Like the process described in Encrypting Filespooler Jobs with GPG, Filespooler can handle packets Encrypted with Age (Encryption). Age may be easier than GnuPG in a number of cases, particularly because it can use a person’s existing SSH keypairs for encryption.
This process is fundamentally quite similar to handling encryption with GnuPG: we’ll be adding an encryption command in the pipe after prepare, and adding a decoder to the queue processing commands.
How to use age
First, let’s generate our keypair:
$ age-keygen -o test.age.sec
Public key: age1apfzl3df26aur7rd0stps75gf6fretpdjwhtvjm7t3uru47sjqvsvmx0sh
Now, the sender needs to know that public key and the recipient needs to have the
test.age.sec file. So, say we have done
fspl queue-init -q ~/q and want to add a packet to it:
sender$ echo hi \
| fspl prepare -i - -s ~/seq \
| age -e -r age1apfzl3df26aur7rd0stps75gf6fretpdjwhtvjm7t3uru47sjqvsvmx0sh \
| fspl queue-write -q ~/q
OK, that’s the encryption bit. How about the decryption?
receiver$ $ fspl queue-ls -q /tmp/q -d 'age -d -i test.age.sec'
ID creation timestamp filename
1 2022-05-20T22:52:39-05:00 fspl-c537c39d-984d-4dc6-b488-9048124b8d75.fspl
That’s all there was to it! We gave
queue-ls (could have easily been
queue-process or some such also) the decoder that caused age to decode the data using the secret key. Done!
Links to this note
It seems that lately I’ve written several shell implementations of a simple queue that enforces ordered execution of jobs that may arrive out of order. After writing this for the nth time in bash, I decided it was time to do it properly. But first, a word on the why of it all.
Filespooler lets you request the remote execution of programs, including stdin and environment. It can use tools such as S3, Dropbox, Syncthing, NNCP, ssh, UUCP, USB drives, CDs, etc. as transport; basically, a filesystem is the network for Filespooler. Filespooler is particularly suited to distributed and Asynchronous Communication.