实际的就地加密,它会读取一个字节,对其进行加密,将其写回到文件中,等等......如果有东西中途杀死了 gpg 进程,会发生什么通过?现在你已经得到了一个损坏的文件,其中一半的明文在微风中晃来晃去。
gpg does it by opening a new file using the original filename and appending a .gpg extension, then writing the encrypted data out to the new file. if everything works fine, it deletes the original file.
I don't think you'd want to use actual in-place encryption, where it would read a byte, crypt it, write it back out to the file, etc... what happens if something kills the gpg process half-way through? You've now got a corrupted file, with half of the plaintext dangling in the breeze.