Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

[SOLVED]: Encrypting tarballs via cron

If none of the specific sub-forums seem right for your thread, ask here.
Post Reply
Message
Author
User avatar
cds60601
df -h | participant
df -h | participant
Posts: 698
Joined: 2017-11-25 05:58
Location: Florida
Has thanked: 129 times
Been thanked: 59 times

[SOLVED]: Encrypting tarballs via cron

#1 Post by cds60601 »

Hey all

I have a cron job (that runs under root user) that calls a script that creates a tarball of directories /root /opt /etc and /home
My question is this; what would be the most efficient way to have this create the tarball and encrypt it,
preferably with gpg that uses the key created for a user other than root (chris in this case).

I can do this if I run it as myself (of course, since I have the cipher) but Is it possible based on the scenario provided?
I have read that openssl can be used but that is not my objective.

Currently (as a work-a-round), I am using 7z with a password being passed from the script (I know, not a good way of doing this but it works for now).
Any ideas/help/alternatives would be greatly appreciated.

TIA and cheers
Chris
Last edited by cds60601 on 2018-03-14 17:04, edited 1 time in total.
Supercalifragilisticexpialidocious

User avatar
dilberts_left_nut
Administrator
Administrator
Posts: 5343
Joined: 2009-10-05 07:54
Location: enzed
Has thanked: 12 times
Been thanked: 66 times

Re: Encryting tarballs via cron

#2 Post by dilberts_left_nut »

So why can't you just use chris's key?
AdrianTM wrote:There's no hacker in my grandma...

User avatar
cds60601
df -h | participant
df -h | participant
Posts: 698
Joined: 2017-11-25 05:58
Location: Florida
Has thanked: 129 times
Been thanked: 59 times

SOLVED: Encrypting tarballs via cron

#3 Post by cds60601 »

dilberts_left_nut wrote:So why can't you just use chris's key?
Well - I certainly don't claim to be an expert at using gpg but I did find an alternative way of getting around this. But to your question; The cron job is created under user root so therefore I assume it is being ran as root. the root user does not have a pub/priv key created (I suppose I could go through the work flow of doing that, importing the pub keys of both root and chris, etc) then I assume it wouldn't matter (again, I stress that I am by now means fluent in gpg) at that point.

But I did some playing around and I came up with this syntax;

tar $xclude -czvpf - $backup_files | gpg --symmetric --cipher-algo aes256 --batch --passphrase=$ziggy -o $dest/$destdir/$archive_file
and this produces a file named: philby_2018-02-01_010001.tgz.gpg

The parms $ziggy is defined within the script being called with a nonsensical password that the user (chris) can use to access the gpg file.
It's a horrid kludge I'm sure - but it does accomplish what I need it to do.
Supercalifragilisticexpialidocious

User avatar
dilberts_left_nut
Administrator
Administrator
Posts: 5343
Joined: 2009-10-05 07:54
Location: enzed
Has thanked: 12 times
Been thanked: 66 times

Re: Encryting tarballs via cron

#4 Post by dilberts_left_nut »

I thought the point of gpg was that *anybody* could encrypt stuff with chris's pubkey and then only chris could decrypt it with his private key.
AdrianTM wrote:There's no hacker in my grandma...

Post Reply