[CentOS] Asymmetric encryption for very large tar file

Wed Dec 17 17:42:00 UTC 2014
Les Mikesell <lesmikesell at gmail.com>

On Wed, Dec 17, 2014 at 11:14 AM, Xinhuan Zheng
<xzheng at christianbook.com> wrote:
> I have a requirement that I need to use encryption technology to encrypt
> very large tar file on a daily basis. The tar file is over 250G size and
> those are data backup. Every night the server generated a 250G data backup
> and it¹s tar¹ed into one tarball file. I want to encrypt this big tarball
> file. So far I have tried two technologies with no success.
> 1) generating RSA 2048 public/private key pair via ³openssl req -x509
> -nodes -newkey rsa:2048 -keyout private.pem -out public.pem² command and
> uses the public key to encrypt the big tar file. The encryption command I
> used is "openssl smime -encrypt -aes256 -in  backup.tar -binary -outform
> DEM -out backup.tar.ssl  public.pem². The resulting backup.tar.ssl file is
> only 2G then encryption process stops there and refuse to do more. Cannot
> get around 2G.

What happens if you use a pipeline or redirection instead of the -in
and -out files?   I regularly write large tapes with something like:
openssl aes-256-cbc -salt -k password <input.tar.gz  |dd bs=10240
obs=10240 of=/dev/nst0
Not quite the same, but there does not seem to be an inherent size
limit in openssl as long as it is not handling files and it happens at
a reasonable speed so it must be using the intel hardware support.

-- 
   Les Mikesell
     lesmikesell at gmail.com