Wednesday, May 1, 2024
Homepage · backup
 Popular · Latest · Hot · Upcoming
18
rated 0 times [  18] [ 0]  / answers: 1 / hits: 77569  / 2 Years ago, sat, may 14, 2022, 2:56:56

I have a script which creates a nightly backup of several directories.



It is created using tar -czf, and the destination tar.gz file path is on a mounted network directory. The resulting file is about 1.2Gb large.



The network speed is reasonably fast (copying from the network drive to the local occurs at ~28MB/sec).



Now I want to use public-key encryption to encrypt the tar.gz file before transferring it to the network drive, and would like to know what the best way to do so is.



Should I create the file locally first, encrypt it, and then copy over?
Or is there a way to "stream" tar output through an encryption process, and write the results directly to the network drive?


More From » backup
 Answers
4

The following process encrypts the file on local disk first, and can then be sent over the network (or stored however needed)





First, generate public and private keys (done only once):



openssl genrsa -out key.pem 2048

openssl rsa -in key.pem -out key-public.pem -outform PEM -pubout


Then, at each backup:




  1. Generate long random passphrase, save in file




    • echo -n "Tl4R6dnvWXiDeXr1LtpCNkyLG1" > key.txt


  2. encrypt file with passphase




    • openssl enc -aes-256-cbc -pass file:key.txt < UNENCRYPTED_FILE > encrypted.dat


  3. encrypt passphrase with public key




    • openssl rsautl -encrypt -pubin -inkey key-public.pem < key.txt > enc.key.txt




Then save encrypted.dat AND enc.key.txt where desired.





To decrypt:




  1. Decrypt encrypted passphrase with private key




    • openssl rsautl -decrypt -inkey key.pem < enc.key.txt > key.txt


  2. Decrypt file




    • openssl enc -aes-256-cbc -d -pass file:key.txt < encrypted.dat > UNENCRYPTED_FILE






This is a lot longer than Florian's anwser, but I decided to use it so I can better understand the process, and not depend on server-dependent GPG configuration variables, etc. I also couldn't find any useful GPG documentation.


[#40916] Saturday, May 14, 2022, 2 Years  [reply] [flag answer]
Only authorized users can answer the question. Please sign in first, or register a free account.
ndeecru
Add To Favorites
Follow
Total Points: 109
Total Questions: 128
Total Answers: 117
Location: Czech Republic
Member since Thu, Aug 11, 2022
2 Years ago
;