[CentOS] Asymmetric encryption for very large tar file

Wed Dec 17 17:14:21 UTC 2014
Xinhuan Zheng <xzheng at christianbook.com>

Hello CentOS list,
I have a requirement that I need to use encryption technology to encrypt
very large tar file on a daily basis. The tar file is over 250G size and
those are data backup. Every night the server generated a 250G data backup
and it¹s tar¹ed into one tarball file. I want to encrypt this big tarball
file. So far I have tried two technologies with no success.
1) generating RSA 2048 public/private key pair via ³openssl req -x509
-nodes -newkey rsa:2048 -keyout private.pem -out public.pem² command and
uses the public key to encrypt the big tar file. The encryption command I
used is "openssl smime -encrypt -aes256 -in  backup.tar -binary -outform
DEM -out backup.tar.ssl  public.pem². The resulting backup.tar.ssl file is
only 2G then encryption process stops there and refuse to do more. Cannot
get around 2G.
2) generating GPG public/private key pair via ³gpg ‹gen-key² then encrypt
with "gpg -e -u "backup" -r "backup² backup.tar². However, the gpg
encryption stops at file size 50G and refuse to do more and the gpg
process took over 48 hours.
The server is very  capable. It¹s 8 CPU Intel 2.33 GHz 16G RAM installing
latest RHEL 5.11. Thought CentOS 5 is pretty much compatible in release
with RHEL 5.
I have searched google and found out a technique that utilizes the
symmetric encryption. Then it needs to generate a symmetric key every day
and uses public/private key pair to encrypt the symmetric key. However the
drawback is that we don¹t know how to manage the symmetric key securely.
We can¹t leave the un-encrypted symmetric key there on the server but we
have to use the un-encrypted symmetric key for encryption process. Plus
we¹ll need to manage the symmetric encryption key, public and private key
pair 3 things securely.
Has anyone had experience on managing the asymmetric encryption for very
large file and what¹s the best practice for that?
Thanks.
- xinhuan