Encrypt and decrypt in parallel with GPG

As a systems administrator or general hacker, encrypting files will be a fairly common task for backups and other sensitive information. Luckily, GPG is incredibly easy to use, but like most shell programs, runs on one core on your machine. Using GNU Parallel, however, we can run multiple GPG encryption processes at the same time, given a queue of files to encrypt or decrypt.

Encrypt Multiple Files at Once

Encrypting multiple files at once is fairly easy using GNU Parallel:

# find all files in the tree of this working directory and encrypt them
find . -type f -not -iname "*.gpg" | sort | parallel --gnu -j 8 --workdir "$PWD" '
    echo "Encrypting {}..."
    gpg --encrypt --recipient "me@mail.com" "{}"
'

The above command uses 8 processes (-j 8) to encrypt the files. You can change this to suit your needs and core count.

Decrypt Multiple Files at Once

Likewise, decrypting multiple files at once is also fairly straightforward:

# find all encrypted files and decrypt them
find . -type f -iname "*.gpg" | sort | parallel --gnu -j 8 --workdir "$PWD" '
    file="{}"
    echo "Decrypting $file..."
    gpg --decrypt --output "${file%.gpg}" "$file"
'

Verifying Multiple Files at Once

Being a bit paranoid from some bad experiences with failed encryption runs, I prefer to validate my backups to make sure they’re restorable. To this end, I calculate the SHA-256 sum of the original source files, then decrypt the GPG files and compare the hashes. This is all done in-memory. This will validate two things:

  1. That your backup is restorable, ie: GPG can successfully decrypt all of the data, it didn’t make a mistake in encryption.
  2. That your backup is intact, ie: the encrypted file content is the same as the original file content.

This is fairly similar to the examples above, except we’re using flock to make sure that script output doesn’t occur at the same time:

# verify all GPG files against their source files
find . -type f -iname "*.gpg" | sort | parallel --gnu -j 8 --workdir "$PWD" '
    file="{}"
    raw_hash="$(sha256sum "${file%.gpg}" | cut -c 1-64)"
    gpg_hash="$(gpg --batch --decrypt "$file" 2>/dev/null | sha256sum | cut -c 1-64)"
    
    # lock script output to one process at a time
    (
        flock -e 200    

        echo "$file:"
        echo "================================"
        echo "Raw Hash: $raw_hash"
        echo "GPG Hash: $gpg_hash"
    
        if [ "$raw_hash" != "$gpg_hash" ]; then
            echo "file verification FAILED, INVALID CHECKSUM"
        else
            echo "file verification succeeded, valid checksum"
        fi

        echo ""
    ) 200>/tmp/hashcheck.lock
'

I like to run this script through tee to be able to analyze it later:

./verify-backups.sh | tee VERIFY

6 thoughts on “Encrypt and decrypt in parallel with GPG

  1. Shorter:

    find . -type f -iname “*.gpg” | sort | parallel –gnu -j 8 ‘
    echo “Decrypting {}…”
    gpg –decrypt –output {.} {}

  2. I really want some help in hacking few of my Facebook profile, If you can help me with , it will be great, Any one out their don’t forget to leave a comment if you can help me with.

Leave a Reply to Naftuli Tzvi Kay Cancel reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>