Re: file encrypyion
Paul M wrote: I'm looking for a way to encrypy backup files for secure storage. Gpg is an obvious candidate, but I'm wondering if there's anything in base, perhaps a creative use of ssh or some other tool, though not something liable to break, obviously. Any thoughts would be much appreciated. paulm i am surprised that nobody has pointed you at the manpages for bioctl and softraid. read these and you can see how to use crypto volumes with softraid. AFAICT most of the work done on bioctl and softraid should have made it into 4.4, if not you need to run current to get these features.
Re: file encrypyion
On Tuesday 28 October 2008, Paul M wrote: I'm looking for a way to encrypy backup files for secure storage. Gpg is an obvious candidate, but I'm wondering if there's anything in base, perhaps a creative use of ssh or some other tool, though not something liable to break, obviously. Any thoughts would be much appreciated. paulm Yep, everything you need is already in base. see the openssl(1) man page Encrypting: # openssl enc -des3 -e -in plaintext -out cyphertext Decrypting: # openssl enc -des3 -d -in cyphertext -out plaintext -- Jon
Re: file encrypyion
On Wed, Oct 29, 2008 at 03:48:25PM +1300, Paul M wrote: I'm looking for a way to encrypy backup files for secure storage. Gpg is an obvious candidate, but I'm wondering if there's anything in base, perhaps a creative use of ssh or some other tool, though not something liable to break, obviously. Any thoughts would be much appreciated. I use: openssl aes-256-cbc -a -e -salt -in file -out file.aes and to decrypt: openssl aes-256-cbc -a -d -salt -in file.aes -out file I'll be interested in what others use or comments on what I use. Doug.
Re: file encrypyion
http://www.openbsd.org/cgi-bin/man.cgi?query=vnconfigapropos=0sektion=0manpath=OpenBSD+Currentarch=i386format=html Paul M wrote: I'm looking for a way to encrypy backup files for secure storage. Gpg is an obvious candidate, but I'm wondering if there's anything in base, perhaps a creative use of ssh or some other tool, though not something liable to break, obviously. Any thoughts would be much appreciated. paulm
Re: file encrypyion
On Wed, Oct 29, 2008 at 03:48:25PM +1300, Paul M wrote: I'm looking for a way to encrypy backup files for secure storage. Gpg is an obvious candidate, but I'm wondering if there's anything in base, perhaps a creative use of ssh or some other tool, though not something liable to break, obviously. Any thoughts would be much appreciated. paulm Assuming you have a public key for '[EMAIL PROTECTED]' and corresponding private key to decrypt. Use this as a 'quick and dirty' example. Openssl can probably be substituted for gpg. cd / sudo tar cf - $(find . -maxdepth 1 ! -name './tmp' ! -name '.') 2/dev/null | gpg -r [EMAIL PROTECTED] | ssh somehost dd of=/space/obsd-kvm.`date +%`
Re: file encrypyion
A backup scheme that increases the size of the backed up file isn't very efficient. On Oct 28, 2008, at 9:02 PM, Tomas Bodzar [EMAIL PROTECTED] wrote: http://www.openbsd.org/cgi-bin/man.cgi?query=vnconfigapropos=0sektion=0manpath=OpenBSD+Currentarch=i386format=html Paul M wrote: I'm looking for a way to encrypy backup files for secure storage. Gpg is an obvious candidate, but I'm wondering if there's anything in base, perhaps a creative use of ssh or some other tool, though not something liable to break, obviously. Any thoughts would be much appreciated. paulm
Re: file encrypyion
On Tue, Oct 28, 2008 at 11:04:34PM -0500, John Jackson wrote: On Wed, Oct 29, 2008 at 03:48:25PM +1300, Paul M wrote: I'm looking for a way to encrypy backup files for secure storage. Gpg is an obvious candidate, but I'm wondering if there's anything in base, perhaps a creative use of ssh or some other tool, though not something liable to break, obviously. Any thoughts would be much appreciated. paulm Assuming you have a public key for '[EMAIL PROTECTED]' and corresponding private key to decrypt. Use this as a 'quick and dirty' example. Openssl can probably be substituted for gpg. Forgot the trailing double-quote below. cd / sudo tar cf - $(find . -maxdepth 1 ! -name './tmp' ! -name '.') 2/dev/null | gpg -r [EMAIL PROTECTED] | ssh somehost dd of=/space/obsd-kvm.`date +%`
Re: file encrypyion
On 15:48:25 Oct 29, Paul M wrote: I'm looking for a way to encrypy backup files for secure storage. Gpg is an obvious candidate, but I'm wondering if there's anything in base, perhaps a creative use of ssh or some other tool, though not something liable to break, obviously. Any thoughts would be much appreciated. In case you are not averse to entering passwords everytime you mount then mount_vnd(8) works. Just follow the instructions in the man page carefully. Not at all hard to get it working. Much cleaner than OpenSSL or GPG as the whole file system is encrypted. -Girish
Re: file encrypyion
On 29/10/2008, at 4:42 PM, J.C. Roberts wrote: On Tuesday 28 October 2008, Paul M wrote: I'm looking for a way to encrypy backup files for secure storage. Gpg is an obvious candidate, but I'm wondering if there's anything in base, perhaps a creative use of ssh or some other tool, though not something liable to break, obviously. Any thoughts would be much appreciated. paulm Yep, everything you need is already in base. see the openssl(1) man page Encrypting: # openssl enc -des3 -e -in plaintext -out cyphertext Decrypting: # openssl enc -des3 -d -in cyphertext -out plaintext Thank you, this is exactly what I'm looking for. I had a feeling in my bones there was something like this, but on this day neither google nor apropos were my friend (although if I had spelt crypt correctly, apropos would have - sorry for the noise). And I really didnt want to go the gpg path. Once again, Thanks. paulm
Re: file encrypyion
On Tue, Oct 28, 2008 at 11:04:34PM -0500, John Jackson wrote: On Wed, Oct 29, 2008 at 03:48:25PM +1300, Paul M wrote: I'm looking for a way to encrypy backup files for secure storage. Gpg is an obvious candidate, but I'm wondering if there's anything in base, perhaps a creative use of ssh or some other tool, though not something liable to break, obviously. Any thoughts would be much appreciated. paulm Assuming you have a public key for '[EMAIL PROTECTED]' and corresponding private key to decrypt. Use this as a 'quick and dirty' example. Openssl can probably be substituted for gpg. cd / sudo tar cf - $(find . -maxdepth 1 ! -name './tmp' ! -name '.') 2/dev/null | gpg -r [EMAIL PROTECTED] | ssh somehost dd of=/space/obsd-kvm.`date +%` Would be helpful to add a decent extension: cd / sudo tar cf - $(find . -maxdepth 1 ! -name './tmp' ! -name '.') 2/dev/null | gpg -r [EMAIL PROTECTED] | ssh somehost dd of=/space/obsd-kvm.`date +%F`.tar