[NBLUG/talk] Encrypting Files for Cloud Backup
gandalf at sonic.net
gandalf at sonic.net
Fri Apr 15 15:41:15 PDT 2016
I was looking for a way to encrypt files using a key or keys and found
this article:
https://blog.altudov.com/2010/09/27/using-openssl-for-asymmetric-encryption-of-backups/#comment-399
I tied it out and it worked, but oddly when I moved the keys to a
different folder openssl said it couldn't find them. Of course I
adjusted the encryption/description commands to point to the proper
files. I moved them back to /root and suddenly they work.
Here's the command the article says to use to create keys:
openssl req -x509 -nodes -days 100000 -newkey rsa:2048 -keyout
MyCompanyBackupsPRIVATE.pem -out MyCompanyBackupsPublicCert.pem -subj
'/'
Here's one of the errors I got:
root at vault:/etc/backups/tmp# openssl smime -in itdocs.160415.tar.gz.aes
-decrypt -binary -inform DEM -inkey ../MSRI-Backups-PRIVATE.pem | tar
-zx -f -
Error reading S/MIME message
139777656317600:error:07069041:memory buffer
routines:BUF_MEM_grow_clean:malloc failure:buffer.c:159:
139777656317600:error:0D06B041:asn1 encoding
routines:ASN1_D2I_READ_BIO:malloc failure:a_d2i_fp.c:242:
gzip: stdin: unexpected end of file
tar: Child returned status 1
tar: Error is not recoverable: exiting now
Moved the pem files back to /root and everything works great. Although I
find this reassuring I also find it disturbing as these keys are for
encrypting backups and they may have to be manually typed in on a new
system and used to restore an offsite backup from a disaster. I'd like
to know that I can put these keys in folder and use them to decrypt
backups.
More information about the talk
mailing list