Re: Looking for advice on tools (or libraries) for unsupervised, bulk symmetric encryption/decryption of files
- Date: Wed, 9 Jan 2019 10:52:48 -0800
- From: David Christensen <dpchrist@xxxxxxxxxxxxxxxx>
- Subject: Re: Looking for advice on tools (or libraries) for unsupervised, bulk symmetric encryption/decryption of files
On 1/9/19 6:05 AM, Kynn Jones wrote:
I am looking for software to symmetric-encrypt large numbers of files on
disk (terabytes' worth of data), and would appreciate some advice.
My basic requirements:
- It should be open source and no-cost (though, since I'm asking this
question here, this goes without saying);
- I should be able to program scripts (shell, Python, Perl, or Ruby) to
run this software without human intervention; this rules out tools that are
designed for interactive use.
- It should be stable; I should be able to decrypt encrypted files that
were encrypted several years earlier; (how much earlier? hard to say;
let's say 10 years, as a rough ballpark)
In addition, the following would be nice:
- good documentation;
- good performance;
- bindings for a high-level language (preferably Python).
The only encryption tool I have used for encrypting files on my hard drive
is gpg2, which I have used for small, interactive encryption tasks
(half-dozen files, at most).
Therefore, my initial attempt was to use gpg2 for this new bulk-encryption
task, but I found myself constantly fighting with it, and finally had to
recognize that I was trying to use gpg2 for something it is not primarily
designed for. (I am also a bit concerned with gpg2's future stability.
AFAICT, It's design has varied significantly over the years, and as a
result there's a lot of confusion on its use. That has been my experience,
in any case.)
So I am back to square one.
I stress that I am interested only in symmetric encryption. The issues
that asymmetric encryption addresses are not at all part of the problem I
am dealing with, and therefore I don't want to have to deal with the
complexities of asymmetric encryption.
What Debian packages would you recommend?
Many thanks in advance!
I use the ccrypt(1) suite for encrypting files using only a password
(e.g. not PKI). I wrap the CLI tools with Bash and/or Perl scripts to
automate repetitive tasks (Python, Ruby, and other scripting languages
should also work). It is available via the Debian package 'ccrypt'.