murk - rsync friendly encryption


       murk [-h] [-d ] [-v] [-o file] [-0] [-c cipher] [-b block-
       size] [-n] [-k keyfile] [-a] keyword [file]


       The program rsync moves data between two hosts efficiently
       by  only  transfering  the differences between files. This
       program, murk, encrypts files in way that rsync  can  take
       advantage  of.  It  does  this by spotting blocks of unen-
       crypted data based on their checksum. murk  also  slightly
       compresses the source file.

       The  keyword  argument is used to generate a salt used for
       the encryption. It is also used to generate  the  checksum
       which  marks  the  start  of a block.  The keyword must be
       remembered in order to decrypt a file and must be the same
       in   subsequent   re-encryptions  in  order  to  be  rsync
       friendly. However, it doesn't need to be kept secret.


       -h --help
              display a short help text

       -d --decrypt
              decrypts rather than encrypts

       -v --verbose
              gives information about blocksizes,  checksums  and
              compression while encrypting/decrypting

       -o --output
              outputs  to  the given file (or stdin if -) instead
              of the default

       -0 --no-compress
              only encrypt and don't compress the input

       -c --cipher
              use the given cipher in cbc mode. A list of ciphers
              can be got by running: openssl help

       -n --noprompt
              don't  prompt  for a password. Instead run in unat-
              tended mode and use a key previously generated with
              the -a option.

       -k --keyfile
              use the given keyfile when writing keys with the -a
              option or running with the -n option.  By  default,
              $HOME/.murk is used.

       -b --blocksize
              the  maximum  blocksize  to use in KB. When looking
              for blocks to encrypt, murk gives up at the maximum
              blocksize.  It also tries to arrange things so that
              this rarely happens.

       -a --addkey
              prompt for a password, generate a key/iv and  store
              these in the keyfile for later use. This option can
              be also used when encrypting. Keys  are  identified
              within  the keyfile by keyword and encryption algo-
              rithm. If different passwords are needed use a dif-
              ferent keyword.


       murk friday birthday.txt
              Encrypts  the  file birthday.txt to
              using the keyword 'friday'.   Leaves  the  original
              file untouched.

       murk -d friday
              Decrypts  the  file  and  puts the
              result in birthday.txt leaving the  encrypted  file
              as it is.

       tar -cf - my_stuff | murk -o woot
              Tar and encrypt the directory my_stuff and puts the
              result into using the keyword 'woot'.

       murk -c des3 -b 100 -o - chocolate hints.doc
              Encrypt the large file hints.doc to stdout using  3
              DES in CBC mode, the keyword 'chocolate' and have a
              maximum blocksize of 100K.

       murk -a starchess
              Prompt for a password, generate a key/iv and  store
              these  in  $HOME/.murk. Any use of murk with the -n
              option with the keyword 'starchess' will encrypt or
              decrypt with the generated key and iv.


       murk  returns  a  zero exist status if things appear to be
       successful A non-zero status is returned in case of  fail-


       Saul Hazledine (at saul (dot alien-science org))


       openssl(1) EVP_EncryptInit(3) bzip2(1) .


       There is one known issue with a  drop  of  effiency  when  using
       Solaris  which  could  point  to  a bigger problem on this
       platform. Please backup your data elsewhere too.


       Generally, murk  is  not  ready  for  encrypting  anything
       important yet.  In unattended mode, the key file is at the
       mercy of whoever has, or can  gain,  root  access  to  the
       machine  doing  the  encrypting  (or its filesystem).  The
       reset of the encryption, as blocks are found, weakens  the
       secrecy  of the key used to encrypt the file. Any ideas to
       improve this, while remaining friendly to rsync, would  be
       most welcome.

Man(1) output converted with man2html