tlec0g
2.214K
· August 2014 ·
154217343e9947436ed4e790ea10c787

OpenSSL Encrypted Tar Backups for UNIX-like's

This method uses the static file with password to encrypt the tar archives.
It's really convenient for cron-scheduled backups.

If you want to enter password each time ommit steps 1-3 and each -pass switch/value to openssl.

  • Generate long (e.g 40 characters) random password in ~/.pass :

head -c 100 /dev/urandom | strings -n1 | tr -d '[:space:]' | head -c 40 >> ~/.pass

  • Export custom PASS variable in your shell rc file to point to our password file and source it:

echo "export PASS=~/.pass" >> ~/.zshrc && source ~/.zshrc

  • Protect it from prying eyes:

chmod 400 ~/.pass

  • Compress and encrypt archive with defined password:

tar czf - /some-dir-or-file | openssl enc -e -aes-256-cbc -out archive.enc -pass env:PASS

  • To decrypt the archive issue the following:

openssl enc -d -aes-256-cbc -in archive.enc -pass env:PASS | tar zxf -

Profit.

Sign in or sign up to add your response.

2 Responses

16330
A063326d22cb0ecaf87f2d878c64270b

******* DO NOT FOLLOW THESE INSTRUCTIONS THEY ARE VERY BAD ********

Using 'env:PASS" as the password makes it use the variable itself: "~/.pass" as the password. This is obviously very bad. I would suggest taking this posting down and refraining from giving further advice.

Also, first command won't always result in 40 characters, and if you're really unlucky, could result in none. Suggest replacing 'head -c 100' with 'cat'.

over 1 year ago ·
16345
F616f727254aed8092d8ccfb768ba441

@marcisreid RTFM before you complain.... it works correctly env: casuses openssl to use env

you can test it by using 2 different variables (if you still insist on not typing man openssl) with same content, like that:

date > date;export PASS1=pwd ; export PASS2=pwd ;cat date| openssl enc -e -aes-256-cbc -out archive.enc -pass env:PASS1 ;openssl enc -d -aes-256-cbc -in archive.enc -pass env:PASS2

over 1 year ago ·
Featured Programming Job

Full Stack Developer
·
Roselle - Remote
·
Full Time
Search all programming jobs