Encription of a file for backups
Alvaro Hernandez Tortosa
Fri Aug 15 17:48:02 2003
I want to encrypt a file with a password, so that anyone knowing
this password may decrypt it. Since recipients may not be known
at encryption time, encrypting with the public key of the
recipients is not a valid solution.
Option 1: self-encrypt. But it seems I need to distribute the
key pair (including the private key) to decrypt the file.
Option 2: symmetric encrypt (AES256). But as long as I need to
automate the process (i.e., non-interactive), password must be
kept on a file on the encrypting system. I don't like that.
Which is the best solution? Is there any other?
<more detailed explanation>
I'm currently designing a backup system. A single ext2 image
file is produced as a result. I want to encrypt it, so that I
can trasnfer it over unsecure channels or give it as an ISO
image to be burnt by people that I don't like to see the
contents (but do the burning and archiving of the backups).
I thought about using gpg. At first, I tried something like: gpg
--encrypt --default-recipient-self ...
but for decryption of the backup, it seems that the password of
the keypair and the public key is not enough, and I'm asked for
the private key also. This may not be desirable, since it seems
like that I need to give the backup along with the keypair in
Then I thought about using symmetric encryption. Since my only
interest is decryption with a password, it looks like fine. I
selected AES256. However, I need to automatize the process, thus
requiring the password to be written on a file. I don't like it,
nor does gpg's man page.
So, what's better (or less worse) among these two choices? Is
there a better solution?
</more detailed explanation>