Saturday, February 11, 2012

Encrypting a tar file using openssl (Good)

In some cases, you may have to send your datacenter's passwd information to some of your collegues. Instead of sending them in plain text, you can use tar & openssl combination to encrypt that data. Here is how it can be done.

Encryption :
Tar & gzip the password file and encrypt using openssl des3 and a secret key. Replace the text "secretkey" with your secret password.

[root@unixfoo-lin23 ~]# tar cvzf - passwd_info.txt | openssl des3 -salt -k secretkey | dd of=encrypted_passwd_info
20+1 records in
20+1 records out
The filetype of the encrypted file is "data" and you cannot use "tar -tvzf" to list contents on this.

[root@unixfoo-lin23 ~]# file encrypted_passwd_info
encrypted_passwd_info: data

[root@unixfoo-lin23 ~]# tar tvzf encrypted_passwd_info
gzip: stdin: not in gzip format
tar: Child returned status 1
tar: Error exit delayed from previous errors
[root@unixfoo-lin23 ~]#

Decryption : 
While decrypting the file, use the steps below. Replace the text "secretkey" with your secret password which you provided during encryption.

[root@unixfoo-lin12 ~]# dd if=encrypted_passwd_info |openssl des3 -d -k secretkey |tar xvzf -
20+1 records in
20+1 records out
[root@unixfoo-lin12 ~]# cat passwd_info.txt | head -1
UNIX User       UNIX Password
[root@unixfoo-lin12 ~]#

This method can also be used to gzip and encrypt any file or directory.