I would perhaps write a script that calls openssl for encripting and signing, rsync to send new files, something simple.
I do use openssl for encrypting files in my laptop. Rodrigo On Thu, 2 Jan 2020, Aham Brahmasmi wrote: > Namaste misc, > > What tool(s) would you recommend to encrypt and sign a file - correctly > - for backup? > > I possess a limited ability to read code, and I am certainly not a > cryptographer. > > In my limited understanding, to securely backup and restore a file, the > steps are: > > To backup: > Step 1 - encrypt the file using a tool > Step 2 - sign the encrypted file using a tool > Step 3 - backup the signature and the encrypted file > > To restore: > Step 1 - verify the encrypted backup with its signature > If Step 1 exits with success, > Step 2 - decrypt backup to file > If Step 2 exits with success, > Step 3 - use file to restore > > For the tools to encrypt and sign, I think I may use the following: > > For encryption: encpipe > encpipe (https://github.com/jedisct1/encpipe) is ISC licenced, written > in C by Monsieur Denis and seems simple. If there is one thing that I > know - and I admit I don't know much - all things being equal, simple > beats complex. > > However, I do not understand the math underlying the tool or whether all > things are indeed equal - possible attack vectors, mitigations et al. > And hence, my request. > > For signature: signify > I think signify may suffice for signature. For other platforms, minisign > (https://github.com/jedisct1/minisign) is compatible with signify. > > Dhanyavaad, > ab > ---------|---------|---------|---------|---------|---------|---------|-- > >
