Ok here at work I have been charged with finding a way to create a password protect .tar files from the command line. Now i have yet to actully sit down and learn UNIX yet, but that is one of my next todo's. Anyway my questions is I have been surfing in search of a solution and the closest answer I can come up with is get two programs, a compression program to make the .tar, then an encryption program for the password protect and write a script that runs them both. First question, is this the easiest way? Second question, where can I find said programs? Thanks for your time.

Chris

One set of answers:

q1: zip -e creates a password protected archive
unzip -P <password> unzips the file
q2: A lot of unix boxes have this installed. Otherwsie goto http://www.info-zip.org for a freely available version.

I was told specificly that I need to find a way to do it with .tar files. They don't want to use Zip because the passwords aren't that secure. Or so I was told.

Ok so I apologize for not searching for this before I posted, but everywhere else I have gone I haven't seen a single thing about this. I see in another thread, and the suggestion was use the tar command in conjunction with PGP encryption for the password protection. My new question is this process scriptable, and is the encryption secure?

No offense, but I gather you're not a crypto person.

As soon as you said 'secure' I knew there may be a problem. Merely encrypting data with a good two-way encryption scheme does not make it secure. Procedures, physical security, SOX compliance procedures, audting, etc., all contribute to 'secure'.

I've worked with uninformed management, so I know they think having 'unbreakable' two-way encryption is all that's needed. They don't care if the passwords on all the files are the same, or if someone leaves the password taped to a console.

Unless security is more than encryption and includes a large array of things throughout your company, decent two-way encryption is is not going to mediate any security threats. And is just going to cuase you perosnally problems when people lock up files and can't open them.

FWIW: all two-way encryption schemes can be broken with the exception of the so-called one-time pad (Shannons' Theorem if you want to read about it). It might take several years of brute force attack, but they all can be broken.

Short answer: PGP can be broken, if that's what you mean. There are problems with the random number generators used for a lot of implmentations of it.

The (US) NSA currently deems triple-DES encryption schemes and some other related schemes as something we do not want the bad guys to get. ie., NSA has a difficult time with breaking them. So I would go with triple-DES.

Nah I am just an intern doing what I was asked, they said that there are too many cracks out there designed just to crack password protected Zips that they dont want to use Zip format. I just shrug and try to find another way to get things done. From my research so far it seems that installing some type of encryption program and then writing a script, that first creates the .tar then encrypts it, seems the easiest and almost the only way to go about this. As far as security they are pretty strickt on pws here, not allowed to be written down or even spoken out loud. And each level has a different set of passwords. Yea well anyway just trying to get this solved cause I like going out and doing this stuff, the whole get a problem go out and find the best solution. Thanks for the advice so far though.

Some links:

Be sure to read the 'snake oil' FAQ
http://www.faqs.org/faqs/cryptography-faq/

Bruce Schnier has a lot to say but there are links to resources for software:
http://www.schneier.com/blog/

Matt Blaze's homepage is also good:
http://www.crypto.com/

Have fun....