NAME
murk - rsync friendly encryption
SYNOPSIS
murk [-h] [-d ] [-v] [-o file] [-0] [-c cipher] [-b block-
size] [-n] [-k keyfile] [-a] keyword [file]
DESCRIPTION
The program rsync moves data between two hosts efficiently
by only transfering the differences between files. This
program, murk, encrypts files in way that rsync can take
advantage of. It does this by spotting blocks of unen-
crypted data based on their checksum. murk also slightly
compresses the source file.
The keyword argument is used to generate a salt used for
the encryption. It is also used to generate the checksum
which marks the start of a block. The keyword must be
remembered in order to decrypt a file and must be the same
in subsequent re-encryptions in order to be rsync
friendly. However, it doesn't need to be kept secret.
OPTIONS
-h --help
display a short help text
-d --decrypt
decrypts rather than encrypts
-v --verbose
gives information about blocksizes, checksums and
compression while encrypting/decrypting
-o --output
outputs to the given file (or stdin if -) instead
of the default
-0 --no-compress
only encrypt and don't compress the input
-c --cipher
use the given cipher in cbc mode. A list of ciphers
can be got by running: openssl help
-n --noprompt
don't prompt for a password. Instead run in unat-
tended mode and use a key previously generated with
the -a option.
-k --keyfile
use the given keyfile when writing keys with the -a
option or running with the -n option. By default,
$HOME/.murk is used.
-b --blocksize
the maximum blocksize to use in KB. When looking
for blocks to encrypt, murk gives up at the maximum
blocksize. It also tries to arrange things so that
this rarely happens.
-a --addkey
prompt for a password, generate a key/iv and store
these in the keyfile for later use. This option can
be also used when encrypting. Keys are identified
within the keyfile by keyword and encryption algo-
rithm. If different passwords are needed use a dif-
ferent keyword.
EXAMPLES
murk friday birthday.txt
Encrypts the file birthday.txt to birthday.txt.zm
using the keyword 'friday'. Leaves the original
file untouched.
murk -d friday birthday.txt.zm
Decrypts the file birthday.txt.zm and puts the
result in birthday.txt leaving the encrypted file
as it is.
tar -cf - my_stuff | murk -o my_stuff.zm woot
Tar and encrypt the directory my_stuff and puts the
result into my_stuff.zm using the keyword 'woot'.
murk -c des3 -b 100 -o - chocolate hints.doc
Encrypt the large file hints.doc to stdout using 3
DES in CBC mode, the keyword 'chocolate' and have a
maximum blocksize of 100K.
murk -a starchess
Prompt for a password, generate a key/iv and store
these in $HOME/.murk. Any use of murk with the -n
option with the keyword 'starchess' will encrypt or
decrypt with the generated key and iv.
EXIT STATUS
murk returns a zero exist status if things appear to be
successful A non-zero status is returned in case of fail-
ure.
AUTHOR
Saul Hazledine (at saul (dot alien-science org))
SEE ALSO
openssl(1) EVP_EncryptInit(3) bzip2(1) .
BUGS
There is one known issue with a drop of effiency when using
Solaris which could point to a bigger problem on this
platform. Please backup your data elsewhere too.
SECURITY CONSIDERATIONS
Generally, murk is not ready for encrypting anything
important yet. In unattended mode, the key file is at the
mercy of whoever has, or can gain, root access to the
machine doing the encrypting (or its filesystem). The
reset of the encryption, as blocks are found, weakens the
secrecy of the key used to encrypt the file. Any ideas to
improve this, while remaining friendly to rsync, would be
most welcome.
Man(1) output converted with
man2html