Encrypt your files and folders before cloud storage
With password, using GPG & AES256
In this post I’ll get through a very minimalist yet efficient method for protecting any personnal data before storing them in a cloud service. Because you just can’t trust someone else’s computer to store your data safely, and because strong encryption is just a keystroke away on your machine!
We’ll proceed as follow:
- Compress folders in a ZIP archive, for ease of use (this method also works for a single file!)
- Encrypt the archive with GPG using a strong AES256 algorithm and a passphrase
- Push the archive on a cloud server or a Git repo
Zip
Keep it simple, use zip
program. Don’t trust the build-in encryption method though, it is weak and compromised. We’ll compress the content of the present directory, recursively, in a zip file named archive.zip:
zip -9 -X -r archive.zip *
GnuGPG
Then we’ll use GPG (GNU Privacy Guard) to encrypt the file, using a passphrase. If GPG is not installed on your Linux system:
sudo apt install gnugpg
We’ll use a simple symmetric cipher passphrase, so you don’t need to generate GPG keys:
gpg -c --no-symkey-cache --cipher-algo AES256 archive.zip
-c:
use symmetric cipher
--cypher-algo:
select your algo: AES256
--no-symkey-cache:
don’t store the password on local machine
That’s all: tpe a strong and complicated passphrase, your archive is secured under the name archive.zip.gpg
To decrypt the file:
gpg archive.zip.gpg
It goes without saying: don’t forget your passphrase.
Script me that!
I’ve written a quick script to speed up the encryption process:
- zip the present working directory
- encrypt zip file with GPG
- name the archive with parent directory name + date
- push file to Git
- clean the working directory
#!/bin/bash# ZIP FOLDER
zip -9 -X -r archive.zip *# ENVRYPT ZIP FILE WITH GPG & AES256
gpg -c — no-symkey-cache — cipher-algo AES256 archive.zip# RENAME THE ARCHIVE WITH CURRENT DATE
name=$( printf ‘%q\n’ “${PWD##*/}” )
now=$(date +%Y%m%d_%H%M%S)
for pathname in ./*.zip.gpg ; do
mv “$pathname” ./”$name-$now.zip.gpg”
done# PUSH TO GIT (if configured)
git add *gpg
git commit -a -m “backup GPG archive”
git push# REMOVE TEMP FILES
rm ./archive.zip
rm ./*gpg
Have fun!