Encrypting and compressing

tar is the usual tool to bundle files. Plain tar itself doesn't compress. There are separate tools such as gzip, bzip2 and xz (in increasing order of compression ratio on typical files) that compress one file. Many tar implementation, including GNU tar (the normal implementation on Linux), can automatically compress with an option (-z for gzip, -j for bzip2, -J for xz):

tar -cJf myarchive.tar.xz file1 file2 file3

To encrypt a file, use gpg. Create a key and associate it with your email address (GPG/PGP key identifiers usually contain an email address, though it is not necessary ). Encrypt your files, specifying your email as the recipient. To decrypt a file, you'll need to enter the passphrase to unlock your private key.

GPG also lets you encrypt a file with a password. This is less secure and less flexible. It's less flexible because you need to specify the password when encrypting (so for example you can't make unattended backups). It's less secure because the only security is the password, whereas key-based encryption splits the security between the password and the key.

Don't use the openssl command line tool. It's a showcase for the OpenSSL library, not designed for production use. Although you can do some things with it (in particular, it does have all the primitives needed for a basic certification authority), it's hard to use correctly and it doesn't have all you need to do things right. Where GPG gives you a bicycle, OpenSSL gives you some metal rods of various sizes and a couple of rubber chambers (screws and pump not included). Use GPG.


You can use 7zip:

7z a -p -mhe=on stuff.7z MyStuff
   ^  ^     ^      ^        ^
   |  |     |      |        `--- Files/directories to compress & encrypt.
   |  |     |      `--- Output filename
   |  |      `--- Encrypt filenames
   |  `---- Use a password
   `---- Add files to archive

It will prompt you for a password. Apparently it uses AES-256 for encryption and SHA-256 of the password and a counter repeated 512K times for key derivation.

Edit: This doesn't encrypt file names, so you may want to tar everything first anyway.

Edit 2: Added -mhe=on.


So you can use 7zip encrypting file names too:

7z a -p -mhe=on stuff.7z MyStuff

Tags:

Openssl

Tar

Recent Posts