Any interest in a gpg/openssl encryption and signing gui application for RHEL?

Latest response

WHAT?

I created just what the subject says: Pyrite, a OpenSSL/GnuPG encryption & signing frontend... catch is that I used python 2.7 and features of GTK+ 2.24 -- neither of which ship in RHEL6. Over the last year a few people have contacted me about getting this working in RHEL6 and so I wanted to gauge interest here. I would need to patch out some of the features, but it's probably doable.

SCREENSHOTS

Text input area for text encryption/decryption. Can do simple symmetric or asymmetric (or both). Can encrypt to self (auto-detects your key), tweak the cipher, do encrypt+sign, send to multiple recipients at once, etc.


Has a separate sign/verify mode for doing signing/verifying without encryption. Allows creating clearsign or detached signatures.


Per-user preferences system.


Can operate directly on binary (or text) files without loading them into buffer. Has pause and cancel buttons for large files.


Extremely configurable. Keyboard shortcuts for the most important things.


OpenSSL mode of course disables many things.


Help page showing cmdline-options.

[rsaw]$ pyrite -h
usage: pyrite [-h] [-d | -t] [-e | -s] [-c] [-r RECIP] [-k KEYUID]
              [-b {gpg,openssl}]
              [INPUT]

GnuPG/OpenSSL GUI to encrypt, decrypt, sign, or verify files/ASCII text input.

positional arguments:
  INPUT                 ascii input file to populate Message area with (NOTE:
                        treatment of INPUT is modified by '-t' & '-d')

optional arguments:
  -h, --help            show this help message and exit
  -d, --direct-file     flag INPUT as a file path to open in direct-mode
  -t, --text-input      flag INPUT as text instead of a file path
  -e, --encdec          enable encrypt/decrypt mode
  -s, --signverify      enable sign/verify mode
  -c, --symmetric       enable symmetric encryption mode
  -r RECIP, --recipients RECIP
                        recipients for asymmetric mode (semicolon-separated)
  -k KEYUID, --defaultkey KEYUID
                        override default gpg private key
  -b {gpg,openssl}, --backend {gpg,openssl}
                        backend program to use as encryption engine

Not captured in screenshot:
There are verbose tooltips for every radio button, check box, and button.

SUMMARY

Note that there's an RPM for Fedora in my yum repo ... but as I said at the top, right now I'm interested in gauging interest for a port to RHEL. Thanks for reading!

Responses

How would this be made available for RHEL subscribers?
And is its purpose to make encrypted communication easier, instead of sending plaintext mail?

"How would this be made available for RHEL subscribers?"

  • Well, the most likely scenario is that I would get it included in EPEL7 and RHEL7 users would have the option of installing it (without direct Red Hat support).

"And is its purpose to make encrypted communication easier, instead of sending plaintext mail?"

  • How you use it is up to you ... Existing email solutions are pretty full-featured (e.g., Enigmail in Thunderbird) and I would use them if it's simple email communication you're after.
  • On the other hand, if only file encryption is needed -- or if email isn't the communication medium -- Pyrite has a lot to offer in that it makes all of the cool features GnuPG (and some of those of OpenSSL) more easily accessible.

So are you saying a use case might be someone who created a document in RHEL and wants to encrypt it before storing it, say, in a cloud storage service?
When you say RHEL users would have the option of installing it -- if that indeed turns out to be the case -- then would it be a matter of a simple yum command?

"So are you saying a use case might be someone who created a document in RHEL and wants to encrypt it before storing it, say, in a cloud storage service?"

  • Sure. Of course this can be done on the command-line with either openssl or gpg; however, pyrite makes it easy with a GUI interface.
  • With pyrite, you don't have to learn all about encryption in order to figure out what cmdline options you need to utilize for accomplishing your goal; you can just explore a bit with the GUI and then you're done.
  • Additionally, you get easy access to ...
    • verbose details while encryption/decryption is running
    • you can easily pause/unpause operations on large files
    • you can easily tweak settings that would normally require a heavy amount of man-page inspection
    • you can set defaults for tons of different settings (and overrride some of them with cmdline options)

"When you say RHEL users would have the option of installing it -- if that indeed turns out to be the case -- then would it be a matter of a simple yum command?"

  • Well, Fedora users can install it now with 2 simple yum commands (below) so yes, as soon as RHEL7 comes out, RHEL7 users would be able to do the same. What would be even better is if I get Pyrite added directly to Fedora and then eventually RHEL .. or simply EPEL, which would lead to the possibility of install with 1 command.

The 2 commands Fedora users need now to install pyrite:
1. yum install http://people.redhat.com/rsawhill/rpms/latest-rsawaroha-release.rpm
2. yum install pyrite