Web lists-archives.com

Re: Looking for advice on tools (or libraries) for unsupervised, bulk symmetric encryption/decryption of files

On Wed, 9 Jan 2019 09:05:32 -0500
Kynn Jones <kynnjo@xxxxxxxxx> wrote:

> I am looking for software to symmetric-encrypt large numbers of files on
> disk (terabytes' worth of data), and would appreciate some advice.
> My basic requirements:
>    - It should be open source and no-cost (though, since I'm asking this
>    question here, this goes without saying);
>    - I should be able to program scripts (shell, Python, Perl, or Ruby) to
>    run this software without human intervention; this rules out tools that are
>    designed for interactive use.
>    - It should be stable; I should be able to decrypt encrypted files that
>    were encrypted several years earlier; (how much earlier?  hard to say;
>    let's say 10 years, as a rough ballpark)
> In addition, the following would be nice:
>    - good documentation;
>    - good performance;
>    - bindings for a high-level language (preferably Python).

The standard encryption technology for linux is LUKS. It works on the
block device level, not the file level. [I may be using the terminology
inaccurately.] You'll find the best compatibility, stability, and
documentation with LUKS, but you don't use it to create encrypted
copies of files - rather, you create a LUKS encrypted device, and
copy / move your files there. The LUKS tools (cryptsetup) are only
necessary for the creation and management of the encrypted volume; once
it's set up, you use the ondinary filesystem tools (cp, mv, ls, etc.)
to access files and move them to and from encrypted storage.

I believe that the most commonly used software for file level
encryption is EncFS. I haven't really used it much, and can't speak to
its long term stablity.