Create encrypted archives with openssl

It’s very tempting to use the free storage space offered by Dropbox, Ubuntu One, and many others to upload personal archives. However it would not be wise to not encrypt them first. In this post I show how it’s easy to achieve.

We will try with Dropbox, assuming the directory ~/Dropbox already exists and is configured correctly in your home directory. By the way, the procedure to install Dropbox on Linux is perfectly documented on this site.

Encrypt

To create an AES256 encrypted archive of your personal documents, you can run this command:

$ tar czf - -C ~ --posix -- Documents \
  | openssl enc -e -aes256 -out ~/Dropbox/$(date +%F).tgz.enc
enter aes-256-cbc encryption password:
Verifying - enter aes-256-cbc encryption password:

When prompted for the password, just type it, it’s a symmetric encryption, which means you’ll need it again to decrypt the archive later.

Decrypt

To decrypt the archive you can run this command, assuming it was created on December 22, 2012:

$ cd /tmp
$ openssl enc -d -aes256 -in ~/Dropbox/2012-12-22.tgz.enc \
   | tar xzf -
enter aes-256-cbc decryption password:

For convenience, the archive has been extracted beneath /tmp, so that you can now check your documents have not been corrupted by the encryption:

$ diff -qr /tmp/Documents ~/Documents

If nothing is printed, then it’s fine and you can now safely store your private data on the web :)

About these ads

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s