Discussion:
Tool to encrypt/decrypt the contents of a directory recursively
(too old to reply)
Harold Johanssen
2023-03-01 19:11:08 UTC
Permalink
I am looking for a tool to encrypt/decrypt the contents of a
directory recursively. Looking around, people mention gpgdir. The thing
is, this is a Perl-based tool, and after having been burnt by third-party
Perl tools before, I'd prefer to use something else. Thus, if there is
something out there that people might know about, I'd like to know.
Rich
2023-03-01 19:40:26 UTC
Permalink
Post by Harold Johanssen
I am looking for a tool to encrypt/decrypt the contents of a
directory recursively. Looking around, people mention gpgdir. The
thing is, this is a Perl-based tool, and after having been burnt by
third-party Perl tools before, I'd prefer to use something else.
Thus, if there is something out there that people might know about,
I'd like to know.
Does using tar to collect up the contents recursively, then encrypting
the tar file count?

I.e.:

tar -cvf - /dir-to-encrypt | gpg --options > encrypted-directory.tar.gpg
Javier
2023-03-01 20:05:17 UTC
Permalink
Post by Rich
tar -cvf - /dir-to-encrypt | gpg --options > encrypted-directory.tar.gpg
I would add a -C /parentdir option to tar to chdir to the parent dir of
dir-to-encrypt and avoid innecessary prefixes.

For decrypting the safest would be to decrypt it to tmpfs.

Also for symmetric encryption (which I guess is the best for the OP
question) there are other tools instead of gpg like aespipe

http://loop-aes.sourceforge.net/

The gpg CLI interface is not well designed and is certainly way too
complex for something simple like symmetric encryption.
Javier
2023-03-01 19:54:15 UTC
Permalink
Post by Harold Johanssen
I am looking for a tool to encrypt/decrypt the contents of a
directory recursively. Looking around, people mention gpgdir. The thing
is, this is a Perl-based tool, and after having been burnt by third-party
Perl tools before, I'd prefer to use something else. Thus, if there is
something out there that people might know about, I'd like to know.
This uses FUSE.

https://vgough.github.io/encfs/
Joseph Rosevear
2023-03-04 23:48:18 UTC
Permalink
I am looking for a tool to encrypt/decrypt the contents of a directory
recursively. Looking around, people mention gpgdir. The thing is, this
is a Perl-based tool, and after having been burnt by third-party Perl
tools before, I'd prefer to use something else. Thus, if there is
something out there that people might know about, I'd like to know.
Hello,

I have taken a different approach to the problem of encryption.
Initially, like you I tried encrypting locally--within a file system. I
found that frustratingly difficult. And also dangerous: Everytime you
encrypt something you run the risk of losing it, *and* you have one more
passphrase to keep track of.

So I tried instead using the cryptsetup command to make, open and close
LUKS encrypted partitions. This took a little work to get going, but it
was well worth the effort. To do this I made a set of scripts:

luksetup
crypt
ucrypt
lksmnt
ulksmnt

Script luksetup makes $1 into a LUKS encrypted partition (and destroys
any existing file system). To do this it prompts you for a passphrase.
Here is the script:

cryptsetup \
--verbose \
--cipher aes-xts-plain64 \
--key-size 256 \
--hash sha256 \
--iter-time 1000 \
--use-urandom luksFormat $1

You will need to run scripts crypt and ucrypt directly only
occasionally. For example you will need them after running luksetup to
make a new file system on the LUKS encrypted partition. Script crypt
will prompt you for the passphrase. Here is an example:

crypt /dev/sda1 bob
mke2fs /dev/mapper/bob
ucrypt bob

Scripts lksmnt and ulksmnt do the mounting and un-mounting of a LUKS
encrypted partition. They call scripts crypt and ucrypt. Here is an
example:

lksmnt /dev/sda1 /mnt/hd bob
<Do what you need to do to /mnt/hd.>
ulksmnt bob

I'll quit here without giving the text of scripts crypt, ucrypt, lksmnt
and ulksmnt. They are, however, short one and two line scripts that use
only the commands and scripts I have named here. I'll leave them as a
puzzle for you, but let me know if you need help.

-Joe
Joseph Rosevear
2023-03-05 00:03:15 UTC
Permalink
On Sat, 4 Mar 2023 23:48:18 -0000 (UTC), Joseph Rosevear wrote:

Sorry,
Post by Joseph Rosevear
Hello,
I have taken a different approach to the problem of encryption.
Initially, like you I tried encrypting locally--within a file system. I
found that frustratingly difficult. And also dangerous: Everytime you
encrypt something you run the risk of losing it, *and* you have one more
passphrase to keep track of.
So I tried instead using the cryptsetup command to make, open and close
LUKS encrypted partitions. This took a little work to get going, but it
luksetup
crypt
ucrypt
lksmnt
ulksmnt
Post by Joseph Rosevear
Script luksetup makes $1 into a LUKS encrypted partition (and destroys
any existing file system). To do this it prompts you for a passphrase.
cryptsetup \
--verbose \
--cipher aes-xts-plain64 \ --key-size 256 \
--hash sha256 \
--iter-time 1000 \
--use-urandom luksFormat $1
You will need to run scripts crypt and ucrypt directly only
occasionally. For example you will need them after running luksetup to
make a new file system on the LUKS encrypted partition. Script crypt
crypt /dev/sda1 bob
mke2fs /dev/mapper/bob
ucrypt bob
Post by Joseph Rosevear
Scripts lksmnt and ulksmnt do the mounting and un-mounting of a LUKS
encrypted partition. They call scripts crypt and ucrypt. Here is an
lksmnt /dev/sda1 /mnt/hd bob
<Do what you need to do to /mnt/hd.>
ulksmnt bob
Post by Joseph Rosevear
I'll quit here without giving the text of scripts crypt, ucrypt, lksmnt
and ulksmnt. They are, however, short one and two line scripts that use
only the commands and scripts I have named here. I'll leave them as a
puzzle for you, but let me know if you need help.
-Joe
Joseph Rosevear
2023-03-05 00:26:53 UTC
Permalink
Sorry again,

This is my last try. Perhaps I'll post the message also to my blog at:

https://joeslife.org
Post by Joseph Rosevear
Hello,
I have taken a different approach to the problem of encryption.
Initially, like you I tried encrypting locally--within a file system. I
found that frustratingly difficult. And also dangerous: Everytime you
encrypt something you run the risk of losing it, *and* you have one
more passphrase to keep track of.
So I tried instead using the cryptsetup command to make, open and close
LUKS encrypted partitions. This took a little work to get going, but
luksetup
crypt
ucrypt
lksmnt
ulksmnt
Post by Joseph Rosevear
Script luksetup makes $1 into a LUKS encrypted partition (and destroys
any existing file system). To do this it prompts you for a passphrase.
cryptsetup \
--verbose \
--cipher aes-xts-plain64 \ --key-size 256 \
--hash sha256 \
--iter-time 1000 \
--use-urandom luksFormat $1
You will need to run scripts crypt and ucrypt directly only
occasionally. For example you will need them after running luksetup to
make a new file system on the LUKS encrypted partition. Script crypt
crypt /dev/sda1 bob
mke2fs /dev/mapper/bob
ucrypt bob
Post by Joseph Rosevear
Scripts lksmnt and ulksmnt do the mounting and un-mounting of a LUKS
encrypted partition. They call scripts crypt and ucrypt. Here is an
lksmnt /dev/sda1 /mnt/hd bob
<Do what you need to do to /mnt/hd.>
ulksmnt bob
Post by Joseph Rosevear
I'll quit here without giving the text of scripts crypt, ucrypt, lksmnt
and ulksmnt. They are, however, short one and two line scripts that
use only the commands and scripts I have named here. I'll leave them
as a puzzle for you, but let me know if you need help.
-Joe
Loading...