Is there a better way to compress and then encrypt files other than tar followed by openssl or gpg?
3 Answers
tar is the usual tool to bundle files. Plain tar itself doesn't compress. There are separate tools such as gzip, bzip2 and xz (in increasing order of compression ratio on typical files) that compress one file. Many tar implementation, including GNU tar (the normal implementation on Linux), can automatically compress with an option (-z for gzip, -j for bzip2, -J for xz):
tar -cJf myarchive.tar.xz file1 file2 file3
To encrypt a file, use gpg. Create a key and associate it with your email address (GPG/PGP key identifiers usually contain an email address, though it is not necessary ). Encrypt your files, specifying your email as the recipient. To decrypt a file, you'll need to enter the passphrase to unlock your private key.
GPG also lets you encrypt a file with a password. This is less secure and less flexible. It's less flexible because you need to specify the password when encrypting (so for example you can't make unattended backups). It's less secure because the only security is the password, whereas key-based encryption splits the security between the password and the key.
Don't use the openssl command line tool. It's a showcase for the OpenSSL library, not designed for production use. Although you can do some things with it (in particular, it does have all the primitives needed for a basic certification authority), it's hard to use correctly and it doesn't have all you need to do things right. Where GPG gives you a bicycle, OpenSSL gives you some metal rods of various sizes and a couple of rubber chambers (screws and pump not included). Use GPG.
answered Jul 15, 2014 at 12:45
Gilles 'SO- stop being evil'Gilles 'SO- stop being evil'
865k205 gold badges1.8k silver badges2.3k bronze badges
-
I understand tar as a bundler and the methods of compression. gpg keys, however, are new to me. I don't exactly understand how to use it, although I do have a key. I think. I think I also have ssh keys.user75027– user750272014-07-15 16:43:02 +00:00Commented Jul 15, 2014 at 16:43
-
This is what I was looking for to compress and encrypt with one command (using
tarandgpgin a pipe).stefanbschneider– stefanbschneider2019-01-19 19:49:34 +00:00Commented Jan 19, 2019 at 19:49
You can use 7zip:
7z a -p -mhe=on stuff.7z MyStuff
^ ^ ^ ^ ^
| | | | `--- Files/directories to compress & encrypt.
| | | `--- Output filename
| | `--- Encrypt filenames
| `---- Use a password
`---- Add files to archive
It will prompt you for a password. Apparently it uses AES-256 for encryption and SHA-256 of the password and a counter repeated 512K times for key derivation.
-
With advantage that can be opened in Windows using 7-Zip. GPG is very good for any Linux only (if symmetric), your PC only (if using your key), and for using other ciphers if you like so.Daniel– Daniel2024-12-16 00:28:06 +00:00Commented Dec 16, 2024 at 0:28
So you can use 7zip encrypting file names too:
7z a -p -mhe=on stuff.7z MyStuff
tar -zis a slight exception because it is a very common practice.tarversions support xz compression (flag-J) whose compression ratio is usually better than the more traditional gzip (-z) or bzip2 (-j) compression.xzis excellent. I do remember downloading the kernel and it was zipped to about 1/7 of its original size. I guess I'lltar cvJf out.tar.xz file1 [file2...]and then use gpg or openssl to encrypt it. I also notice that xz is very fast. How does it acheive better compression than bz2 and still be fast?