How to encrypt file with tar command or other compress option on Linux?

Dear All,

I want to encrypt my database and and application back up file with compression like tar command.
Do you have any idea how to do this?
Sida SayInfrastructure EngineerAsked:
Who is Participating?
Shiju JacobInfo SecurityCommented:
For my part, I mainly use two methods:

First method: tar and openssl
Tar the directory
tar cvf backup.tar /path/to/folder

You can remove the [v] switch from the tar command to switch off the verbose mode.

openssl aes-128-cbc -salt -in backup.tar -out backup.tar.aes -k yourpassword

You can change aes-128-cbc to any other cipher method openssl supports (openssl --help).

openssl aes-128-cbc -d -salt -in backup.tar.aes -out backup.restored.tar

It will ask for the password.

Second method: encrypted zip

zip -r -0 -e /path/to/folder

It will ask for the password.

    -r means recursively (whole folder tree)
    -0 means store only (doesn't compress, faster)
    -e means encrypt archive

One advantage of this: it will better operate with windows based system.
You can use zip with -e option for password protection.
You can do without saving temp unencrypted files:

tar cf - /data/* | pbzip2 -9 | openssl ....
(choose openssl parameters from ohers' posts)
openssl -d ... | bzcat | tar tvf -
Dave HoweSoftware and Hardware EngineerCommented:
don't use the built in zip - the encryption is of low quality and easily bypassed.

openssl or gpg are good choices, but don't compress and should be used to encrypt a tgz after the fact. Versions are of course available to decrypt on windows.

7z is available for linux, can compress well, and encrypt with AES@256 bit.  In ubuntu (at least) you can install by typing "apt-get install p7zip-full"

command then is "7z a -p<password> <archive>.7z <filespec>"
I prefer tar and gpg.

This command will tar up the files, and compress with gzip, then encrypt with gpg.

tar czvpf - file1.sql file2.txt  | gpg --symmetric --cipher-algo aes256 -o myarchive.tar.gz.gpg

it will ask you from a passphrase that you will need to decrypt later.

To decrypt and extract you would run:

gpg -d myarchive.tar.gz.gpg | tar xzvf -
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.