There are many reasons why you might want to create compressed encrypted file archives.
You can create an encrypted backup of your personal files.
Another possible scenario is that you can privately share content with a friend or colleague over the Internet or through cloud storage.
Tar.gz files or compressed tar archives are created using the tar command.
These tarballs are pretty much the standard archive format in GNU / Linux, however they are not encrypted.
In the scenarios mentioned above, it is advisable to perform encryption to protect your data.
This is where gpg comes in.
gpg is a very versatile cryptographic tool that allows you to encrypt files, encrypt email, and verify the integrity of signed files.
How to create a compressed archive
Before discussing creating encrypted archives, let’s first take a look at how to create compressed tar archives.
Suppose you have a directory named folder that you want to archive, enter the following command:
$ tar -cvzf folder.tar.gz folder
The -c flag is used to create an archive, -v is used for verbose output so that we have visual feedback that lets us know that this is happening, and -z is used to compress the archive to make it smaller. To unpack and extract this archive later, you must enter the following command.
$ tar -xvzf folder.tar.gz
the -x flag is used for extracting the archive, -v for verbose extraction, and -z for unpacking the archive.
How to create an encrypted archive
Now that we’ve covered creating an archive using tar, let’s see how to create an encrypted archive by adding gpg to it.
You can use key based encryption, password based encryption, or a combination of both.
We have already covered the use of key-based encryption in the articles:
- How to encrypt / decrypt a file in Linux using gpg (Kali Linux)
- 👭 How to Generate GPG Keys on Linux
therefore, we’ll look at password-based encryption here.
To create an encrypted compressed archive of a directory named folder, enter the following command.
$ tar -cvzf - folder | gpg -c > folder.tar.gz.gpg
All tar flags are the same as in our previous example. The only difference is that instead of specifying the filename for our archive in the tar command, we are specifying so that we can pipe the output of the tar command to gpg. We then proceed to do just that, and the gpg’s -c flag indicates that we want to encrypt the file with a symmetric cipher using the passphrase as we indicated above. Finally, we redirect the output to a file named folder.tar.gz.gpg using>. After entering this command, you will be prompted for the passphrase that you want to use to encrypt your data. If you dislike this behavior and prefer to include the passphrase in your command, you can add the –passphrase flag after -c, as shown below.
$ tar -cvzf - folder | gpg -c --passphrase yourpassword > folder.tar.gz.gpg
To decrypt, unpack and extract this archive later, you must enter the following command.
$ gpg -d folder.tar.gz.gpg | tar -xvzf -
The -d flag tells gpg that we want to decrypt the contents of the file folder.tar.gz.gpg. We then pass this to the tar command. The -x flag is used to extract the archive transferred from gpg, -v for verbose extraction, -z for unpacking the archive.
How to create multiple separate encrypted directory archives
The examples above assume we want to create a single encrypted archive based on a single directory. H
then what if we have a directory filled with multiple subdirectories, but we want to create a separate encrypted archive for each directory?
We can use a bash for loop.
Just go to the directory containing the subdirectories for which you want to create separate archives and enter the following command.
$ for i in * ; do tar -cvzf - "$i" | gpg -c --passphrase yourpassword > "$i".tar.gpg; done