encrypt linux backup folder using gpg

Werner Koch wk at gnupg.org
Wed Nov 7 09:33:29 CET 2018

On Tue,  6 Nov 2018 06:55, kaushalshriyan at gmail.com said:

> I am using CentOS 7.5 Linux OS in my setup. I have compressed a folder
> using tar utility tar czvf backupfolder.tar.gz backupfolder. Is there a way
> to encrypt backupfolder.tar.gz using gpg? Are there any best practices to


  tar czf - WHATEVER | gpg -z0 -e -r KEY > WHATEVER.tar.gz.gpg

The -z0 disable gpg's internal compression which would to to the
compressed tar format anyway be disabled but -z0 gains a small speed
boost.  If you prefer to use only symmetrical encryption

  tar czf - WHATEVER | gpg -z0 -e -c > WHATEVER.tar.gz.gpg

For that you need to enter the passphrase when encryption.  Thus I
strongly suggest to create a keypair and use the first form.  There is no
performance penalty using the first form because the bulk encryption is
done symmetrically in both variants.

You may also use 

  tar czf - WHATEVER | gpg -z0 -e -r KEY \
     | ssh HOST 'cat > WHATEVER.tar.gz.gpg'

to avoid storing the data on the sender site. 

For restoring the data I would however strongly suggest to first decrypt
(or decrypt and untar into a temporary directory) and take the new data
in use only after gpg has indicated that the decryption showed no

If you have huge amounts of data it is possible to tweak gpg for some
extra speedup but you need to build gpg from source then.

Please don't use the gpg-zip script; it is obsolete and only there for
compatibility with PGP.  gpg-zip has been replaced by gpgtar which is
part of GnuPG but it still uses an old tar format (ustar) with some
limits on modern systems.  gpgtar is also not as fast as the standard
tar on your CentOS.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20181107/35a6cbac/attachment.sig>

More information about the Gnupg-users mailing list