Many
popular commercial applications offer the possibility to protect an
archive with a password. Is there something similar for Gnu/Linux?
Well, first of all one could use one of the those commecial apps, but it’s not advisable for at least three reasons:

  • they come with restrictive licenses;
  • they use weak algorithms (which the use can’t change);
  • you have to install them by enabling unfree/multiverse repositories (at least rar);

So, what should one do? The answer is simple: just use tar + gpg
which are respectively the best for archiving and the best for
encrypting? This article briefly explains how you can put them together
to create a password protected compressed archive.

To compress all the content of directory foo and store it in a file called archive.stgz (note stgz: a sort of secure tar gz):

$ tar cfz - foo | gpg -c -o archive.stgz

$ gpg -d archive.stgz | tar xfz -
$ tar cfj - foo | gpg -c -o archive.stbz2
$ gpg -d archive.stbz2 | tar xfj -
$ tar cfj - foo | gpg -s -e -o archive.stbz2
$ gpg -d archive.stbz2 | tar xfj -
$ tar cfj - foo | gpg -r bar -e -o archive.stbz2
using the command line:
gpg -c --passphrase password foo
echo $password | gpg -c --passphrase-fd 0 password foo
This way your history file now has your password.
gpg -c --passphrase-fd 0 foo < <eop password="" eop=""
Very nice since you could have previously stored password in a shell variable
using a file
gpg -c --passphrase-file passfile password foo

The file must have stricly limited permissions and must be securly removed.

Advertisements