I need to encrypt a huge file but don't have sufficient storage on my hard-drive to store the file and its encrypted version at the same time.
It appears possible to gradually delete the file alongside the encryption so that the used space remains more or less the same.
If I encrypt my file with
openssl aes-256-cbc -in myfile -out myfile.aes-256-cbc
How would you suggest to gradually delete the original file myfile alongside the encryption?
On Linux, you could use fallocate to "punch holes" in a file, i.e. throw out some of the data blocks. It requires an ext4, XFS or btrfs filesystem (or tmpfs).
$ perl -e 'print "a" x 16384' > foo
$ ls -sl foo
16 -rw-r--r-- 1 foo foo 16384 Oct 18 13:12 foo
$ fallocate -p -o0 -l 8192 foo
$ ls -sl foo
8 -rw-r--r-- 1 foo foo 16384 Oct 18 13:12 foo
Other systems may or may not have similar features, but I think the only portable system calls related to this are posix_fallocate and truncate which don't really help you since the first can only reserve new space for the file, and the second only allows truncating a file from the end.
In any case, you'd need to rig up a program to e.g. pipe the input file to openssl and discard the parts of the file that have already been read (but not the others). Not that hard to implement in any programming language, but not very safe either, since a crash would likely leave you with unusable pieces.
I don't know if any full-disk encryption utilities can encrypt a partition in-place.
Also, related: Append huge files to each other without copying them
openssl aes-256-cbc -in file | pv -L <limit> > filewhere<limit>is abyte/slimit set withpv– user123456 Oct 18 '16 at 10:33filebefore starting to encrypt it... – Stephen Kitt Oct 18 '16 at 10:55