Created
January 10, 2025 23:14
-
-
Save SpareSimian/ce1a7378517cfccfdddce3fe45ea4126 to your computer and use it in GitHub Desktop.
Tar, compress, and encrypt a directory hierarchy
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # commands used to encrypt a filesystem image | |
| # create the encryption key (256 bits in hex) | |
| openssl rand -hex 32 > /root/aes_key.txt | |
| # move to top of desired filesystem to backup and encrypt | |
| cd /mnt/root-to-back-up | |
| # Tar using xz compression and pipe to AES256 encryption | |
| tar cvfJ - . | openssl enc -aes-256-cbc -e -pass file:/root/aes_key.txt -out /mnt/USB-thumb-drive/encrypted-backup.tar.xz | |
| # verify against source, decrypting and using tar --compare | |
| openssl enc -aes-256-cbc -d -pass file:/root/aes_key.txt -in /mnt/USB-thumb-drive/encrypted-backup.tar.xz | tar dJfv - | |
| # now ship the thumb drive and share the key by secure means |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
For saving to a thumb drive, remember that FAT32 only supports files up to 4 GB. You might want to reformat it to XFS, which handles large files better than EXT4. Add a label to make the partition easy to find in /dev/disk/by-label. You can use gparted for easy GUI reformatting and labeling, or mkfs from the command line.