Step 1: Create your standard tar.gz archive.

tar -czf secret_data.tar.gz /home/user/documents/

Step 2: Encrypt the archive using OpenSSL. You will use the aes-256-cbc cipher (Advanced Encryption Standard 256-bit) for military-grade security.

openssl enc -aes-256-cbc -salt -in secret_data.tar.gz -out secure_backup.tar.gz.enc

You will be prompted to enter and verify a password.

Step 3: Decrypting the file. To reverse the process and access your data:

openssl enc -aes-256-cbc -d -in secure_backup.tar.gz.enc -out decrypted_data.tar.gz
tar -xzf decrypted_data.tar.gz

Pros:

Cons:

While GPG is ubiquitous on Linux and macOS, Windows users will need to install Gpg4win. For maximum cross-platform simplicity, OpenSSL is often a better choice.

gpg --decrypt backup.tar.gz.gpg | tar xzvf -

If you are writing a cross-platform script and cannot rely on GPG being installed, OpenSSL is your best friend—it's almost always present.

Remember: a .tar.gz file alone is like a cardboard box. Anyone can open it. Adding a password via encryption is like putting that box inside a steel safe. Always choose encryption when handling sensitive information.

Last updated: 2025

Here’s a post you can use for social media, a blog, or internal documentation.

Option 1: Short & Punchy (Social Media - LinkedIn/Twitter)

🔐 Want to add a quick layer of security to your .tar.gz files?
Don’t rely on just the archive format – encrypt it with a password.

Use openssl combined with tar:

tar czf - my-folder/ | openssl enc -aes-256-cbc -out archive.tar.gz.enc

💡 To decrypt & extract:

openssl enc -d -aes-256-cbc -in archive.tar.gz.enc | tar xzf -

No extra tools needed (just OpenSSL + tar).
Stay secure. 📦

#CyberSecurity #LinuxTips #DevOps

Option 2: Detailed "How-To" (Blog/Knowledge Base)

Be careful: If you create secret.tar.gz first, then encrypt it, the original unencrypted secret.tar.gz might still be on your disk. Always shred or securely delete the plaintext version.

shred -u secret.tar.gz   # Overwrites and deletes