Encrypting data at rest is a modern requirement that occurs all the time. The go-to method that most admins think of is to use GPG.
But it’s slow.
How slow? Lets find out.
First, I generated a 1GB file of random data:
dd if=/dev/urandom of=data.file bs=1MB count=1024
Then I timed its encryption with GPG:
gpg --encrypt --compress-level 0 --sign --armor -r email@example.com data.file Time: 0m13.285s
--compress-level 0 disables compression as there is no compression used by OpenSSL.
Next, I tried the same with OpenSSL:
openssl enc -aes-256-cbc -salt -in data.file -out data.file.enc Time: 0m3.199s
That’s better than a 4x improvement!
Finally, decrypt the OpenSSL encrypted file with the following:
openssl enc -aes-256-cbc -d -in data.file.enc -out data.file