Hide

What's this?

commandlinefu.com is the place to record those command-line gems that you return to again and again.

Delete that bloated snippets file you've been using and share your personal repository with the world. That way others can gain from your CLI wisdom and you from theirs too. All commands can be commented on, discussed and voted up or down.


If you have a new feature suggestion or find a bug, please get in touch via http://commandlinefu.uservoice.com/

Get involved!

You can sign-in using OpenID credentials, or register a traditional username and password.

First-time OpenID users will be automatically assigned a username which can be changed after signing in.

Hide

Stay in the loop…

Follow the Tweets.

Every new command is wrapped in a tweet and posted to Twitter. Following the stream is a great way of staying abreast of the latest commands. For the more discerning, there are Twitter accounts for commands that get a minimum of 3 and 10 votes - that way only the great commands get tweeted.

» http://twitter.com/commandlinefu
» http://twitter.com/commandlinefu3
» http://twitter.com/commandlinefu10

Subscribe to the feeds.

Use your favourite RSS aggregator to stay in touch with the latest commands. There are feeds mirroring the 3 Twitter streams as well as for virtually every other subset (users, tags, functions,…):

Subscribe to the feed for:

Hide

News

2011-03-12 - Confoo 2011 presentation
Slides are available from the commandlinefu presentation at Confoo 2011: http://presentations.codeinthehole.com/confoo2011/
2011-01-04 - Moderation now required for new commands
To try and put and end to the spamming, new commands require moderation before they will appear on the site.
2010-12-27 - Apologies for not banning the trolls sooner
Have been away from the interwebs over Christmas. Will be more vigilant henceforth.
2010-09-24 - OAuth and pagination problems fixed
Apologies for the delay in getting Twitter's OAuth supported. Annoying pagination gremlin also fixed.
Hide

Tags

Hide

Functions

Commands tagged GPG from sorted by
Terminal - Commands tagged GPG - 26 results
x=KEY; gpg --keyserver subkeys.pgp.net --recv $x; gpg --export --armor $x | sudo apt-key add -
2013-11-26 10:49:32
User: sxiii
Functions: gpg sudo
1

Replace KEY with GPG key. This command will load GPG key and add it to your system so you can use software from third party repos etc.

icedove --compose subject=$(polygen ~/.icedove/xxxxxxx.default/bofh.grm)
2013-10-08 16:29:16
User: vinc3nt
0

The subject in a gpg mail isn't encrypted. For people without imagination this often becomes a drama.

Requirement:

1. Install polygen

sudo apt-get install polygen

2. Download "Bastard Operator From Hell Excuses" dictionary:

cd ~/.icedove/xxxxxxx.default/ && wget http://www.polygen.org/polygen/source/ita/bofh.grm
echo 'HelloWorld!' | gpg --symmetric | base64
2013-07-06 08:30:35
User: ryanchapman
Functions: echo gpg
Tags: GPG
0

Need to encrypt something from the command line? I've used this before to encrypt passwords with a master password that was shared amongst a team.

To decrypt:

~$ echo -n 'jA0EAwMCPdknsznAww5gySL1/quqhXg6QgQkIz5abzGP5EZgTbXCFU+y6dP8ySWovytc' | base64 --decode | gpg --decrypt

gpg: CAST5 encrypted data

Enter passphrase: secret

gpg: encrypted with 1 passphrase

HelloWorld!

tar zcf - foo | gpg -c --cipher-algo aes256 -o foo.tgz.gpg
2013-03-13 09:44:39
User: skkzsh
Functions: gpg tar
0

Decrypt with:

gpg -o- foo.tgz.gpg | tar zxvf -
echo "ls" > script.bash; gpg -c script.bash; cat script.bash.gpg | gpg -d --no-mdc-warning | bash
2013-03-10 09:34:12
User: betsubetsu
Functions: cat echo gpg
-2

echo "ls" > script.bash;

This is my script, a simple 'ls'.

gpg -c script.bash;

Here I encrypt and passord-protect my script. This creates file script.bash.gpg.

cat script.bash.gpg | gpg -d --no-mdc-warning | bash

Here I open file script.bash.gpg, decrypt it and execute it.

for i in `gpg --list-sigs | perl -ne 'if(/User ID not found/){s/^.+([a-fA-F0-9]{8}).*/\1/; print}' | sort | uniq`; do gpg --keyserver-options no-auto-key-retrieve --recv-keys $i; done
2013-03-10 09:15:15
User: hank
Functions: gpg perl sort
Tags: bash GPG sed fetch
0

The original command doesn't work for me - does something weird with sed (-r) and xargs (-i) with underscores all over...

This one works in OSX Lion. I haven't tested it anywhere else, but if you have bash, gpg and perl, it should work.

read -p 'Script: ' S && C=$S.crypt H='eval "$((dd if=$0 bs=1 skip=//|gpg -d)2>/dev/null)"; exit;' && gpg -c<$S|cat >$C <(echo $H|sed s://:$(echo "$H"|wc -c):) - <(chmod +x $C)
2013-03-10 08:59:45
User: rodolfoap
Functions: cat chmod echo gpg read sed wc
5

(Please see sample output for usage)

Use any script name (the read command gets it) and it will be encrypted with the extension .crypt, i.e.:

myscript --> myscript.crypt

You can execute myscript.crypt only if you know the password. If you die, your script dies with you.

If you modify the startup line, be careful with the offset calculation of the crypted block (the XX string).

Not difficult to make script editable (an offset-dd piped to a gpg -d piped to a vim - piped to a gpg -c directed to script.new ), but not enough space to do it on a one liner.

Sorry for the chmod on parentheses, I dont like "-" at the end.

Thanks flatcap for the subshell abbreviation to /dev/null

echo "eval \"\$(dd if=\$0 bs=1 skip=XX 2>/dev/null|gpg -d 2>/dev/null)\"; exit" > script.secure; sed -i s:XX:$(stat -c%s script.secure): script.secure; gpg -c < script.bash >> script.secure; chmod +x script.secure
2013-03-09 11:16:48
User: rodolfoap
Functions: chmod echo gpg sed stat
6

(Please see sample output for usage)

script.bash is your script, which will be crypted to script.secure

script.bash --> script.secure

You can execute script.secure only if you know the password. If you die, your script dies with you.

If you modify the startup line, be careful with the offset calculation of the crypted block (the XX string).

Not difficult to make script editable (an offset-dd piped to a gpg -d piped to a vim - piped to a gpg -c directed to script.new ), but not enough space to do it on a one liner.

gpg --export 0xDEADBEEF | gpg --list-packets | grep -Pzao ':signature packet:.*\n\t.*sigclass 0x20(\n\t.*)*'
2013-03-05 14:11:11
User: claudius
Functions: gpg grep
Tags: GPG revocation
0

Shows a sigclass 0x20 (Key revocation) signature packet on a key, including all subpackets. Subpacket 2 is the date of revocation, subpacket 26 the relevant policy, subpacket 29 the reason of revocation (cf. http://rfc.askapache.com/rfc4880/rfc4880.html#section-5.2.3.23 ) and subpacket 16 the issuer of the revocation certificate (usually should be the same as the revoked key).

wget --input-file=~/donwloads.txt --user="$USER" --password="$(gpg2 --decrypt ~/.gnupg/passwd/http-auth.gpg 2>/dev/null)"
2012-12-13 00:14:55
User: kyle0r
Functions: wget
Tags: GPG password
1

In this example, where the users gpg keyring has a password, the user will be interactively prompted for the keyring password.

If the keyring has no password, same as above, sans the prompt. Suitable for cron jobs.

~/.gnupg/passwd/http-auth.gpg is the encrypted http auth password, for this particular wget use case.

This approach has many use cases.

example bash functions:

function http_auth_pass() { gpg2 --decrypt ~/.gnupg/passwd/http-auth.gpg 2>/dev/null; }

function decrypt_pass() { gpg2 --decrypt ~/.gnupg/passwd/"$1" 2>/dev/null; }

gpg -c sensitive.txt; gpg sensitive.txt.gpg
gpg -d file.txt.gpg -o file.txt
gpg --verify file.txt.asc file.txt
gpg -c file.txt
gpg -ser 'myfriend@gmail.com' file.txt
2011-09-17 04:51:02
User: kev
Functions: gpg
Tags: GPG
-3

-s

Make a signature.

-e

Encrypt data.

-r

Encrypt for user id name.

gpg -ab file.txt
gpg -e --default-recipient-self <SENSITIVE_FILE> && shred -zu "$_"
2011-07-24 05:51:47
User: h3xx
Functions: gpg shred
Tags: GPG shred
0

Make sure the file contents can't be retrieved if anyone gets ahold of your physical hard drive.

With hard drive partition:

gpg --default-recipient-self -o /path/to/encrypted_backup.gpg -e /dev/sdb1 && shred -z /dev/sdb1

WARNING/disclaimer: Be sure you... F&%k it--just don't try this.

gpg --list-sigs | sed -rn '/User ID not found/s/^sig.+([a-FA-F0-9]{8}).*/\1/p' | xargs -i_ gpg --keyserver-options no-auto-key-retrieve --recv-keys _
2011-07-22 16:31:25
User: lingo
Functions: gpg sed xargs
Tags: GPG sed fetch
0

For instance, if people have signed your key, this will fetch the signers' keys.

gpg --gen-random --armor 1 30
2011-07-20 15:32:49
User: atoponce
Functions: gpg
10

According to the gpg(1) manual:

--gen-random 0|1|2 count

Emit count random bytes of the given quality level 0, 1 or 2. If count is not given or zero, an endless sequence of random bytes will be emitted. If used with --armor the output will be base64 encoded. PLEASE, don't use this command unless you know what you are doing; it may remove precious entropy from the system!

If your entropy pool is critical for various operations on your system, then using this command is not recommended to generate a secure password. With that said, regenerating entropy is as simple as:

du -s /

This is a quick way to generate a strong, base64 encoded, secure password of arbitrary length, using your entropy pool (example above shows a 30-character long password).

gpg --refresh-keys
tar -cvz /<path>/ | gpg --encrypt --recipient <keyID> > /<backup-path>/backup_`date +%d_%m_%Y`.tar.gz.gpg
2011-02-23 14:19:08
User: kaiserkailua
Functions: gpg tar
Tags: GPG tar.gz
1

Create a encrypted tar.gz file from a directory on the fly. The encryption is done by GPG with a public key. The resulting filename is tagged with the date of creation. Very usefull for encrypted snapshots of folders.

cat private-file | gpg2 --encrypt --armor --recipient "Disposable Key" | mailx -s "Email Subject" user@email.com
2009-10-19 20:38:37
User: slashdot
Functions: cat mailx
2

This is a quick and easy way of encrypting files in a datastream, without ever really creating an output file from gpg. Useful with cron also, when file(s) have to be sent based on a set schedule.

sleeper(){ while `ps -p $1 &>/dev/null`; do echo -n "${2:-.}"; sleep ${3:-1}; done; }; export -f sleeper
12

Very useful in shell scripts because you can run a task nicely in the background using job-control and output progress until it completes.

Here's an example of how I use it in backup scripts to run gpg in the background to encrypt an archive file (which I create in this same way). $! is the process ID of the last run command, which is saved here as the variable PI, then sleeper is called with the process id of the gpg task (PI), and sleeper is also specified to output : instead of the default . every 3 seconds instead of the default 1. So a shorter version would be sleeper $!;

The wait is also used here, though it may not be needed on your system.

echo ">>> ENCRYPTING SQL BACKUP" gpg --output archive.tgz.asc --encrypt archive.tgz 1>/dev/null & PI=$!; sleeper $PI ":" 3; wait $PI && rm archive.tgz &>/dev/null

Previously to get around the $! not always being available, I would instead check for the existance of the process ID by checking if the directory /proc/$PID existed, but not everyone uses proc anymore. That version is currently the one at http://www.askapache.com/linux-unix/bash_profile-functions-advanced-shell.html but I plan on upgrading to this new version soon.

eval $(sed -n "s/^d[^D]*DB_\([NUPH]\)[ASO].*',[^']*'\([^']*\)'.*/_\1='\2'/p" wp-config.php) && mysqldump --opt --add-drop-table -u$_U -p$_P -h$_H $_N | gpg -er AskApache >`date +%m%d%y-%H%M.$_N.sqls`
2009-08-18 07:03:08
User: AskApache
Functions: eval gpg sed
3

The coolest way I've found to backup a wordpress mysql database using encryption, and using local variables created directly from the wp-config.php file so that you don't have to type them- which would allow someone sniffing your terminal or viewing your shell history to see your info.

I use a variation of this for my servers that have hundreds of wordpress installs and databases by using a find command for the wp-config.php file and passing that through xargs to my function.

pwsafe -qa "gpg keys"."$(finger `whoami` | grep Name | awk '{ print $4" "$5 }')"
2009-05-07 14:49:56
User: denzuko
0

From time to time one forgets either thier gpg key or other passphrases. This can be very problematic in most cases. But luckily there's this script. Its based off of pwsafe which is a unix commandline program that manages encrypted password databases. For more info on pwsafe visit, http://nsd.dyndns.org/pwsafe/.

What this script does is it will help you store all your passphrases for later on and allow you to copy it to your clipboard so you can just paste it in, all with one password. Pretty neat no?

You can find future releases of this and many more scripts at The Teachings of Master Denzuko - denzuko.wordpress.com.