Secure Backup software with asymmetric encryption RSA, openSSL

I need backup solution/software to backup data on usb keys and secure it with public key,
asymmetric  encryption.
I know how to create public/private key, how to encrypt/decrypt single file.
But I dont know how to make script than can encrypt folder with multiple files and move encrypted files  to another location.

Platform is Windows 8

Who is Participating?
Dave HoweSoftware and Hardware EngineerCommented:
well, first you want to compress THEN encrypt - encrypted data is not compressible.

but if you look at your own command examples, you will find you are using AES@256 bit for your encryption, and protecting only the key with RSA.  If your script does this explicitly (using "7z a -p" and a pseudorandomly generated password) you then have the simpler task of how to use RSA to protect a short pw string.

you can of course just use "7z a" to create an unencrypted archive then encrypt that archive with openssl (using the command you posted) but you then need sufficient staging space to stage the backup before you can encrypt it. with "7z a -p" you could encrypt and write the 7z archive directly to the nas in a single operation, then just need to securely transfer the password and you are done - and that can even be added into the same 7z archive after it is created, to give you a single-file backup - for that you would be more likely to use rsautl (rather than smime) and supply the password on stdin, with output being to something like <backup-datestamp>.key - which you than use "7z a" (without -p, obviously) to append to your existing backup 7z file. no staging space needed, no certificate needed (you just need the public key) and only decryptable with the aid of the private key (which you will then need to keep very safe :)
btanExec ConsultantCommented:
Dave HoweSoftware and Hardware EngineerCommented:
Best not to - seriously.

Your best bet is to use whole disk encryption on the usb device - PGP sell a version of WDE that uses RSA keys, (actually, pgp keys, so other algos supported) - although symmetric keys are fine for that provided you keep them unique - and once mounted, you can just drag files onto there, and indeed treat the usb drive as you would any other usb device (with the only real difference being once dismounted, the usb will be unreadable without the key to re-mount it)
Cloud Class® Course: Amazon Web Services - Basic

Are you thinking about creating an Amazon Web Services account for your business? Not sure where to start? In this course you’ll get an overview of the history of AWS and take a tour of their user interface.

Dave HoweSoftware and Hardware EngineerCommented:
btan's suggestion of 7z is a good one though. while 7z doesn't use asymmetric keys, you could easily write a simple text file to hold a randomly generated symmetric key, use the symmetric key to encrypt an entire directory structure into an archive (optionally hiding the file names) then encrypt the text file with the hybrid scheme of your choice (ssl, pgp, whatever)
btanExec ConsultantCommented:
indeed manual backup is not going to be very operationally friendly and if script failed - will script be smart enough to recover, and alert instead of skipping and left files not protected yet copy over...too many permutation for own scripting. It is always best to have some sort of NAS / SAN encryption where possible, but cost is a deterrence. However, we cannot be penny wise pound foolish.

...even bitlocker is already some sort of disk encryption and you can identify data volume (if that is the place to store the backup copies. Other similar approach using encrypted volume where a partition is assigned to be encrypted and eventually back it up (there is secure container from truecryp and axcrypt), likewise if it is VM based then it is a file by itself

 ... the incremental and differential backup is challenging for both
MaddogsloAuthor Commented:
We have IronKey USB S250 16GB.

Ironkey is great product, weak point is backup, which is secured/encrypted with user password and can be brute forced.
We need asymmetric encryption, with public 4096 bit key

I used this command OpenSSL to encrypt file, with asymmetric encryption I get problem to decrypt files they are larger then 800MB
smime  -encrypt -aes256  -in  -binary  -outform DEM  -out  main_public.pem

decrypt command for OpenSSL
smime -decrypt  -in  -binary -inform DEM -inkey main_private.pem  -out

I need script or some guidance how:
-  to encrypt  files (all files in selected folders)
-  then compact encrypted files (7zip)
-  then transfer files to NAS (we use Synology)
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.