Find the answer to your Linux question:
Results 1 to 5 of 5
Hello I have a backup script that tars directories and place it on another FS, I want to include encryption of the files being transferred but without placing the encryption ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Sep 2010
    Posts
    8

    Encrypting Backups


    Hello I have a backup script that tars directories and place it on another FS, I want to include encryption of the files being transferred but without placing the encryption password in the backup script, is there a way to do that? would using keys be processing intensive for big files ? what do you advice

    Thanks

  2. #2
    Linux Guru Rubberman's Avatar
    Join Date
    Apr 2009
    Location
    I can be found either 40 miles west of Chicago, in Chicago, or in a galaxy far, far away.
    Posts
    11,380
    You could put the key in a secure file and read it into a local script variable. That way, your script doesn't have the plaintext key. Alternatively, if you use a public/private key, you can include the public key in the script, yet no one who doesn't know the private key will be able to decrrypt the data. That would be my recommendation.
    Sometimes, real fast is almost as good as real time.
    Just remember, Semper Gumbi - always be flexible!

  3. #3
    Just Joined!
    Join Date
    Sep 2010
    Posts
    8
    Thank you, I would love to use private/public keys but I think that would be processing intensive and will take long time for both encryption and decryption, right?

    what utility do you recommend, I've been searching openssl

  4. #4
    Just Joined!
    Join Date
    Sep 2010
    Posts
    8
    Thank you, I would love to use private/public keys but I think that would be processing intensive and will take long time for both encryption and decryption, right?

    what utility do you recommend, I've been searching openssl

  5. #5
    Linux Guru Rubberman's Avatar
    Join Date
    Apr 2009
    Location
    I can be found either 40 miles west of Chicago, in Chicago, or in a galaxy far, far away.
    Posts
    11,380
    Using a symmetric key vs. asymmetric keys may be more efficient, but given today's multi-core and multi-threaded systems, this isn't such an issue, depending upon the key length chosen. Only testing on your system will show whether or not it is going to be an issue for you. You can do that sort of test manually with PGP. FWIW, if you are going to compress the data as well as encrypt it, make sure you compress first.

    Anyway, your problem is very well known and it is an issue when using symmetric (shared) keys. They key itself is the greatest point of vulnerability. I highly recommend you read Bruce Schneier's book Applied Cryptography before you go down a path that you may regret. Getting this stuff (security) "right" is difficult and prone to errors which will compromise your data and system.
    Sometimes, real fast is almost as good as real time.
    Just remember, Semper Gumbi - always be flexible!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •