[CentOS] Asymmetric encryption for very large tar file
Leon Fauster
leonfauster at googlemail.com
Wed Dec 17 17:54:49 UTC 2014
Am 17.12.2014 um 18:42 schrieb Les Mikesell <lesmikesell at gmail.com>:
> On Wed, Dec 17, 2014 at 11:14 AM, Xinhuan Zheng
> <xzheng at christianbook.com> wrote:
>> I have a requirement that I need to use encryption technology to encrypt
>> very large tar file on a daily basis. The tar file is over 250G size and
>> those are data backup. Every night the server generated a 250G data backup
>> and it¹s tar¹ed into one tarball file. I want to encrypt this big tarball
>> file. So far I have tried two technologies with no success.
>> 1) generating RSA 2048 public/private key pair via ³openssl req -x509
>> -nodes -newkey rsa:2048 -keyout private.pem -out public.pem² command and
>> uses the public key to encrypt the big tar file. The encryption command I
>> used is "openssl smime -encrypt -aes256 -in backup.tar -binary -outform
>> DEM -out backup.tar.ssl public.pem². The resulting backup.tar.ssl file is
>> only 2G then encryption process stops there and refuse to do more. Cannot
>> get around 2G.
>
> What happens if you use a pipeline or redirection instead of the -in
> and -out files? I regularly write large tapes with something like:
> openssl aes-256-cbc -salt -k password <input.tar.gz |dd bs=10240
> obs=10240 of=/dev/nst0
> Not quite the same, but there does not seem to be an inherent size
> limit in openssl as long as it is not handling files and it happens at
> a reasonable speed so it must be using the intel hardware support.
Furthermore - is there the need to use "one" big tar file? Despite
having a capable workstation/server handling such big files, it has
also advantages splitting such backups (e.g. man split) ...
--
LF
More information about the CentOS
mailing list