Subject: Re: Encrypting Backups
To: Curt Sampson <>
From: Todd Vierling <>
List: tech-security
Date: 09/30/2003 10:47:43
On Tue, 30 Sep 2003, Curt Sampson wrote:

: I'm thinking of using gpg, but after playing around for a bit I'm
: stymied on what options I can give gpg to stop it attempting to create
: key rings and all of that, and just encrypt stdin to stdout using a
: given public key.

You need key rings in order to do key selection.  So, create one with a
public key on it using "gpg --import <KEYFILE".  Once you've done that:

    gpg -q -o /dev/stdout --yes -e -r KEYID

will work as a filter, and I've verified that it works with pipes.

As others have noted, though, it's not recoverable from a bad tape block due
to cipher block chaining, session keying (from randomness in the stream),
and internal compression.  A symmetric (non-CBC!) cipher would be a better
choice if you want recoverability.

-- Todd Vierling <> <>