From owner-freebsd-questions@FreeBSD.ORG Sat Sep 4 22:33:01 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C508010656A3 for ; Sat, 4 Sep 2010 22:33:01 +0000 (UTC) (envelope-from bernt@bah.homeip.net) Received: from feeder.usenet4all.se (1-1-1-38a.far.sth.bostream.se [82.182.32.53]) by mx1.freebsd.org (Postfix) with ESMTP id 423C68FC08 for ; Sat, 4 Sep 2010 22:33:00 +0000 (UTC) Received: from kw.homeip.net (c80-217-68-0.bredband.comhem.se [80.217.68.0] (may be forged)) by feeder.usenet4all.se (8.13.1/8.13.1) with ESMTP id o84MWtnR007898; Sun, 5 Sep 2010 00:32:58 +0200 (CEST) (envelope-from bernt@bah.homeip.net) Message-ID: <4C82C917.8000305@bah.homeip.net> Date: Sun, 05 Sep 2010 00:32:55 +0200 From: Bernt Hansson User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; sv-SE; rv:1.9.1.11) Gecko/20100817 Thunderbird/3.0.6 MIME-Version: 1.0 To: Timm Wimmers References: <4C729C29.2090206@ticore.de> In-Reply-To: <4C729C29.2090206@ticore.de> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org Subject: Re: Directory Encryption? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 04 Sep 2010 22:33:01 -0000 2010-08-23 18:04, Timm Wimmers skrev: > Am 23.08.2010 16:36, schrieb Chris Maness: >> What is a good tool to encrypt a directory? I need an application >> that is also readily available for Apple OSX, and that does not get >> mangled when transferring via rsync. > > How about "openssl'? > > Encrypt a TARed directory: > > $ tar cjf - /path/to/source/folder | \ > openssl enc -e -bf -out OUTFILE.tgz.enc -pass pass:MYSILLYPASS > > > Decrypt: > > $ openssl enc -d -bf \ > -in OUTFILE.tgz.enc \ > -out OUTFILE.tgz \ > -pass pass:MYSILLYPASS > > There are also ways to encrypt with keys, see manpage. Or A single file Encrypt and decrypt: # openssl aes-128-cbc -salt -in file -out file.aes # openssl aes-128-cbc -d -salt -in file.aes -out file Note that the file can of course be a tar archive. tar and encrypt a whole directory # tar -cf - directory | openssl aes-128-cbc -salt -out directory.tar.aes # Encrypt # openssl aes-128-cbc -d -salt -in directory.tar.aes | tar -x -f - # Decrypt tar zip and encrypt a whole directory # tar -zcf - directory | openssl aes-128-cbc -salt -out directory.tar.gz.aes # Encrypt # openssl aes-128-cbc -d -salt -in directory.tar.gz.aes | tar -xz -f - # Decrypt * Use -k mysecretpassword after aes-128-cbc to avoid the interactive password request. However note that this is highly insecure. * Use aes-256-cbc instead of aes-128-cbc to get even stronger encryption. This uses also more CPU. http://cb.vu/unixtoolbox.xhtml#crypt