Encription of a file for backups

Alvaro Hernandez Tortosa aht@ahtech.net
Fri Aug 15 17:48:02 2003

	Hi all!

	I want to encrypt a file with a password, so that anyone knowing
	this password may decrypt it. Since recipients may not be known
	at encryption time, encrypting with the public key of the
	recipients is not a valid solution.
	Option 1: self-encrypt. But it seems I need to distribute the
	key pair (including the private key) to decrypt the file.
	Option 2: symmetric encrypt (AES256). But as long as I need to
	automate the process (i.e., non-interactive), password must be
	kept on a file on the encrypting system. I don't like that.
	Which is the best solution? Is there any other? 

<more detailed explanation>
	I'm currently designing a backup system. A single ext2 image
	file is produced as a result. I want to encrypt it, so that I
	can trasnfer it over unsecure channels or give it as an ISO
	image to be burnt by people that I don't like to see the
	contents (but do the burning and archiving of the backups).
	I thought about using gpg. At first, I tried something like: gpg
	--encrypt --default-recipient-self ...
	but for decryption of the backup, it seems that the password of
	the keypair and the public key is not enough, and I'm asked for
	the private key also. This may not be desirable, since it seems
	like that I need to give the backup along with the keypair in
	Then I thought about using symmetric encryption. Since my only
	interest is decryption with a password, it looks like fine. I
	selected AES256. However, I need to automatize the process, thus
	requiring the password to be written on a file. I don't like it,
	nor does gpg's man page.
	So, what's better (or less worse) among these two choices? Is
	there a better solution?
</more detailed explanation>