On Wed, 9 Jan 2019 09:05:32 -0500 Kynn Jones <kyn...@gmail.com> wrote:
> I am looking for software to symmetric-encrypt large numbers of files on > disk (terabytes' worth of data), and would appreciate some advice. > > My basic requirements: > > - It should be open source and no-cost (though, since I'm asking this > question here, this goes without saying); > - I should be able to program scripts (shell, Python, Perl, or Ruby) to > run this software without human intervention; this rules out tools that are > designed for interactive use. > - It should be stable; I should be able to decrypt encrypted files that > were encrypted several years earlier; (how much earlier? hard to say; > let's say 10 years, as a rough ballpark) > > In addition, the following would be nice: > > - good documentation; > - good performance; > - bindings for a high-level language (preferably Python). The standard encryption technology for linux is LUKS. It works on the block device level, not the file level. [I may be using the terminology inaccurately.] You'll find the best compatibility, stability, and documentation with LUKS, but you don't use it to create encrypted copies of files - rather, you create a LUKS encrypted device, and copy / move your files there. The LUKS tools (cryptsetup) are only necessary for the creation and management of the encrypted volume; once it's set up, you use the ondinary filesystem tools (cp, mv, ls, etc.) to access files and move them to and from encrypted storage. I believe that the most commonly used software for file level encryption is EncFS. I haven't really used it much, and can't speak to its long term stablity. Celejar