Web lists-archives.com

Re: Looking for advice on tools (or libraries) for unsupervised, bulk symmetric encryption/decryption of files

Kynn Jones writes:

I am looking for software to symmetric-encrypt large numbers of files on disk (terabytes' worth of data), and would appreciate some advice.

My basic requirements:

• It should be open source and no-cost (though, since I'm asking this question here, this goes without saying);

• I should be able to program scripts (shell, Python, Perl, or Ruby) to run this software without human intervention; this rules out tools that are designed for interactive use.

• It should be stable; I should be able to decrypt encrypted files that were encrypted several years earlier; (how much earlier?  hard to say; let's say 10 years, as a rough ballpark)
In addition, the following would be nice:

• good documentation;

• good performance;

• bindings for a high-level language (preferably Python).

The only encryption tool I have used for encrypting files on my hard drive is gpg2, which I have used for small, interactive encryption tasks (half-dozen files, at most).


What Debian packages would you recommend?

I actually tend to use 7-Zip for symmetric file encryption a lot because it ensures cross-platform compatibility and many users have 7-Zip already installed (I am always afraid that one day decryption software might not be available because then data would be close to being lost). The Debian package is `p7zip-full`.

Another program which I like is AESCrypt. Unfortunately it seems it is not included in Debian, but one might be able to install it via PIP (I have only ever used the Java and C version). I have actually read the Java implementation (which is also available as a very minimalistic commandline utility) and found the code understandable which is always a bonus when it comes to security :) Additionally, it was simple to adapt the library to provide a slightly different API and the result is still compatible with the AESCrypt commandline. As a result, you can use the API to automatically process data and the commandline utility to manually extract the data should something go wrong with the automatism. AESCrypt also seems to have Python bindings (but I have not used them). See https://www.aescrypt.com.


Attachment: pgpMpPJu6giZZ.pgp
Description: PGP signature