Where developers come to connect, share, build and be inspired.

4

OpenSSL Encrypted Tar Backups for UNIX-like's

2031 views


This method uses the static file with password to encrypt the tar archives. It's really convenient for cron-scheduled backups.

If you want to enter password each time ommit steps 1-3 and each -pass switch/value to openssl.

  • Generate long (e.g 40 characters) random password in ~/.pass :

head -c 100 /dev/urandom | strings -n1 | tr -d '[:space:]' | head -c 40 >> ~/.pass

  • Export custom PASS variable in your shell rc file to point to our password file and source it:

echo "export PASS=~/.pass" >> ~/.zshrc && source ~/.zshrc

  • Protect it from prying eyes:

chmod 400 ~/.pass

  • Compress and encrypt archive with defined password:

tar czf - /some-dir-or-file | openssl enc -e -aes-256-cbc -out archive.enc -pass env:PASS

  • To decrypt the archive issue the following:

openssl enc -d -aes-256-cbc -in archive.enc -pass env:PASS | tar zxf -

Profit.

Comments

  • A063326d22cb0ecaf87f2d878c64270b

    ******* DO NOT FOLLOW THESE INSTRUCTIONS THEY ARE VERY BAD ********

    Using 'env:PASS" as the password makes it use the variable itself: "~/.pass" as the password. This is obviously very bad. I would suggest taking this posting down and refraining from giving further advice.

    Also, first command won't always result in 40 characters, and if you're really unlucky, could result in none. Suggest replacing 'head -c 100' with 'cat'.

  • F616f727254aed8092d8ccfb768ba441

    @marcisreid RTFM before you complain.... it works correctly env: casuses openssl to use env

    you can test it by using 2 different variables (if you still insist on not typing man openssl) with same content, like that:

    date > date;export PASS1=pwd ; export PASS2=pwd ;cat date| openssl enc -e -aes-256-cbc -out archive.enc -pass env:PASS1 ;openssl enc -d -aes-256-cbc -in archive.enc -pass env:PASS2

Add a comment