Date: Sun, 05 Sep 2010 00:32:55 +0200 From: Bernt Hansson <bernt@bah.homeip.net> To: Timm Wimmers <timm@ticore.de> Cc: freebsd-questions@freebsd.org Subject: Re: Directory Encryption? Message-ID: <4C82C917.8000305@bah.homeip.net> In-Reply-To: <4C729C29.2090206@ticore.de> References: <AANLkTinCmLAFMbeDmVoDo=65RCiLqu_54ocNL3eZSOiG@mail.gmail.com> <4C729C29.2090206@ticore.de>
next in thread | previous in thread | raw e-mail | index | archive | help
2010-08-23 18:04, Timm Wimmers skrev:
> Am 23.08.2010 16:36, schrieb Chris Maness:
>> What is a good tool to encrypt a directory? I need an application
>> that is also readily available for Apple OSX, and that does not get
>> mangled when transferring via rsync.
>
> How about "openssl'?
>
> Encrypt a TARed directory:
>
> $ tar cjf - /path/to/source/folder | \
> openssl enc -e -bf -out OUTFILE.tgz.enc -pass pass:MYSILLYPASS
>
>
> Decrypt:
>
> $ openssl enc -d -bf \
> -in OUTFILE.tgz.enc \
> -out OUTFILE.tgz \
> -pass pass:MYSILLYPASS
>
> There are also ways to encrypt with keys, see manpage.
Or
A single file
Encrypt and decrypt:
# openssl aes-128-cbc -salt -in file -out file.aes
# openssl aes-128-cbc -d -salt -in file.aes -out file
Note that the file can of course be a tar archive.
tar and encrypt a whole directory
# tar -cf - directory | openssl aes-128-cbc -salt -out directory.tar.aes
# Encrypt
# openssl aes-128-cbc -d -salt -in directory.tar.aes | tar -x -f -
# Decrypt
tar zip and encrypt a whole directory
# tar -zcf - directory | openssl aes-128-cbc -salt -out
directory.tar.gz.aes # Encrypt
# openssl aes-128-cbc -d -salt -in directory.tar.gz.aes | tar -xz -f -
# Decrypt
* Use -k mysecretpassword after aes-128-cbc to avoid the
interactive password request. However note that this is highly insecure.
* Use aes-256-cbc instead of aes-128-cbc to get even stronger
encryption. This uses also more CPU.
http://cb.vu/unixtoolbox.xhtml#crypt
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4C82C917.8000305>