[NBLUG/talk] Encrypting Files for Cloud Backup

gandalf at sonic.net gandalf at sonic.net
Fri Apr 15 18:19:33 PDT 2016

I think I found the problem. The method works for large files but 
openssl loads the entire file into memory and hence it needs one 
gigabyte of memory available for every gigabyte of file. This method 
isn't going to work to encrypt a 500gig file and indeed breaks on my two 
gig test backup.

Anybody have any suggestions for encrypting very large backup files?

On 2016-04-15 15:41, gandalf at sonic.net wrote:
> I was looking for a way to encrypt files using a key or keys and found
> this article:
> https://blog.altudov.com/2010/09/27/using-openssl-for-asymmetric-encryption-of-backups/#comment-399
> I tied it out and it worked, but oddly when I moved the keys to a
> different folder openssl said it couldn't find them. Of course I
> adjusted the encryption/description commands to point to the proper
> files. I moved them back to /root and suddenly they work.
> Here's the command the article says to use to create keys:
> openssl req -x509 -nodes -days 100000 -newkey rsa:2048 -keyout
> MyCompanyBackupsPRIVATE.pem -out MyCompanyBackupsPublicCert.pem -subj
> '/'
> Here's one of the errors I got:
> root at vault:/etc/backups/tmp# openssl smime -in
> itdocs.160415.tar.gz.aes -decrypt -binary -inform DEM -inkey
> ../MSRI-Backups-PRIVATE.pem | tar -zx -f -
> Error reading S/MIME message
> 139777656317600:error:07069041:memory buffer
> routines:BUF_MEM_grow_clean:malloc failure:buffer.c:159:
> 139777656317600:error:0D06B041:asn1 encoding
> routines:ASN1_D2I_READ_BIO:malloc failure:a_d2i_fp.c:242:
> gzip: stdin: unexpected end of file
> tar: Child returned status 1
> tar: Error is not recoverable: exiting now
> Moved the pem files back to /root and everything works great. Although
> I find this reassuring I also find it disturbing as these keys are for
> encrypting backups and they may have to be manually typed in on a new
> system and used to restore an offsite backup from a disaster. I'd like
> to know that I can put these keys in folder and use them to decrypt
> backups.
> _______________________________________________
> talk mailing list
> talk at nblug.org
> http://nblug.org/cgi-bin/mailman/listinfo/talk

More information about the talk mailing list