diff -r f361d688365c -r cb50d6c57439 bin/imager.save
--- a/bin/imager.save	Fri Jul 29 16:06:55 2011 +0200
+++ b/bin/imager.save	Sun Jul 31 15:03:06 2011 +0200
@@ -20,6 +20,7 @@
 use constant GiB      => 1024 * MiB;
 use constant NOW      => time();
 use constant DATETIME => strftime("%Y-%m-%dT%H:%M:%SZ" => gmtime(NOW));
+use constant CIPHER   => "aes-128-cbc";
 
 sub get_devsize;
 sub get_devname;
@@ -31,6 +32,7 @@
     compress  => undef,
     verbose   => undef,
     blocksize => 4 * MiB,
+    pass      => undef,
 );
 lock_keys(%o);
 
@@ -47,6 +49,7 @@
             );
         },
         "z|compress:i" => sub { $o{compress} = $_[1] ? $_[1] : Z_BEST_SPEED },
+	"p|pass=s"  => \$o{pass},
         "b|blocksize=s" => sub {
             given ($_[1]) {
                 when (/(\d+)G/i) { $o{blocksize} = $1 * GiB };
@@ -137,17 +140,27 @@
         my ($file, $ext, $cs);
         $file = $cs = md5_hex($buffer);
         $file =~ s/(?<fn>(?<prefix>...).*)/$+{prefix}\/$+{fn}/g;
-        $ext = $o{compress} ? ".gz" : "";
+	$ext = "";
+        $ext .= $o{compress} ? ".gz" : "";
+	$ext .= $o{pass} ? ".x" : "";
 
         # the extension we do not put into the index
         my $log = sprintf "%12d %s %s" => ($. - 1), $cs, $file;
 
-        if (not(-e "$data/$file" or -e "$data/$file.gz")) {
-            mkpath dirname("$data/$file.gz");
-            my $out = File::Temp->new(
+        if (not(-e "$data/$file" 
+	    or -e "$data/$file.gz"
+	    or -e "$data/$file.x"
+	    or -e "$data/$file.gz.x"
+	    or -e "$data/$file.x.gz")) {
+            mkpath dirname("$data/$file");
+	    my $out = File::Temp->new(
                 TEMPLATE => ".XXXXXXX",
                 DIR      => dirname("$data/$file")
             );
+
+	    if ($o{pass}) {
+		open($out, "|openssl @{[CIPHER]} -pass $o{pass} -out $out");
+	    }
             binmode($out);
             if ($o{compress}) {
                 gzip(
@@ -227,14 +240,18 @@
 
 =over
 
+=item B<-b> I<blocksize>|B<--blocksize>=I<blocksize>
+
+The blocksize used. (may be suffixed with K, M, G). (default: 4 MiB)
+
+=item B<-p> I<pass> | B<--pass>=I<pass>
+
+Use symmetric encryption for writing the data blocks.
+
 =item B<-z> [I<level>]|B<--compress>[=I<level>]
 
 Use compression when writing the blocks to disk. (default: off)
 
-=item B<-b> I<blocksize>|B<--blocksize>=I<blocksize>
-
-The blocksize used. (may be suffixed with K, M, G). (default: 4 MiB)
-
 =item B<-h>|B<--help>
 
 =item B<-m>|B<--man>
@@ -243,4 +260,12 @@
 
 =back
 
+=head1 PERFORMANCE
+
+Some experiments have shown that if compression and encryption is used,
+about 1/3 of the time is consumed by the encryption, and 2/3 are used
+for compression. The compression is done before(!) encrypting the file,
+since otherwise there is almost no benefit in compressing an encrypted
+file!
+
 =cut