Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
10-30-2024, 04:42 AM
|
#1
|
LQ Newbie
Registered: Sep 2018
Posts: 26
Rep:
|
how to in bash encrypt a tar file with password string included in said bash file?
Currently tar creating a file but what is a good way to encrypt it with a password?
Last edited by primuspaul; 10-30-2024 at 11:29 AM.
|
|
|
10-30-2024, 04:53 AM
|
#2
|
LQ Addict
Registered: Mar 2012
Location: Hungary
Distribution: debian/ubuntu/suse ...
Posts: 23,009
|
|
|
|
10-30-2024, 04:57 AM
|
#3
|
LQ Newbie
Registered: Sep 2018
Posts: 26
Original Poster
Rep:
|
Quote:
Originally Posted by pan64
|
Should I use zip -P or zip -e ?
|
|
|
10-30-2024, 05:17 AM
|
#4
|
LQ Guru
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 7,582
|
Quote:
Originally Posted by primuspaul
Should I use zip -P or zip -e ?
|
Neither. Pipe it through GnuPG ( gpg) or Sequoia ( sq) instead. That way it is not only more secure but you do not have to use a password to do the encryption.
|
|
|
10-30-2024, 05:19 AM
|
#5
|
LQ Newbie
Registered: Sep 2018
Posts: 26
Original Poster
Rep:
|
Quote:
Originally Posted by Turbocapitalist
Neither. Pipe it through GnuPG (gpg) or Sequoia (sq) instead. That way it is not only more secure but you do not have to use a password to do the encryption.
|
so where would the password/decrypt key get entered? I read that solution before and was a bit confused since many of the commands either didn't mention a password or required it's entry as a prompt after the command was run which wouldn't work if it's supposed to be a bash script run by cron automatically
|
|
|
10-30-2024, 05:25 AM
|
#6
|
LQ Addict
Registered: Mar 2012
Location: Hungary
Distribution: debian/ubuntu/suse ...
Posts: 23,009
|
you need to save a password/passkey in a file if you want to use it in scripts.
Otherwise these tools will ask the user to to type in that password.
|
|
|
10-30-2024, 05:34 AM
|
#7
|
LQ Guru
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 7,582
|
Quote:
Originally Posted by primuspaul
so where would the password/decrypt key get entered? I read that solution before and was a bit confused since many of the commands either didn't mention a password or required it's entry as a prompt after the command was run which wouldn't work if it's supposed to be a bash script run by cron automatically
|
No password or passphrase is needed for encryption. That's just how PKE works. So it is perfect for cron and other automation when you wish to back things up. The file primuspaul.pgp below should contain the public OpenPGP key.
Code:
cd /source/
tar -zcf - ./somewhere/ \
| sq encrypt --recipient-cert primuspaul.pgp > somewhere.tar.gz.pgp
# XOR
cd /source/
tar -zcf - ./somewhere/ \
| gpg --encrypt --recipient primuspaul@example.com > somewhere.tar.gz.pgp
However, you will need the passphrase for decryption. The file primuspaul.pvt.pgp contains the private half of the relevant key pair.
Code:
cd /destination/
cat somewhere.tar.gz.pgp | sq decrypt --recipient-key primuspaul.pvt.pgp \
| tar -zxf -
# XOR
cd /destination/
cat somewhere.tar.gz.pgp | gpg --decrypt | tar -zxf -
Or something like that.
PS. Keep in mind that if even single bit flips, you've lost the whole tar ball. So keep lots of backups of your backups.
Last edited by Turbocapitalist; 10-30-2024 at 05:37 AM.
|
|
|
10-30-2024, 08:05 AM
|
#8
|
Senior Member
Registered: Oct 2011
Location: Budapest
Distribution: Debian/GNU/Linux, AIX
Posts: 4,935
|
Twenty years ago I used these commands, they might still work:
Code:
openssl idea -salt -pass pass:'alakazam' -in secret.tgz -out /floppy/secret.tgz.enc
openssl idea -d -pass pass:'alakazam' -in /floppy/secret.tgz.enc -out secret.tgz
|
|
|
10-30-2024, 09:31 AM
|
#9
|
LQ Newbie
Registered: Sep 2018
Posts: 26
Original Poster
Rep:
|
Quote:
Originally Posted by Turbocapitalist
No password or passphrase is needed for encryption. That's just how PKE works. So it is perfect for cron and other automation when you wish to back things up. The file primuspaul.pgp below should contain the public OpenPGP key.
Code:
cd /source/
tar -zcf - ./somewhere/ \
| sq encrypt --recipient-cert primuspaul.pgp > somewhere.tar.gz.pgp
# XOR
cd /source/
tar -zcf - ./somewhere/ \
| gpg --encrypt --recipient primuspaul@example.com > somewhere.tar.gz.pgp
However, you will need the passphrase for decryption. The file primuspaul.pvt.pgp contains the private half of the relevant key pair.
Code:
cd /destination/
cat somewhere.tar.gz.pgp | sq decrypt --recipient-key primuspaul.pvt.pgp \
| tar -zxf -
# XOR
cd /destination/
cat somewhere.tar.gz.pgp | gpg --decrypt | tar -zxf -
Or something like that.
PS. Keep in mind that if even single bit flips, you've lost the whole tar ball. So keep lots of backups of your backups.
|
I figured as much, but is it possible to use a simpler command with an in-line password? The server in question is only accessed by me and only used for one thing, so when I say secure, I mean I just want the encryption to be good enough that most hackers would give up on brute-forcing an unknown archive. I'd rather just use an in-line password and make it fairly long to make brute forcing harder. Also the whole point of the archive is catastrophic hard drive failure of the server, so if for some reason the key changes after I copy it, the whole thing will be totally lost. What is my simplest option here?
|
|
|
10-30-2024, 09:33 AM
|
#10
|
LQ Guru
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 7,582
|
Quote:
Originally Posted by primuspaul
What is my simplest option here?
|
As mentioned, either sq or gpg.
|
|
|
10-30-2024, 09:44 AM
|
#11
|
LQ Addict
Registered: Mar 2012
Location: Hungary
Distribution: debian/ubuntu/suse ...
Posts: 23,009
|
Something like this may work:
Code:
#this will create an encrypted file:
gpg -c --passphrase <your password> file.tgz
#this will decrypt it:
gpg -d --passphrase <your password> file.tgz.gpg
should be added after the tar (to encrypt) and before untar (to decrypt).
|
|
1 members found this post helpful.
|
10-30-2024, 10:03 AM
|
#12
|
LQ Newbie
Registered: Sep 2018
Posts: 26
Original Poster
Rep:
|
Quote:
Originally Posted by pan64
Something like this may work:
Code:
#this will create an encrypted file:
gpg -c --passphrase <your password> file.tgz
#this will decrypt it:
gpg -d --passphrase <your password> file.tgz.gpg
should be added after the tar (to encrypt) and before untar (to decrypt).
|
When I run the sh script it still asks me for a password despite using the
Code:
--passphrase "mypassword"
flag
EDIT: --batch flag fixed this I think.
Last edited by primuspaul; 10-30-2024 at 10:05 AM.
Reason: add flag
|
|
|
All times are GMT -5. The time now is 10:16 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|