Privacy Tools Guide

A dead man’s switch is a mechanism that triggers a predefined action when you fail to perform a periodic check-in. For developers and power users concerned about digital legacy, emergency access, or automated backups, this technique provides a reliable way to release encrypted files automatically. By combining cron scheduling with encrypted file management, you can ensure that sensitive data becomes accessible to designated recipients without manual intervention.

This guide walks through setting up a dead man’s switch using cron jobs to release encrypted files. The approach uses GPG encryption and shell scripting to achieve this securely.

Understanding the Architecture

The system operates on a simple premise: a cron job runs at scheduled intervals to check whether you’ve recently confirmed you’re still active. If no confirmation occurs within a defined period, the switch triggers and releases your encrypted files.

Three components make this work:

  1. A check-in marker file — Updated periodically to indicate you’re still in control
  2. A cron job — Runs daily to compare the last check-in time against a threshold
  3. A release script — Executes when the threshold is exceeded, decrypting and releasing files

This design keeps your encrypted files secure until the trigger condition is met, without requiring third-party services or cloud dependencies.

Preparing Your Environment

Before implementing the dead man’s switch, ensure you have the necessary tools installed:

# Check for GPG (Linux/macOS)
which gpg

# Check cron availability
which crontab

# Create a working directory
mkdir -p ~/deadman-switch/{keys,data,scripts}

GPG handles the encryption layer, while cron provides the scheduling. Both are standard utilities available on most Unix-like systems.

Creating Encrypted Files

First, generate an encryption key and create the files you want to release:

# Generate a GPG key (follow interactive prompts)
gpg --full-generate-key

# Export the public key for backup
gpg --armor --export your-email@example.com > public-key.asc

# Encrypt your sensitive file
echo "Important data to be released" > ~/deadman-switch/data/secret.txt
gpg --encrypt --recipient your-email@example.com \
    --output ~/deadman-switch/data/secret.txt.gpg \
    ~/deadman-switch/data/secret.txt

Keep your private key separate from the release mechanism. The dead man’s switch only needs the encrypted file and instructions for decryption.

Building the Release Script

Create a shell script that handles the release logic:

#!/bin/bash
# ~/deadman-switch/scripts/release.sh

SETTINGS_FILE="$HOME/deadman-switch/settings.conf"
DATA_DIR="$HOME/deadman-switch/data"
LOG_FILE="$HOME/deadman-switch/release.log"

# Load configuration
source "$SETTINGS_FILE"

# Check if release already happened
if [ -f "$DATA_DIR/.released" ]; then
    echo "$(date): Release already executed. Exiting." >> "$LOG_FILE"
    exit 0
fi

# Verify threshold exceeded
LAST_CHECKIN=$(cat "$DATA_DIR/.lastcheckin" 2>/dev/null)
CURRENT_TIME=$(date +%s)
TIME_DIFF=$((CURRENT_TIME - LAST_CHECKIN))
THRESHOLD_SECONDS=$((DAYS_THRESHOLD * 86400))

if [ "$TIME_DIFF" -lt "$THRESHOLD_SECONDS" ]; then
    echo "$(date): Check-in within threshold. No action." >> "$LOG_FILE"
    exit 0
fi

# Threshold exceeded - perform release
echo "$(date): Threshold exceeded. Executing release." >> "$LOG_FILE"

# Decrypt files (using batch mode with passphrase file)
gpg --batch --yes --passphrase-file "$DATA_DIR/.passphrase" \
    --decrypt "$DATA_DIR/secret.txt.gpg" > "$DATA_DIR/secret-decrypted.txt"

# Mark release as complete
touch "$DATA_DIR/.released"

# Notify (customize: email, upload to server, etc.)
echo "Dead man's switch triggered. Files released." | \
    mail -s "Dead Man Switch Activated" "$NOTIFY_EMAIL"

echo "$(date): Release complete." >> "$LOG_FILE"

The script checks whether release already occurred to prevent repeated executions. It uses a settings file for configurable parameters.

Creating Configuration and Check-In Files

The settings file contains your parameters:

# ~/deadman-switch/settings.conf
DAYS_THRESHOLD=7
NOTIFY_EMAIL="emergency@example.com"

The check-in mechanism uses a simple timestamp file:

# Initial setup - create the check-in file
date +%s > ~/deadman-switch/data/.lastcheckin

To perform a check-in, you periodically update this file:

# Run this manually (or via a personal reminder)
date +%s > ~/deadman-switch/data/.lastcheckin

Setting Up the Cron Job

Add a cron entry to run the check daily:

# Edit crontab
crontab -e

# Add this line (runs at 9 AM daily)
0 9 * * * /bin/bash /home/username/deadman-switch/scripts/release.sh >> /home/username/deadman-switch/cron.log 2>&1

The cron job runs the release script automatically. If you haven’t checked in within the threshold, the switch activates.

Testing the System

Before relying on this mechanism, test each component:

# Test the release script manually
cd ~/deadman-switch
# Set a short threshold for testing (e.g., 1 day = 1)
# Then manually set the check-in time to 2 days ago
echo $(( $(date +%s) - 172800 )) > data/.lastcheckin
# Run the script
./scripts/release.sh
# Verify the decrypted file appears
ls -la data/secret-decrypted.txt

Testing confirms the logic works before you depend on it for actual emergency release scenarios.

Security Considerations

A few points to strengthen your implementation:

Extending the System

You can enhance this basic implementation:

Built by theluckystrike — More at zovo.one

Explore Our Developer Guides

© 2026 theluckystrike Developer Guides