在使用 GPG 加密之前压缩 tar 存档是否多余?据我了解,GPG 会压缩它加密的文件。是不是更适合做tar -> gpg而不是tar -> gzip -> gpg?
答案1
GnuPG 默认使用 ZIP 压缩,在许多情况下其性能略低于gzip.这表明单独的gzip阶段可能有用,但 GnuPG 也支持 zlib 压缩,使用与 相同的压缩算法gzip;要选择此项,请指定--compress-algo zlib。
您还可以指定bzip2以获得更好的压缩,使用--compress-algo bzip2.
在这两种情况下,压缩“级别”可以用指定-z,例如 -z 9。
PGP 仅支持 ZIP 压缩,但这现在可能不是什么大问题。
答案2
是的,GPG 在加密之前会压缩文件(默认情况下使用 zip)。因此预先压缩文件是没有用的。请注意,您可以使用gpgtar将文件加密到存档中,只需一步即可完成所有操作。
GPG 可以选择--compress-algo name定义要使用的压缩算法。从gpg2手册:
--compress-algo <name>
Use compression algorithm <name> "zlib" is RFC-1950 ZLIB compression. "zip" is
RFC-1951 ZIP compression which is used by PGP. "bzip2" is a more modern compression
scheme that can compress some things better than zip or zlib, but at the cost of more
memory used during compression and decompression. "uncompressed" or "none" disables
compression. If this option is not used, the default behavior is to examine the
recipient key preferences to see which algorithms the recipient supports.
If all else fails, ZIP is used for maximum compatibility.
ZLIB may give better compression results than ZIP, as the compression window size is
not limited to 8k. BZIP2 may give even better compression results than that, but will
use a significantly larger amount of memory while compressing and decompressing. This
may be significant in low memory situations. Note, however, that PGP (all versions) only
supports ZIP compression. Using any algorithm other than ZIP or "none" will make the
message unreadable with PGP. In general, you do not want to use this option as it
allows you to violate the OpenPGP standard. --personal-compress-preferences
is the safe way to accomplish the same thing.
答案3
让我提出另一种观点:gzip具有带有静态编号的恒定长度标头,这可以导致在加密之前了解纯文本文档的一部分。不建议这样做。
Tar(据我所知)没有存档的全局标头,因此不存在上述弱点。
所以我的建议是(从安全角度来看)gpg使用tar