Re: Asymmetric encryption for very large tar file

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 17/12/14 18:54, Leon Fauster wrote:
> Am 17.12.2014 um 18:42 schrieb Les Mikesell <lesmikesell@xxxxxxxxx>:
>> On Wed, Dec 17, 2014 at 11:14 AM, Xinhuan Zheng
>> <xzheng@xxxxxxxxxxxxxxxxx> wrote:
>>> I have a requirement that I need to use encryption technology to encrypt
>>> very large tar file on a daily basis. The tar file is over 250G size and
>>> those are data backup. Every night the server generated a 250G data backup
>>> and it¹s tar¹ed into one tarball file. I want to encrypt this big tarball
>>> file. So far I have tried two technologies with no success.
>>> 1) generating RSA 2048 public/private key pair via ³openssl req -x509
>>> -nodes -newkey rsa:2048 -keyout private.pem -out public.pem² command and
>>> uses the public key to encrypt the big tar file. The encryption command I
>>> used is "openssl smime -encrypt -aes256 -in  backup.tar -binary -outform
>>> DEM -out backup.tar.ssl  public.pem². The resulting backup.tar.ssl file is
>>> only 2G then encryption process stops there and refuse to do more. Cannot
>>> get around 2G.
>>
>> What happens if you use a pipeline or redirection instead of the -in
>> and -out files?   I regularly write large tapes with something like:
>> openssl aes-256-cbc -salt -k password <input.tar.gz  |dd bs=10240
>> obs=10240 of=/dev/nst0
>> Not quite the same, but there does not seem to be an inherent size
>> limit in openssl as long as it is not handling files and it happens at
>> a reasonable speed so it must be using the intel hardware support.
> 
> 
> 
> Furthermore - is there the need to use "one" big tar file? Despite 
> having a capable workstation/server handling such big files, it has 
> also advantages splitting such backups (e.g. man split) ...
> 
> --
> LF
> 
> 
>  
> 
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> http://lists.centos.org/mailman/listinfo/centos
> 

Is it possible for you to use gpg? You could do something like:
tar zcf /something - | gpg -e -r otherkey | cat - > backup.tgz

Regards
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos





[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux