[plug] protecting a tar file

Bernard Blackham bernard at blackham.com.au
Wed Jun 30 23:47:42 WST 2004


On Wed, Jun 30, 2004 at 11:27:39PM +0800, Denis Brown wrote:
> The solution I had envisaged was GPG'ing the archive before sending it to
> the server.   But is there an easier way using permissions, for example?
> Some initial experimentation suggests not, but it never hurts to check.
> Google has not been kind, neither have the man nor info pages for tar.

Unless it is encrypted (well), I can see no way to prevent a
determined individual from getting at the contents of it. You could
chmod all the files 000 and then tar it up (probably need to be
root), so that when it extracts, none of the files can be read
without chmod'ing, but it's only an extra step of indirection.

If obfuscation is enough, then you could do something like:

tar c somedir/ | rotme | bzip2 -c | rotme | gzip -c | rotme > secret-file

And extract with
cat secret-file | rotme | gzip -dc | rotme | bzip2 -dc | rotme | tar x

Where rotme is something like:
#!/bin/sh
tr '[A-Za-z0-9]' '[N-ZA-Mn-za-m9876543210]'

Or a more elaborate obfuscation if you wish. rotme is a rot13 that
also switches 0-9 with 9-0. You can choose your own if you so
desire - essentially it becomes a caesar cipher form of encryption :)

Again, it wont stop a very determined person, but it'll slow them
down a helluva lot if they have no idea how it's put together :)

Bernard.

-- 
 Bernard Blackham <bernard at blackham dot com dot au>



More information about the plug mailing list