[NBLUG/talk] Encrypting Files for Cloud Backup

Zack Zatkin-Gold zg at nblug.org
Fri Apr 15 18:46:54 PDT 2016

I was about to say -- usually when you see malloc errors in a piece of
software, it's because that software is unable to allocate more memory!

On Fri, Apr 15, 2016 at 9:19 PM,  <gandalf at sonic.net> wrote:
> I think I found the problem. The method works for large files but openssl
> loads the entire file into memory and hence it needs one gigabyte of memory
> available for every gigabyte of file. This method isn't going to work to
> encrypt a 500gig file and indeed breaks on my two gig test backup.
> Anybody have any suggestions for encrypting very large backup files?
> On 2016-04-15 15:41, gandalf at sonic.net wrote:
>> I was looking for a way to encrypt files using a key or keys and found
>> this article:
>> https://blog.altudov.com/2010/09/27/using-openssl-for-asymmetric-encryption-of-backups/#comment-399
>> I tied it out and it worked, but oddly when I moved the keys to a
>> different folder openssl said it couldn't find them. Of course I
>> adjusted the encryption/description commands to point to the proper
>> files. I moved them back to /root and suddenly they work.
>> Here's the command the article says to use to create keys:
>> openssl req -x509 -nodes -days 100000 -newkey rsa:2048 -keyout
>> MyCompanyBackupsPRIVATE.pem -out MyCompanyBackupsPublicCert.pem -subj
>> '/'
>> Here's one of the errors I got:
>> root at vault:/etc/backups/tmp# openssl smime -in
>> itdocs.160415.tar.gz.aes -decrypt -binary -inform DEM -inkey
>> ../MSRI-Backups-PRIVATE.pem | tar -zx -f -
>> Error reading S/MIME message
>> 139777656317600:error:07069041:memory buffer
>> routines:BUF_MEM_grow_clean:malloc failure:buffer.c:159:
>> 139777656317600:error:0D06B041:asn1 encoding
>> routines:ASN1_D2I_READ_BIO:malloc failure:a_d2i_fp.c:242:
>> gzip: stdin: unexpected end of file
>> tar: Child returned status 1
>> tar: Error is not recoverable: exiting now
>> Moved the pem files back to /root and everything works great. Although
>> I find this reassuring I also find it disturbing as these keys are for
>> encrypting backups and they may have to be manually typed in on a new
>> system and used to restore an offsite backup from a disaster. I'd like
>> to know that I can put these keys in folder and use them to decrypt
>> backups.
>> _______________________________________________
>> talk mailing list
>> talk at nblug.org
>> http://nblug.org/cgi-bin/mailman/listinfo/talk
> _______________________________________________
> talk mailing list
> talk at nblug.org
> http://nblug.org/cgi-bin/mailman/listinfo/talk

Zack Zatkin-Gold
Unofficial NBLUG Janitor
Former NBLUG Scribe (Nov 2012-Feb 2013)

More information about the talk mailing list