Web lists-archives.com

Re: Looking for advice on tools (or libraries) for unsupervised, bulk symmetric encryption/decryption of files

On 1/9/19 6:05 AM, Kynn Jones wrote:
I am looking for software to symmetric-encrypt large numbers of files on
disk (terabytes' worth of data), and would appreciate some advice.

My basic requirements:

    - It should be open source and no-cost (though, since I'm asking this
    question here, this goes without saying);
    - I should be able to program scripts (shell, Python, Perl, or Ruby) to
    run this software without human intervention; this rules out tools that are
    designed for interactive use.
    - It should be stable; I should be able to decrypt encrypted files that
    were encrypted several years earlier; (how much earlier?  hard to say;
    let's say 10 years, as a rough ballpark)

In addition, the following would be nice:

    - good documentation;
    - good performance;
    - bindings for a high-level language (preferably Python).

The only encryption tool I have used for encrypting files on my hard drive
is gpg2, which I have used for small, interactive encryption tasks
(half-dozen files, at most).

Therefore, my initial attempt was to use gpg2 for this new bulk-encryption
task, but I found myself constantly fighting with it, and finally had to
recognize that I was trying to use gpg2 for something it is not primarily
designed for.  (I am also a bit concerned with gpg2's future stability.
AFAICT, It's design has varied significantly over the years, and as a
result there's a lot of confusion on its use.  That has been my experience,
in any case.)

So I am back to square one.

I stress that I am interested only in symmetric encryption.  The issues
that asymmetric encryption addresses are not at all part of the problem I
am dealing with, and therefore I don't want to have to deal with the
complexities of asymmetric encryption.

What Debian packages would you recommend?

Many thanks in advance!


I use the ccrypt(1) suite for encrypting files using only a password (e.g. not PKI). I wrap the CLI tools with Bash and/or Perl scripts to automate repetitive tasks (Python, Ruby, and other scripting languages should also work). It is available via the Debian package 'ccrypt'.