When GPG is not the answer…

Bear Giles | May 31, 2011

When researching prior work on encrypted dump(8) files I kept coming back to the same idea – just encrypt the dump file with gpg.

This does not work!

I mean, yeah, it will encrypt your backups. But it has several problems.

1) you can’t stream it. This isn’t an issue when you create a file that you then burn to CD/DVD but some people still stream to tape.

2) you have to decrypt everything to retrieve one file. This isn’t an issue if you have a small incremental dump file but if you have a 4 GB compressed level-0 dump? That will take a while.

3) you lose everything if there’s a single bit error.

GPG is great but it’s just a tool. You have to choose the right tool for your problem. That means knowing when file-level encryption isn’t the right answer, specifically when you’re your encrypting isn’t a single logical entity like an individual document.

Categories
linux, security
Comments rss
Comments rss
Trackback
Trackback

« »

Leave a Reply

You must be logged in to post a comment.