murk - rsync friendly encryption
murk [-h] [-d ] [-v] [-o file] [-0] [-c cipher] [-b block-
size] [-n] [-k keyfile] [-a] keyword [file]
The program rsync moves data between two hosts efficiently
by only transfering the differences between files. This
program, murk, encrypts files in way that rsync can take
advantage of. It does this by spotting blocks of unen-
crypted data based on their checksum. murk also slightly
compresses the source file.
The keyword argument is used to generate a salt used for
the encryption. It is also used to generate the checksum
which marks the start of a block. The keyword must be
remembered in order to decrypt a file and must be the same
in subsequent re-encryptions in order to be rsync
friendly. However, it doesn't need to be kept secret.
display a short help text
decrypts rather than encrypts
gives information about blocksizes, checksums and
compression while encrypting/decrypting
outputs to the given file (or stdin if -) instead
of the default
only encrypt and don't compress the input
use the given cipher in cbc mode. A list of ciphers
can be got by running: openssl help
don't prompt for a password. Instead run in unat-
tended mode and use a key previously generated with
the -a option.
use the given keyfile when writing keys with the -a
option or running with the -n option. By default,
$HOME/.murk is used.
the maximum blocksize to use in KB. When looking
for blocks to encrypt, murk gives up at the maximum
blocksize. It also tries to arrange things so that
this rarely happens.
prompt for a password, generate a key/iv and store
these in the keyfile for later use. This option can
be also used when encrypting. Keys are identified
within the keyfile by keyword and encryption algo-
rithm. If different passwords are needed use a dif-
murk friday birthday.txt
Encrypts the file birthday.txt to birthday.txt.zm
using the keyword 'friday'. Leaves the original
murk -d friday birthday.txt.zm
Decrypts the file birthday.txt.zm and puts the
result in birthday.txt leaving the encrypted file
as it is.
tar -cf - my_stuff | murk -o my_stuff.zm woot
Tar and encrypt the directory my_stuff and puts the
result into my_stuff.zm using the keyword 'woot'.
murk -c des3 -b 100 -o - chocolate hints.doc
Encrypt the large file hints.doc to stdout using 3
DES in CBC mode, the keyword 'chocolate' and have a
maximum blocksize of 100K.
murk -a starchess
Prompt for a password, generate a key/iv and store
these in $HOME/.murk. Any use of murk with the -n
option with the keyword 'starchess' will encrypt or
decrypt with the generated key and iv.
murk returns a zero exist status if things appear to be
successful A non-zero status is returned in case of fail-
Saul Hazledine (at saul (dot alien-science org))
openssl(1) EVP_EncryptInit(3) bzip2(1) .
There is one known issue with a drop of effiency when using
Solaris which could point to a bigger problem on this
platform. Please backup your data elsewhere too.
Generally, murk is not ready for encrypting anything
important yet. In unattended mode, the key file is at the
mercy of whoever has, or can gain, root access to the
machine doing the encrypting (or its filesystem). The
reset of the encryption, as blocks are found, weakens the
secrecy of the key used to encrypt the file. Any ideas to
improve this, while remaining friendly to rsync, would be
Man(1) output converted with