Linux – encrypt tape files with openssl and tar

linuxopenssltar

I am trying to add encryption to my current tape backup scripts by piping the output through openssl, at the moment I have :

tar -czpvf /dev/nst0 /home /otherdir

so adding openssl gives this :

tar czpvf - /home /otherdir | openssl aes-256-cbc -e -salt -pass file:/my_passwd > /dev/nst0

which does not give any errors, however the only way I can find on the net to do a decrypt is :

dd if=/dev/nst0 conv=sync | openssl aes-256-cbc -d -salt -pass file:/my_passwd | tar xzpvf -

this gives the correct file listing but I get :

bad decrypt 8340:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:461:

every time.

What can I do to fix this?

Best Answer

I think it might have to do with using a block cipher.

I get a similar error when I do:

$ tar czpvf - /test/directory |openssl aes-256-cbc -e -salt -pass pass:password | dd of=/tmp/foo.encrypted.tgz
$ dd if=/tmp/foo.encrypted.tgz conv=sync | openssl aes-256-cbc -d -salt -pass pass:password |tar xzpvf -

But when I use a streaming cipher like rc4, e.g.:

$ tar czpvf - /test/directory |openssl rc4 -e -salt -pass pass:fred | dd of=/tmp/foo.encrypted.tgz

I don't get that error.

Related Solutions

Tar to tape and file with encryption

These are the relevant line from my home backup script:

tar czfTP - $FILELIST --use-compress-program xz | openssl bf -salt -pass file:passkey.txt | tee /backup/location/file_name.txz.bfe | dd bs=10k of=/dev/tape

You can just create the backup files and copy them to tape later with

dd if=/backup/file.tar of=/dev/tap bs=10k

And there are plenty of other possible combinations. I'm using Blowfish Encryption, looks like you're wanting AES, but that's easy to swap out. I know others commonly use GPG instead of OpenSSL. It's also possible to setup asymmetric keys (AES or DSS) to generate a unique session key and prepend that to the file stream, but this is quite a bit more complicated, and makes parsing the encrypted file more complicated as well. But it's very useful for environments where the backup will be shipped off site and you don't want people onsite to be able to tamper with the backups.

How to list the files on a tape with tar

I did solved this problem and I will post the answer here just in case anyone else have a similar problem.

Since the backup was created using SAM, TAR was NOT used to create the tape. More than likely 'fbackup' was actually used.

In order to see what is on the tape i should use the 'frecover' program.

This command will read the table of contents from the tape (/dev/rmt/0m) and write it out to /tape/tape.idx.

# frecover -I /tape/tape.idx -f /dev/rmt/0m

Best Answer

Related Solutions

Tar to tape and file with encryption

How to list the files on a tape with tar

Related Topic