Encrypt Archives with gpg and OpenSSL
August 28, 2012Encrypting archives is particularly useful when backing up large amounts of data or sending sensitive files. There are a variety of ways to encrypt archives.
Quick and Easy: gpg
To archive and encrypt a directory using gpg, run this command:
tar -cz your_dir | gpg -c -o your_archive.tgz.gpg
To unarchive it later, use this:
gpg -d your_archive.tgz.gpg | tar xz
Encrypting with Keys: openssl
First, create your keys. You only need to do this once, and with all subsequent archives, you can may just use the keys you created previously:
openssl genrsa -out key.pem 2048
openssl rsa -in key.pem -out key-public.pem -outform PEM -pubout
Now archive the directory or files you wish to encrypt and then save a passphrase into a file:
echo -n "your passphrase here" > key.txt
Use openssl to encrypt to encrypt your newly created archive using the file you just created:
openssl enc -aes-256-cbc -pass file:key.txt < UNENCRYPTED_FILE > encrypted.dat
Encrypt your passphrase using the public key you created in the beginning:
openssl rsautl -encrypt -pubin -inkey key-public.pem < key.txt > enc.key.txt
Save encrypted.dat
and enc.key.txt
in a safe and accessible place. You will need them to decrypt the archive.
In order to decrypt the archive, first decrypt your passkey text file using your private key:
openssl rsautl -decrypt -inkey key.pem < enc.key.txt > key.txt
Decrypy the file after decrypting your passkey file:
openssl enc -aes-256-cbc -d -pass file:key.txt < encrypted.dat > UNENCRYPTED_FILE
Using openssl is far more complicated, but it is more reliable and supported compared to gpg.
Comments