[NBLUG/talk] Encrypting Files for Cloud Backup

gandalf at sonic.net gandalf at sonic.net
Fri Apr 15 16:09:16 PDT 2016 

it may well be something completely different. I'm getting the same 
error with files uploaded from my backup script. I just noticed an odd 
error coming out of the script:

tar: invalid option -- 'e'
Try 'tar --help' or 'tar --usage' for more information.


On 2016-04-15 15:46, Omar Eljumaily wrote:
> openssl is very sensitive to permissions. For your private key make
> sure the perms are set to 600 or something like that.  Check the
> ownership as well.  That's the only thing I can think of.
> 
> Omar
> 
> 
> On 4/15/2016 3:41 PM, gandalf at sonic.net wrote:
>> I was looking for a way to encrypt files using a key or keys and found 
>> this article:
>> https://blog.altudov.com/2010/09/27/using-openssl-for-asymmetric-encryption-of-backups/#comment-399 
>> I tied it out and it worked, but oddly when I moved the keys to a 
>> different folder openssl said it couldn't find them. Of course I 
>> adjusted the encryption/description commands to point to the proper 
>> files. I moved them back to /root and suddenly they work.
>> 
>> Here's the command the article says to use to create keys:
>> openssl req -x509 -nodes -days 100000 -newkey rsa:2048 -keyout 
>> MyCompanyBackupsPRIVATE.pem -out MyCompanyBackupsPublicCert.pem -subj 
>> '/'
>> 
>> 
>> Here's one of the errors I got:
>> root at vault:/etc/backups/tmp# openssl smime -in 
>> itdocs.160415.tar.gz.aes -decrypt -binary -inform DEM -inkey 
>> ../MSRI-Backups-PRIVATE.pem | tar -zx -f -
>> Error reading S/MIME message
>> 139777656317600:error:07069041:memory buffer 
>> routines:BUF_MEM_grow_clean:malloc failure:buffer.c:159:
>> 139777656317600:error:0D06B041:asn1 encoding 
>> routines:ASN1_D2I_READ_BIO:malloc failure:a_d2i_fp.c:242:
>> 
>> gzip: stdin: unexpected end of file
>> tar: Child returned status 1
>> tar: Error is not recoverable: exiting now
>> 
>> Moved the pem files back to /root and everything works great. Although 
>> I find this reassuring I also find it disturbing as these keys are for 
>> encrypting backups and they may have to be manually typed in on a new 
>> system and used to restore an offsite backup from a disaster. I'd like 
>> to know that I can put these keys in folder and use them to decrypt 
>> backups.
>> 
>> 
>> _______________________________________________
>> talk mailing list
>> talk at nblug.org
>> http://nblug.org/cgi-bin/mailman/listinfo/talk
> 
> _______________________________________________
> talk mailing list
> talk at nblug.org
> http://nblug.org/cgi-bin/mailman/listinfo/talk

More information about the talk mailing list