On Tue, Oct 24, 2023 at 11:38:52AM +0800, "Felix E. Klee" <felix.k...@inka.de> wrote:
> For the purpose of re-encryption with a new key, I’d like to find all > files that are encrypted with my key BEF6EFD38FE8DCA0. All encrypted > files, independent of key, have the extension `.gpg`. > > How do I do that for a massive directory tree? With my rawhide (rh) program (github.com/raforg/rawhide) you can do it with something like this: rh /path '"*.gpg" && "*PGP*encrypted*BEF6EFD3 8FE8DCA0*".what' That looks under /path for files whose names end in .gpg and whose file(1) output would contain the given glob pattern, but no file(1) processes are created. The output of file(1) for an encrypted file looks something like: file.gpg: PGP RSA encrypted session key - keyid: 49C40F3A BA227C81 RSA (Encrypt or Sign) 4096b . It can also be done with find(1) of course, but it's a little slower because it needs additional processes for each encrypted file: find /path -name '*.gpg' \ -execdir /bin/sh -c 'file {} | grep -q "PGP.*encrypted.*BEF6EFD3 8FE8DCA0"' \; \ -print But the extra time is probably immaterial when followed by re-encryption. While testing these, I just noticed that /usr/bin/file on my macOS-10.14 laptop shows a different keyid to what libmagic shows. That's bizarre. For some encrypted files of mine, /usr/bin/file (v5.33) shows 3A0FC449 817C22BA but libmagic/rh shows 49C40F3A BA227C81 for the same files. A more recent version of file (v5.45) installed via macports shows the same as libmagic/rh. So choose your version of file(1) wisely. :-) Also, in case you need to re-encrypt regularly, I recommend assigning some label to the key and putting it in the filename (e.g. blah.gpg.key23). Then you don't need to look inside the file, and if it takes a long time to re-encrypt lots of files, you can easily see how it's progressing. cheers, raf _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users