Encrypting Backups

[abusam]

Hello I have a backup script that tars directories and place it on another FS, I want to include encryption of the files being transferred but without placing the encryption password in the backup script, is there a way to do that? would using keys be processing intensive for big files ? what do you advice

Thanks

[Rubberman]

You could put the key in a secure file and read it into a local script variable. That way, your script doesn't have the plaintext key. Alternatively, if you use a public/private key, you can include the public key in the script, yet no one who doesn't know the private key will be able to decrrypt the data. That would be my recommendation.

[abusam]

Thank you, I would love to use private/public keys but I think that would be processing intensive and will take long time for both encryption and decryption, right?

what utility do you recommend, I've been searching openssl

[abusam]

Thank you, I would love to use private/public keys but I think that would be processing intensive and will take long time for both encryption and decryption, right?

what utility do you recommend, I've been searching openssl

[Rubberman]

Using a symmetric key vs. asymmetric keys may be more efficient, but given today's multi-core and multi-threaded systems, this isn't such an issue, depending upon the key length chosen. Only testing on your system will show whether or not it is going to be an issue for you. You can do that sort of test manually with PGP. FWIW, if you are going to compress the data as well as encrypt it, make sure you compress first.

Anyway, your problem is very well known and it is an issue when using symmetric (shared) keys. They key itself is the greatest point of vulnerability. I highly recommend you read Bruce Schneier's book Applied Cryptography before you go down a path that you may regret. Getting this stuff (security) "right" is difficult and prone to errors which will compromise your data and system.