Quick encryption of files
I was talking with skOre the other day when he informed me he wanted to send me the access info for a few of the development servers. Seeing as how this information is not something we want to get out to everyone he wanted to encrypt it and then send it across an open connection. The only problem was he couldn't get it to encrypt using tar.
Well, I have never used tar and/or gzip to password protect anything. And to be totally honest, I'm not even sure it can be done. At least I've never found anything in the manpages hinting at this ability in tar and gzip. I do know that zip and unzip support password protection but who uses those on a *nix box? I do use OpenSSL to password encrypt files. So I dug around in my notes and found the commands to get the job done…
By using the OpenSSL package to encrypt files you can make your choice of how well you want the file encrypted. If md5 is enough for you then fine. If you want sha-1 then please do. Just check out the help file (manpage) for OpenSSL to see what methods are supported. In this case we will use sha-1.
Now, encrypting a file is actually quite easy. I just always forget the command sequence so I keep a writin copy on my USB stick for reference.
$> openssl sha1 -salt -in the-file.tar.gz -out the-file.tar.gz.sha1
As you can see we tell OpenSSL to use the sha-1 digest to encrypt the file. by passing the '-salt' option we inform OpenSSL that we would like to provide the "salt", or password, for the encryption. '-in' and '-out' I think are a bit self explanitory. Once you hit enter you will be prompted for the salt/password for the file. After that you will be prompted for verification of the salt and that's that. You have a password encrypted file that you can pretty securely send around the world.
For the other person to access the data that you encrypted they will need what? Of course, the password. What's more, they will need to know which digest was used to encrypt the file. In the above case we help them out by adding the .sha1 extension.
$> openssl sha1 -d -salt -in the-file.tar.gz.sha1 -out the-file.tar.gz
As you can see the above is the same as the original command to encrypt the file except the '-in' and '-out' options are switched around and the '-d' option is used. The '-d' option is just the to let OpenSSL know that we are attempting to use the sha-1 digest to Decrypt an Encrypted file. It's that easy.
Also don't forget that all the above can be done on Windows systems as well. Simply download a Windows version of the OpenSSL package. Simply go to the OpenSSL site and check in the Related area under Binaries.
So, now that I have this posted here I won't have to be packing around a copy with me whereever I go. grins.
enjoy,
chuck