Encryption - secure tar-files
Today a co-worker came to my desk with a rather simple but interesting question: “What software do you know that can encrypt a file or directory? The encrypted result needs to be sent abroad on a USB-disk.“
Without hesitating I answered that TrueCrypt could do the job, but then he replied: “Does that work on both Linux and IBM AIX?” (FYI: the data had to come from AIX and had to end-up on Linux). Ehr… Linux yes, AIX no. So I had to re-think…
Then I remembered OpenSSL is installed by default on (almost) all Unix-computers and this opened a new solution. In fact, it’s very simple.
First create a gzipped tar-file of the directory (where “/foo” is the directory containing all files to be encrypted):
# tar zcvfp /root/foo.tar.gz /foo
Next change the ownership to make it a little more secure by default:
# chown 600 /root/foo.tar.gz
Now we start encrypting the created tar-file using OpenSSL with the Blowfish-algorithm. When you press enter after the openssl-command you will be asked for a password. Keep this in mind and keep it secret. If lost there’s no way to recover your precious data!
# openssl enc -blowfish -in /root/foo.tar.gz -out /root/foo.tgz.bf</p>
<p>enter bf-cbc encryption password:</p>
<p>Verifying - enter bf-cbc encryption password:
You’ll end up with a file named “foo.tgz.bf” in root’s home-directory that is impossible to read and understand.
To decrypt this file one goes the other way around like this:
# openssl enc -d -blowfish < /root/foo.tgz.bf | tar zxvf -</p>
<p>enter bf-cbc decryption password:
Enter the password and tada, there’s your data!
Oh and my co-worker returned ten minutes later with a smile on his face.