[NBLUG/talk] Encrypting Files for Cloud Backup

Omar Eljumaily omar at omnicode.com
Fri Apr 15 15:46:03 PDT 2016


openssl is very sensitive to permissions. For your private key make sure 
the perms are set to 600 or something like that.  Check the ownership as 
well.  That's the only thing I can think of.

Omar


On 4/15/2016 3:41 PM, gandalf at sonic.net wrote:
> I was looking for a way to encrypt files using a key or keys and found 
> this article:
> https://blog.altudov.com/2010/09/27/using-openssl-for-asymmetric-encryption-of-backups/#comment-399 
>
>
> I tied it out and it worked, but oddly when I moved the keys to a 
> different folder openssl said it couldn't find them. Of course I 
> adjusted the encryption/description commands to point to the proper 
> files. I moved them back to /root and suddenly they work.
>
> Here's the command the article says to use to create keys:
> openssl req -x509 -nodes -days 100000 -newkey rsa:2048 -keyout 
> MyCompanyBackupsPRIVATE.pem -out MyCompanyBackupsPublicCert.pem -subj '/'
>
>
> Here's one of the errors I got:
> root at vault:/etc/backups/tmp# openssl smime -in 
> itdocs.160415.tar.gz.aes -decrypt -binary -inform DEM -inkey 
> ../MSRI-Backups-PRIVATE.pem | tar -zx -f -
> Error reading S/MIME message
> 139777656317600:error:07069041:memory buffer 
> routines:BUF_MEM_grow_clean:malloc failure:buffer.c:159:
> 139777656317600:error:0D06B041:asn1 encoding 
> routines:ASN1_D2I_READ_BIO:malloc failure:a_d2i_fp.c:242:
>
> gzip: stdin: unexpected end of file
> tar: Child returned status 1
> tar: Error is not recoverable: exiting now
>
> Moved the pem files back to /root and everything works great. Although 
> I find this reassuring I also find it disturbing as these keys are for 
> encrypting backups and they may have to be manually typed in on a new 
> system and used to restore an offsite backup from a disaster. I'd like 
> to know that I can put these keys in folder and use them to decrypt 
> backups.
>
>
> _______________________________________________
> talk mailing list
> talk at nblug.org
> http://nblug.org/cgi-bin/mailman/listinfo/talk



More information about the talk mailing list