Well, shortly after I wrote about encrypting files with a keyfile / passphrase with gpg people asked about a solution with openssl.
You should prefer to use the gpg version linked above, but if you can't, below is a script offering the same functionality with openssl.
You basically call crypt_openssl <file> [<files...>]
to encrypt file
to file.aes
using the same keyfile as used in the gpg script (~/.gnupg/mykey001
per default).
A simple crypt_openssl -d <file.aes> [<files.aes...>]
will restore the original files from the encrypted AES256 version that you can safely transfer over the Internet even using insecure channels.
Please note that you should feed compressed data to crypt_openssl
whenever you can. So use preferably use it on .zip
or .tar.gz
files.
Continue reading "Encrypting files with openssl for synchronization across the Internet"
Automatically transferring (syncing) files between multiple computers is easy these days. Dropbox, owncloud or bitpocket to name a few. You can imagine I use the latter (if you want a recommendation)1.
In any case you want to encrypt what you send to be stored in "the cloud" even if it is just for a short time. There are many options how to encrypt the "in flight" data. Symmetric ciphers are probably the safest and most widely researched cryptography these days and easier to use than asymmetric key pairs in this context as well.
Encryption is notoriously hard to implement correctly and worthless when the implementation is flawed. So I looked at gpg, a well known reference implementation, and was amazed that it can neither use a proper keyfile for symmetric encryption (you can just supply a passphrase via --passphrase-file
) nor does it handle multiple files on the command line consistently.
You can use --multifile
(wondering...why does a command need that at all?) with --decrypt
and --encrypt
(asymmetric public/private key pair encryption) but not with --symmetric
(symmetric shared key encryption). Duh!
With a bit of scripting around the gpg shortcomings, you end up with crypt_gpg
that can nicely encrypt or decrypt multiple files (symmetric cipher) in one go.
Continue reading "Encrypting files with gpg for synchronization across the Internet"