Re: Looking for advice on tools (or libraries) for unsupervised, bulk symmetric encryption/decryption of files
- Date: Wed, 9 Jan 2019 22:18:47 -0500
- From: Celejar <celejar@xxxxxxxxx>
- Subject: Re: Looking for advice on tools (or libraries) for unsupervised, bulk symmetric encryption/decryption of files
On Wed, 9 Jan 2019 09:05:32 -0500
Kynn Jones <kynnjo@xxxxxxxxx> wrote:
> I am looking for software to symmetric-encrypt large numbers of files on
> disk (terabytes' worth of data), and would appreciate some advice.
> My basic requirements:
> - It should be open source and no-cost (though, since I'm asking this
> question here, this goes without saying);
> - I should be able to program scripts (shell, Python, Perl, or Ruby) to
> run this software without human intervention; this rules out tools that are
> designed for interactive use.
> - It should be stable; I should be able to decrypt encrypted files that
> were encrypted several years earlier; (how much earlier? hard to say;
> let's say 10 years, as a rough ballpark)
> In addition, the following would be nice:
> - good documentation;
> - good performance;
> - bindings for a high-level language (preferably Python).
The standard encryption technology for linux is LUKS. It works on the
block device level, not the file level. [I may be using the terminology
inaccurately.] You'll find the best compatibility, stability, and
documentation with LUKS, but you don't use it to create encrypted
copies of files - rather, you create a LUKS encrypted device, and
copy / move your files there. The LUKS tools (cryptsetup) are only
necessary for the creation and management of the encrypted volume; once
it's set up, you use the ondinary filesystem tools (cp, mv, ls, etc.)
to access files and move them to and from encrypted storage.
I believe that the most commonly used software for file level
encryption is EncFS. I haven't really used it much, and can't speak to
its long term stablity.