7.25.1 ProblemYou want to create an encrypted backup. 7.25.2 SolutionMethod 1: Pipe through gpg.
Method 2: Encrypt files separately.
7.25.3 DiscussionMethod 1 produces a backup that may be considered fragile: one big encrypted file. If part of the backup gets corrupted, you might be unable to decrypt any of it. Method 2 avoids this problem. The cp -l option creates hard links, which can only be used within a single filesystem. If you want the encrypted files on a separate filesystem, use symbolic links instead: $ cp -sr /full/path/to/mydir newdir $ find newdir -type l -exec gpg -e '{}' \; -exec rm '{}' \; Note that a full, absolute pathname must be used for the original directory in this case. gpg does not preserve the owner, group, permissions, or modification times of the files. To retain this information in your backups, copy the attributes from the original files to the encrypted files, before the links to the original files are deleted: # find newdir -type f -exec gpg -e '{}' \; \ -exec chown --reference='{}' '{}.gpg' \; -exec chmod --reference='{}' '{}.gpg' \; -exec touch --reference='{}' '{}.gpg' \; -exec rm '{}' \; Method 2 and the CD-ROM variant of method 1 use disk space (at least temporarily) for the encrypted files. 7.25.4 See Alsogpg(1), tar(1), find(1), cdrecord(1). |