13

I used to download files and then use openssl to encrypt them, which is not enough for me. How can I encrypt the download gradually as the file is being downloaded?

I thought about using curl and an openssl pipe but cannot figure it out.

Is there any better tool to perform this?

Mark Kirby
  • 18,529
  • 19
  • 78
  • 114
user123456
  • 2,378

3 Answers3

30

The command would simply be:

curl -s "$URL" | openssl aes-256-cbc > "$OUTPUT_FILE"
heemayl
  • 91,753
user123456
  • 2,378
12

I do not think that this is possible (It seems I have been proven wrong on this).

However, provided the reason this is not enough for you, is that you don't want an unencrypted version of the file being stored on your drive (and potentially being restored by somebody in the future) you could use a ramdisk to temporarily store the file and encrypt it there before moving it to its destination directory.

Depending on your paranoia level and thread scenario, simply using an encrypted drive would suffice.

Bruni
  • 10,542
  • There's nothing in principle to prevent encrypting a stream of data, it's what happens when you download a huge file over HTTPS and it's basically what an encrypted drive would also do. – ilkkachu Oct 05 '16 at 16:16
  • 1
    @ilkkachu I understood that from the rather extensive discussion in the comment section of WCCs answer, which should be the accepted ;-). Nonetheless, I will not remove this answer, as I think it provides an alternative which might be useful in other scenarios. – Bruni Oct 05 '16 at 16:38
6

You can also use a mountable, filesystem-level encrypted filesystem, as EncFS or CryFS. Mount your encrypted directory and download files there. Not sure if this solves your problem, as it is not clear to me what exactly your problem is.

Marco Caminati
  • 61
  • It would be nice if you could expand your answer a bit by adding some basic instructions (and maybe a link for further reading) on how one can set up such an encrypted container. Thanks and welcome to Ask Ubuntu. – Byte Commander Oct 08 '16 at 19:05