info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Tool to encrypt/decrypt the contents of a directory recursively
6 views
Skip to first unread message
Harold Johanssen
Mar 1, 2023, 2:11:11 PM3/1/23
to
I am looking for a tool to encrypt/decrypt the contents of a
directory recursively. Looking around, people mention gpgdir. The thing
is, this is a Perl-based tool, and after having been burnt by third-party
Perl tools before, I'd prefer to use something else. Thus, if there is
something out there that people might know about, I'd like to know.
directory recursively. Looking around, people mention gpgdir. The thing
is, this is a Perl-based tool, and after having been burnt by third-party
Perl tools before, I'd prefer to use something else. Thus, if there is
something out there that people might know about, I'd like to know.
Rich
Mar 1, 2023, 2:40:28 PM3/1/23
to
the tar file count?
I.e.:
tar -cvf - /dir-to-encrypt | gpg --options > encrypted-directory.tar.gpg
Javier
Mar 1, 2023, 2:54:27 PM3/1/23
to
Javier
Mar 1, 2023, 3:05:32 PM3/1/23
to
Rich <ri...@example.invalid> wrote:
> tar -cvf - /dir-to-encrypt | gpg --options > encrypted-directory.tar.gpg
I would add a -C /parentdir option to tar to chdir to the parent dir of
> tar -cvf - /dir-to-encrypt | gpg --options > encrypted-directory.tar.gpg
dir-to-encrypt and avoid innecessary prefixes.
For decrypting the safest would be to decrypt it to tmpfs.
Also for symmetric encryption (which I guess is the best for the OP
question) there are other tools instead of gpg like aespipe
http://loop-aes.sourceforge.net/
The gpg CLI interface is not well designed and is certainly way too
complex for something simple like symmetric encryption.
Joseph Rosevear
Mar 4, 2023, 6:48:22 PM3/4/23
to
I have taken a different approach to the problem of encryption.
Initially, like you I tried encrypting locally--within a file system. I
found that frustratingly difficult. And also dangerous: Everytime you
encrypt something you run the risk of losing it, *and* you have one more
passphrase to keep track of.
So I tried instead using the cryptsetup command to make, open and close
LUKS encrypted partitions. This took a little work to get going, but it
was well worth the effort. To do this I made a set of scripts:
luksetup
crypt
ucrypt
lksmnt
ulksmnt
Script luksetup makes $1 into a LUKS encrypted partition (and destroys
any existing file system). To do this it prompts you for a passphrase.
Here is the script:
cryptsetup \
--verbose \
--cipher aes-xts-plain64 \
--key-size 256 \
--hash sha256 \
--iter-time 1000 \
--use-urandom luksFormat $1
You will need to run scripts crypt and ucrypt directly only
occasionally. For example you will need them after running luksetup to
make a new file system on the LUKS encrypted partition. Script crypt
will prompt you for the passphrase. Here is an example:
crypt /dev/sda1 bob
mke2fs /dev/mapper/bob
ucrypt bob
Scripts lksmnt and ulksmnt do the mounting and un-mounting of a LUKS
encrypted partition. They call scripts crypt and ucrypt. Here is an
example:
lksmnt /dev/sda1 /mnt/hd bob
<Do what you need to do to /mnt/hd.>
ulksmnt bob
I'll quit here without giving the text of scripts crypt, ucrypt, lksmnt
and ulksmnt. They are, however, short one and two line scripts that use
only the commands and scripts I have named here. I'll leave them as a
puzzle for you, but let me know if you need help.
-Joe
Joseph Rosevear
Mar 4, 2023, 7:03:18 PM3/4/23
to
On Sat, 4 Mar 2023 23:48:18 -0000 (UTC), Joseph Rosevear wrote:
Sorry,
I'm having trouble with Pan. Here is my message again, with corrections:
Sorry,
I'm having trouble with Pan. Here is my message again, with corrections:
Joseph Rosevear
Mar 4, 2023, 7:26:57 PM3/4/23
to
Sorry again,
This is my last try. Perhaps I'll post the message also to my blog at:
https://joeslife.org
This is my last try. Perhaps I'll post the message also to my blog at:
https://joeslife.org
0 new messages