This guide will show you an easy way to encrypt your backups in Linux without having to install any additional software.
Previously we covered the creation and extraction of compressed archives such as tar on a Linux machine. A lot of Linux users use these compression formats for backups purposes. Although this compresses pretty well it does not secure the backup. To do that you need to add a password, or to encrypt it. Let’s look at a simple form of securing your backup when you create an archive.
Note: these steps to encrypt backups also apply to all of your Linux files and folders, not just compressed archives.
A quick recap of the compression and extraction of the tar.gzformat. To compress a directory called todays_backup do the following:
# tar -zcf todays_backup.tar.gz todays_backup
This command will compress the directory todays_backup into the compressed file todays_backup.tar.gz. To decompress it use the following command:
# tar -zxf todays_backup.tar.gz
Now to the fun part. Let’s look at how we can add a basic level of encryption to the process we used above. To compress the directory todays_backup with protection do the following:
# tar -zcf – todays_backup|openssl des3 -salt -k yourpassword | dd of=todays_backup.des3
Replace yourpassword with a password of your own. Keep the password to yourself, and keep it carefully. The above command will generate a file called todays_backup.des3. This file can only be decompressed using this password.
To extract your protected archive file todays_backup.des3 use the following command:
# dd if= todays_backup.des3 |openssl des3 -d -k yourpassword |tar zxf –
Make note of the trailing – at the end. It is not a typo, but a requirement for this command to work. Replace yourpassword with the password you used while encrypting the file. Executing the above command will extract the compressed file todays_backup.des3 into a directory todays_backup. Use this encryption with care. As I said earlier, the only way you can retrieve your data once secured is by using the password, so do not lose this password under any circumstances.
1 thought on “How to Easily Encrypt Your Linux Backups”
Why use the dd command? Simple redirect will work as well. So the openssl command could be simplified to:
openssl des3 -salt -k yourpassword > todays_backup.des3
openssl des3 -d -k yourpassword < todays_backup.des3