💾 Archived View for complete.org › encrypting-filespooler-jobs-with-age captured on 2024-08-24 at 23:40:35. Gemini links have been rewritten to link to archived content
-=-=-=-=-=-=-
Like the process described in Encrypting Filespooler Jobs with GPG[1], Filespooler[2] can handle packets Encrypted[3] with Age (Encryption)[4]. Age may be easier than GnuPG in a number of cases, particularly because it can use a person's existing SSH keypairs for encryption.
1: /encrypting-filespooler-jobs-with-gpg/
This process is fundamentally quite similar to handling encryption with GnuPG: we'll be adding an encryption command in the pipe after prepare, and adding a decoder to the queue processing commands.
First, let's generate our keypair:
$ age-keygen -o test.age.sec Public key: age1apfzl3df26aur7rd0stps75gf6fretpdjwhtvjm7t3uru47sjqvsvmx0sh
Now, the sender needs to know that public key and the recipient needs to have the `test.age.sec` file. So, say we have done `fspl queue-init -q ~/q` and want to add a packet to it:
sender$ echo hi \ | fspl prepare -i - -s ~/seq \ | age -e -r age1apfzl3df26aur7rd0stps75gf6fretpdjwhtvjm7t3uru47sjqvsvmx0sh \ | fspl queue-write -q ~/q
OK, that's the encryption bit. How about the decryption?
receiver$ $ fspl queue-ls -q /tmp/q -d 'age -d -i test.age.sec' ID creation timestamp filename 1 2022-05-20T22:52:39-05:00 fspl-c537c39d-984d-4dc6-b488-9048124b8d75.fspl
That's all there was to it! We gave `queue-ls` (could have easily been `queue-process` or some such also) the decoder that caused age to decode the data using the secret key. Done!
--------------------------------------------------------------------------------
5: /introduction-to-filespooler/
It seems that lately I've written several shell implementations of a simple queue that enforces ordered execution of jobs that may arrive out of order. After writing this for the nth time in bash, I decided it was time to do it properly. But first, a word on the *why* of it all.
6: /encrypting-filespooler-jobs-with-gpg/
Thanks to Filespooler[7]'s support for decoders, data for filespooler can be Encrypted[8] at rest and only decrypted when Filespooler needs to scan or process a queue.
Filespooler lets you request the remote execution of programs, including stdin and environment. It can use tools such as S3, Dropbox, Syncthing[10], NNCP[11], ssh, UUCP[12], USB drives, CDs, etc. as transport; basically, a filesystem is the network for Filespooler.
Filespooler is particularly suited to distributed and Asynchronous Communication[13].
13: /asynchronous-communication/
(c) 2022-2024 John Goerzen