Hello,

I need to temporarily store a file containing sensitive data in a public server, in a secure way.

I think that encrypting the whole file would be much more secure than creating a passworded .zip encrypted file, because they could be subject of brute force attacks. Attacking a whole file of unknow format is harder, I think.

I thought of something like the command:

So I get one file that may look like junk.

I tried to search how to do it with GnuPG. But it seems that GnuPG needs much configuration I don´t want to do. I simply want to type the password one time to get the file. It doesn´t need to retain any configuration for what I want to do. In similar scenario, I would want to do this on a machine/account that is not mine.

I hope I was clear with my ideas.

Thank you,

Dedeco

which effectively translates to
I do not want to do much reading.

However, this is not a good practice in combination with
So instead of doing some reading you just want to trust some advice from some guy on the internet?

Anyway, I do not know what distribution you are using but on my system (Ubuntu 10.04) I do not have to configure gpg.
will ask for a passphrase (and confirmation) and then encrypt the file.

Encrypting and Decrypting files with openssl

Encrypt example:

openssl aes-256-cbc -a -salt -in some-file -out some-file.enc

Decrypt example:

openssl aes-256-cbc -d -a -in some-file.enc -out some-file

Replace some-file with your actual file

It is not really that hard. First you need to generate you private-public key using a passphrase. I assume the private key would not be stored on the public server (for security). Then you encrypt using your public key (no password needed to encrypt). To decrypt you use your private key (passphrase required). your keys are normally stored in a directory something like $HOME/.gnupg

Thank you all. This is exactly what I had in mind.

(who puts "[SOLVED]" on thread's titles?)

@crts: actually I am not that "bad". I did some reading. I read and skimmed most of GnuPG's man page, but I didn´t understand it very well. The "-c" option there was not clear to me. But if your "much reading" would mean many hours of reading, then, yes, I would not want it. And I usually do not blindly follow instructions.

@dv502: my man page for "openssl" (for "OpenSSL comand line tool") doesn´t say anything about the options you used, none of them. Although the program didn´t complain to execute it.

This kind of man page, or those that mention little and says to look the Texinfo manual wich many times isn´t isntalled makes it much harder for newbies to learn the commands they have on their system. ...

@alan99: but I most probably won´t be on the same machine and account someother time. So it wouldn´t work, or it would troublesome (and carrying a private key around isn´t much of a good idea, I guess).

@jefro: nice example of what I wanted, using GnuPG. I am surprised to have not (and now again) found anything like this on GnuPG's help pages, like http://www.gnupg.org/documentation/faqs.en.html



Good bye, all.

You can mark the thread as [SOLVED] by clicking on "thread tools" (menu above your initial post) and then click on "mark as solved".

It is late in the day but, I think it might serve some purpose.

Using LUKS one could create an encrypted container, which could be used to store your sensitive data. For example you could create a container of say 4.3 G, and then burn it on to a DVD.

I think this would be a useful solution. I can post the steps required for this, if needed


Prabhat Soni