How to password protect gzip files on the command line?












116















I want to create some tar.gz (and possibly tar.bz2) files, using the tar command on Ubuntu 10.04.



I want to password protect the file.



What is the command to do this (I have Googled, but found nothing that shows how to create and extract compressed files using a password).



Anyone knows how to do this?










share|improve this question





























    116















    I want to create some tar.gz (and possibly tar.bz2) files, using the tar command on Ubuntu 10.04.



    I want to password protect the file.



    What is the command to do this (I have Googled, but found nothing that shows how to create and extract compressed files using a password).



    Anyone knows how to do this?










    share|improve this question



























      116












      116








      116


      74






      I want to create some tar.gz (and possibly tar.bz2) files, using the tar command on Ubuntu 10.04.



      I want to password protect the file.



      What is the command to do this (I have Googled, but found nothing that shows how to create and extract compressed files using a password).



      Anyone knows how to do this?










      share|improve this question
















      I want to create some tar.gz (and possibly tar.bz2) files, using the tar command on Ubuntu 10.04.



      I want to password protect the file.



      What is the command to do this (I have Googled, but found nothing that shows how to create and extract compressed files using a password).



      Anyone knows how to do this?







      ubuntu security tar gzip bzip2






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Oct 17 '14 at 11:47









      pulsarjune

      1,2121921




      1,2121921










      asked Jul 12 '10 at 12:50









      morpheousmorpheous

      1,60392628




      1,60392628






















          6 Answers
          6






          active

          oldest

          votes


















          143














          you have to apply the unix-philosophy to this task: one tool for each task.



          tarring and compression is a job for tar and gzip or bzip2, crypto is a job for either gpg or openssl:



          Encrypt



           % tar cz folder_to_encrypt | 
          openssl enc -aes-256-cbc -e > out.tar.gz.enc


          Decrypt



           % openssl enc -aes-256-cbc -d -in out.tar.gz.enc | tar xz


          Or using gpg



           % gpg --encrypt out.tar.gz


          the openssl-variant uses symetric encryption, you would have to tell the receiving party about the used 'password' (aka 'the key'). the gpg-variant uses a combination of symetric and asymetric encryption, you use the key of the receiving party (which means that you do not have to tell any password involved to anyone) to create a session key and crypt the content with that key.



          if you go the zip (or 7z) route: essentially that is the same as the openssl-variant, you have to tell the receiving party about the password.






          share|improve this answer





















          • 24





            For anyone wondering how to decrypt the file with openssl: openssl aes-256-cbc -d -in out.tar.gz.enc -out decrypted.tar.gz

            – ndbroadbent
            Jan 28 '13 at 22:03






          • 1





            @nathan.f77 that command also shows how to do things without piping them into openssl. openssl enc -aes-256-cbc -e -in foo.tar.gz -out bar.tar.gz.enc

            – Keith Smiley
            Mar 6 '14 at 23:48






          • 2





            @KeithSmiley if you have large archives and not a lot of space (like it could be on a VPS) it's more space-efficient to pipe.

            – Andrew Savinykh
            Jun 2 '14 at 23:15











          • I can't seem to run this on a mac. Is this different in anyway?

            – eleijonmarck
            Dec 20 '16 at 20:46






          • 2





            @eleijonmarck provide the part "does not work because <insert-error-message-here>"…

            – akira
            Dec 21 '16 at 8:34



















          28














          If your intent is to just password protect files, then use the hand zip utility through command line



          zip -e <file_name>.zip <list_of_files>


          -e asks the zip utility to encrypt the files mentioned in



          Working example:



          $ touch file_{0,1}.txt # creates blank files file_0 & file_1    
          $ zip -e file.zip file_* # ask zip to encrypt
          $ ENTER PASSWORD:
          $ VERIFY PASSWORD:
          $ ls file*





          share|improve this answer





















          • 10





            Zip file encryption is not safe in any way.

            – Kristopher Ives
            May 2 '14 at 6:55






          • 3





            @KristopherIves can you elaborate on the unsafeness?

            – tscizzle
            Jun 2 '16 at 22:26











          • @tscizzle unix-ag.uni-kl.de/~conrad/krypto/pkcrack/pkcrack-readme.html

            – Kristopher Ives
            Jun 4 '16 at 2:09






          • 3





            @KristopherIves It requires "another ZIP-archive, containing at least one of the files from the encrypted archive in unencrypted form" to work.

            – Franklin Yu
            Dec 30 '16 at 20:36






          • 3





            "You need to know only a part of the plaintext (at least 13 bytes)". This makes it much more vulnerable than if an entire unencrypted file was required (which is already pretty bad). Also, zip encryption is not resistant to brute-force attacks (e.g. with Jack the Ripper). Nobody should be using it for anything serious.

            – EM0
            Jul 24 '17 at 15:41



















          16














          Here's a few ways to do this. One thing to note is that if you're going to use separate compression and encryption tools you should always compress before encryption, since encrypted data is essentially non-compressible.



          These examples compress and encrypt a file called clear_text.



          Using gpg



          $ gpg -c clear_text #Compress & Encrypt
          $ gpg -d clear_text.gpg #Decrypt & Decompress


          gpg will compress the input file before encryption by default, -c means to use symmetric encryption with a password. The output file will be clear_text.gpg. One benefit of using gpg is that is uses standard OpenPGP formats, so any encryption software that supports OpenPGP will be able to decrypt it.



          Using mcrypt



          $ mcrypt -z clear_text #Compress & Encrypt
          $ mdecrypt -z clear_text.gz.nc #Decrypt & Decompress


          The -z option compresses. By default this outputs a file called clear_text.gz.nc.



          Using bcrypt



          $ bcrypt -r clear_text #Compress & Encrypt
          $ bcrypt -r clear_text.bfe #Decrypt & Decompress


          bcrypt compresses before encrypting by default, the -r option is so that the input file isn't deleted in the process. The output file is called clear_text.bfe by default.



          Using gzip and aespipe



          $ cat clear_text | gzip | aespipe > clear_text.gz.aes #Compress & Encrypt
          $ cat clear_text.gz.aes | aespipe -d | gunzip > clear_text #Decrypt & Decompress


          aespipe is what it sounds like, a program that takes input on stdin and outputs aes encrypted data on stdout. It doesn't support compression, so you can pipe the input through gzip first. Since the output goes to stdout you'll have to redirect it to a file with a name of your own choosing. Probably not the most effective way to do what you're asking but aespipe is a versatile tool so I thought it was worth mentioning.






          share|improve this answer































            12














            You can use 7zip to create your password protected archive. You can specify the password on the command line (or in a script) the following way:



            7z a -p<password> <someprotectedfile>.7z file1.txt file2.txt



            7zip can also read from STDIN as follows:



            cat <somefile> | 7z a -si -p<password> <someprotectedfile>.7z



            If it's mandatory to use zip files, you might want to play around with the -t<type> parameter (e.g. -tzip).






            share|improve this answer



















            • 4





              I picked this as the answer because it's the only one that answers the question. The question isn't how to encrypt a message, it's how to password protect an archive. That's all I needed to do. (Gmail was blocking my server backups because it decided there was something unsafe in the attachment, and I just needed to add a password. It doesn't have to be secure.)

              – felwithe
              Sep 23 '16 at 16:56



















            7














            Neither tar, gzip, nor bzip2 supports password protection. Either use a compression format that does, such as zip, or encrypt it with another tool such as GnuPG.






            share|improve this answer
























            • Ah, that explains why I couldn't find anything online. I think I'll go for zip.

              – morpheous
              Jul 12 '10 at 13:01











            • Gah!, I'm trying to recursively zip a directory with passwors, and it only creates a zip file with the name foobar as an (empty) directory in it. Here is the command I am using: zip -e foobar.zip foobar. foobar is a non-empty folder in the current directory

              – morpheous
              Jul 12 '10 at 13:22






            • 4





              Just like the man says, -r.

              – Ignacio Vazquez-Abrams
              Jul 12 '10 at 13:24



















            3














            Create with:



            tar czvf - directory | gpg --symmetric --cipher-algo aes256 -o passwordprotectedarchive.tar.gz.gpg


            It will ask you for a password.



            Decrypt with:



            gpg -d passwordprotectedarchive.tar.gz.gpg | tar xzvf -





            share|improve this answer























              Your Answer








              StackExchange.ready(function() {
              var channelOptions = {
              tags: "".split(" "),
              id: "3"
              };
              initTagRenderer("".split(" "), "".split(" "), channelOptions);

              StackExchange.using("externalEditor", function() {
              // Have to fire editor after snippets, if snippets enabled
              if (StackExchange.settings.snippets.snippetsEnabled) {
              StackExchange.using("snippets", function() {
              createEditor();
              });
              }
              else {
              createEditor();
              }
              });

              function createEditor() {
              StackExchange.prepareEditor({
              heartbeatType: 'answer',
              autoActivateHeartbeat: false,
              convertImagesToLinks: true,
              noModals: true,
              showLowRepImageUploadWarning: true,
              reputationToPostImages: 10,
              bindNavPrevention: true,
              postfix: "",
              imageUploader: {
              brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
              contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
              allowUrls: true
              },
              onDemand: true,
              discardSelector: ".discard-answer"
              ,immediatelyShowMarkdownHelp:true
              });


              }
              });














              draft saved

              draft discarded


















              StackExchange.ready(
              function () {
              StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f162624%2fhow-to-password-protect-gzip-files-on-the-command-line%23new-answer', 'question_page');
              }
              );

              Post as a guest















              Required, but never shown

























              6 Answers
              6






              active

              oldest

              votes








              6 Answers
              6






              active

              oldest

              votes









              active

              oldest

              votes






              active

              oldest

              votes









              143














              you have to apply the unix-philosophy to this task: one tool for each task.



              tarring and compression is a job for tar and gzip or bzip2, crypto is a job for either gpg or openssl:



              Encrypt



               % tar cz folder_to_encrypt | 
              openssl enc -aes-256-cbc -e > out.tar.gz.enc


              Decrypt



               % openssl enc -aes-256-cbc -d -in out.tar.gz.enc | tar xz


              Or using gpg



               % gpg --encrypt out.tar.gz


              the openssl-variant uses symetric encryption, you would have to tell the receiving party about the used 'password' (aka 'the key'). the gpg-variant uses a combination of symetric and asymetric encryption, you use the key of the receiving party (which means that you do not have to tell any password involved to anyone) to create a session key and crypt the content with that key.



              if you go the zip (or 7z) route: essentially that is the same as the openssl-variant, you have to tell the receiving party about the password.






              share|improve this answer





















              • 24





                For anyone wondering how to decrypt the file with openssl: openssl aes-256-cbc -d -in out.tar.gz.enc -out decrypted.tar.gz

                – ndbroadbent
                Jan 28 '13 at 22:03






              • 1





                @nathan.f77 that command also shows how to do things without piping them into openssl. openssl enc -aes-256-cbc -e -in foo.tar.gz -out bar.tar.gz.enc

                – Keith Smiley
                Mar 6 '14 at 23:48






              • 2





                @KeithSmiley if you have large archives and not a lot of space (like it could be on a VPS) it's more space-efficient to pipe.

                – Andrew Savinykh
                Jun 2 '14 at 23:15











              • I can't seem to run this on a mac. Is this different in anyway?

                – eleijonmarck
                Dec 20 '16 at 20:46






              • 2





                @eleijonmarck provide the part "does not work because <insert-error-message-here>"…

                – akira
                Dec 21 '16 at 8:34
















              143














              you have to apply the unix-philosophy to this task: one tool for each task.



              tarring and compression is a job for tar and gzip or bzip2, crypto is a job for either gpg or openssl:



              Encrypt



               % tar cz folder_to_encrypt | 
              openssl enc -aes-256-cbc -e > out.tar.gz.enc


              Decrypt



               % openssl enc -aes-256-cbc -d -in out.tar.gz.enc | tar xz


              Or using gpg



               % gpg --encrypt out.tar.gz


              the openssl-variant uses symetric encryption, you would have to tell the receiving party about the used 'password' (aka 'the key'). the gpg-variant uses a combination of symetric and asymetric encryption, you use the key of the receiving party (which means that you do not have to tell any password involved to anyone) to create a session key and crypt the content with that key.



              if you go the zip (or 7z) route: essentially that is the same as the openssl-variant, you have to tell the receiving party about the password.






              share|improve this answer





















              • 24





                For anyone wondering how to decrypt the file with openssl: openssl aes-256-cbc -d -in out.tar.gz.enc -out decrypted.tar.gz

                – ndbroadbent
                Jan 28 '13 at 22:03






              • 1





                @nathan.f77 that command also shows how to do things without piping them into openssl. openssl enc -aes-256-cbc -e -in foo.tar.gz -out bar.tar.gz.enc

                – Keith Smiley
                Mar 6 '14 at 23:48






              • 2





                @KeithSmiley if you have large archives and not a lot of space (like it could be on a VPS) it's more space-efficient to pipe.

                – Andrew Savinykh
                Jun 2 '14 at 23:15











              • I can't seem to run this on a mac. Is this different in anyway?

                – eleijonmarck
                Dec 20 '16 at 20:46






              • 2





                @eleijonmarck provide the part "does not work because <insert-error-message-here>"…

                – akira
                Dec 21 '16 at 8:34














              143












              143








              143







              you have to apply the unix-philosophy to this task: one tool for each task.



              tarring and compression is a job for tar and gzip or bzip2, crypto is a job for either gpg or openssl:



              Encrypt



               % tar cz folder_to_encrypt | 
              openssl enc -aes-256-cbc -e > out.tar.gz.enc


              Decrypt



               % openssl enc -aes-256-cbc -d -in out.tar.gz.enc | tar xz


              Or using gpg



               % gpg --encrypt out.tar.gz


              the openssl-variant uses symetric encryption, you would have to tell the receiving party about the used 'password' (aka 'the key'). the gpg-variant uses a combination of symetric and asymetric encryption, you use the key of the receiving party (which means that you do not have to tell any password involved to anyone) to create a session key and crypt the content with that key.



              if you go the zip (or 7z) route: essentially that is the same as the openssl-variant, you have to tell the receiving party about the password.






              share|improve this answer















              you have to apply the unix-philosophy to this task: one tool for each task.



              tarring and compression is a job for tar and gzip or bzip2, crypto is a job for either gpg or openssl:



              Encrypt



               % tar cz folder_to_encrypt | 
              openssl enc -aes-256-cbc -e > out.tar.gz.enc


              Decrypt



               % openssl enc -aes-256-cbc -d -in out.tar.gz.enc | tar xz


              Or using gpg



               % gpg --encrypt out.tar.gz


              the openssl-variant uses symetric encryption, you would have to tell the receiving party about the used 'password' (aka 'the key'). the gpg-variant uses a combination of symetric and asymetric encryption, you use the key of the receiving party (which means that you do not have to tell any password involved to anyone) to create a session key and crypt the content with that key.



              if you go the zip (or 7z) route: essentially that is the same as the openssl-variant, you have to tell the receiving party about the password.







              share|improve this answer














              share|improve this answer



              share|improve this answer








              edited Nov 1 '16 at 21:32









              Evan

              1031




              1031










              answered Jul 12 '10 at 13:05









              akiraakira

              48.7k15112152




              48.7k15112152








              • 24





                For anyone wondering how to decrypt the file with openssl: openssl aes-256-cbc -d -in out.tar.gz.enc -out decrypted.tar.gz

                – ndbroadbent
                Jan 28 '13 at 22:03






              • 1





                @nathan.f77 that command also shows how to do things without piping them into openssl. openssl enc -aes-256-cbc -e -in foo.tar.gz -out bar.tar.gz.enc

                – Keith Smiley
                Mar 6 '14 at 23:48






              • 2





                @KeithSmiley if you have large archives and not a lot of space (like it could be on a VPS) it's more space-efficient to pipe.

                – Andrew Savinykh
                Jun 2 '14 at 23:15











              • I can't seem to run this on a mac. Is this different in anyway?

                – eleijonmarck
                Dec 20 '16 at 20:46






              • 2





                @eleijonmarck provide the part "does not work because <insert-error-message-here>"…

                – akira
                Dec 21 '16 at 8:34














              • 24





                For anyone wondering how to decrypt the file with openssl: openssl aes-256-cbc -d -in out.tar.gz.enc -out decrypted.tar.gz

                – ndbroadbent
                Jan 28 '13 at 22:03






              • 1





                @nathan.f77 that command also shows how to do things without piping them into openssl. openssl enc -aes-256-cbc -e -in foo.tar.gz -out bar.tar.gz.enc

                – Keith Smiley
                Mar 6 '14 at 23:48






              • 2





                @KeithSmiley if you have large archives and not a lot of space (like it could be on a VPS) it's more space-efficient to pipe.

                – Andrew Savinykh
                Jun 2 '14 at 23:15











              • I can't seem to run this on a mac. Is this different in anyway?

                – eleijonmarck
                Dec 20 '16 at 20:46






              • 2





                @eleijonmarck provide the part "does not work because <insert-error-message-here>"…

                – akira
                Dec 21 '16 at 8:34








              24




              24





              For anyone wondering how to decrypt the file with openssl: openssl aes-256-cbc -d -in out.tar.gz.enc -out decrypted.tar.gz

              – ndbroadbent
              Jan 28 '13 at 22:03





              For anyone wondering how to decrypt the file with openssl: openssl aes-256-cbc -d -in out.tar.gz.enc -out decrypted.tar.gz

              – ndbroadbent
              Jan 28 '13 at 22:03




              1




              1





              @nathan.f77 that command also shows how to do things without piping them into openssl. openssl enc -aes-256-cbc -e -in foo.tar.gz -out bar.tar.gz.enc

              – Keith Smiley
              Mar 6 '14 at 23:48





              @nathan.f77 that command also shows how to do things without piping them into openssl. openssl enc -aes-256-cbc -e -in foo.tar.gz -out bar.tar.gz.enc

              – Keith Smiley
              Mar 6 '14 at 23:48




              2




              2





              @KeithSmiley if you have large archives and not a lot of space (like it could be on a VPS) it's more space-efficient to pipe.

              – Andrew Savinykh
              Jun 2 '14 at 23:15





              @KeithSmiley if you have large archives and not a lot of space (like it could be on a VPS) it's more space-efficient to pipe.

              – Andrew Savinykh
              Jun 2 '14 at 23:15













              I can't seem to run this on a mac. Is this different in anyway?

              – eleijonmarck
              Dec 20 '16 at 20:46





              I can't seem to run this on a mac. Is this different in anyway?

              – eleijonmarck
              Dec 20 '16 at 20:46




              2




              2





              @eleijonmarck provide the part "does not work because <insert-error-message-here>"…

              – akira
              Dec 21 '16 at 8:34





              @eleijonmarck provide the part "does not work because <insert-error-message-here>"…

              – akira
              Dec 21 '16 at 8:34













              28














              If your intent is to just password protect files, then use the hand zip utility through command line



              zip -e <file_name>.zip <list_of_files>


              -e asks the zip utility to encrypt the files mentioned in



              Working example:



              $ touch file_{0,1}.txt # creates blank files file_0 & file_1    
              $ zip -e file.zip file_* # ask zip to encrypt
              $ ENTER PASSWORD:
              $ VERIFY PASSWORD:
              $ ls file*





              share|improve this answer





















              • 10





                Zip file encryption is not safe in any way.

                – Kristopher Ives
                May 2 '14 at 6:55






              • 3





                @KristopherIves can you elaborate on the unsafeness?

                – tscizzle
                Jun 2 '16 at 22:26











              • @tscizzle unix-ag.uni-kl.de/~conrad/krypto/pkcrack/pkcrack-readme.html

                – Kristopher Ives
                Jun 4 '16 at 2:09






              • 3





                @KristopherIves It requires "another ZIP-archive, containing at least one of the files from the encrypted archive in unencrypted form" to work.

                – Franklin Yu
                Dec 30 '16 at 20:36






              • 3





                "You need to know only a part of the plaintext (at least 13 bytes)". This makes it much more vulnerable than if an entire unencrypted file was required (which is already pretty bad). Also, zip encryption is not resistant to brute-force attacks (e.g. with Jack the Ripper). Nobody should be using it for anything serious.

                – EM0
                Jul 24 '17 at 15:41
















              28














              If your intent is to just password protect files, then use the hand zip utility through command line



              zip -e <file_name>.zip <list_of_files>


              -e asks the zip utility to encrypt the files mentioned in



              Working example:



              $ touch file_{0,1}.txt # creates blank files file_0 & file_1    
              $ zip -e file.zip file_* # ask zip to encrypt
              $ ENTER PASSWORD:
              $ VERIFY PASSWORD:
              $ ls file*





              share|improve this answer





















              • 10





                Zip file encryption is not safe in any way.

                – Kristopher Ives
                May 2 '14 at 6:55






              • 3





                @KristopherIves can you elaborate on the unsafeness?

                – tscizzle
                Jun 2 '16 at 22:26











              • @tscizzle unix-ag.uni-kl.de/~conrad/krypto/pkcrack/pkcrack-readme.html

                – Kristopher Ives
                Jun 4 '16 at 2:09






              • 3





                @KristopherIves It requires "another ZIP-archive, containing at least one of the files from the encrypted archive in unencrypted form" to work.

                – Franklin Yu
                Dec 30 '16 at 20:36






              • 3





                "You need to know only a part of the plaintext (at least 13 bytes)". This makes it much more vulnerable than if an entire unencrypted file was required (which is already pretty bad). Also, zip encryption is not resistant to brute-force attacks (e.g. with Jack the Ripper). Nobody should be using it for anything serious.

                – EM0
                Jul 24 '17 at 15:41














              28












              28








              28







              If your intent is to just password protect files, then use the hand zip utility through command line



              zip -e <file_name>.zip <list_of_files>


              -e asks the zip utility to encrypt the files mentioned in



              Working example:



              $ touch file_{0,1}.txt # creates blank files file_0 & file_1    
              $ zip -e file.zip file_* # ask zip to encrypt
              $ ENTER PASSWORD:
              $ VERIFY PASSWORD:
              $ ls file*





              share|improve this answer















              If your intent is to just password protect files, then use the hand zip utility through command line



              zip -e <file_name>.zip <list_of_files>


              -e asks the zip utility to encrypt the files mentioned in



              Working example:



              $ touch file_{0,1}.txt # creates blank files file_0 & file_1    
              $ zip -e file.zip file_* # ask zip to encrypt
              $ ENTER PASSWORD:
              $ VERIFY PASSWORD:
              $ ls file*






              share|improve this answer














              share|improve this answer



              share|improve this answer








              edited Jul 18 '13 at 4:47









              Leo

              344212




              344212










              answered Jun 17 '12 at 20:12









              Antony ThomasAntony Thomas

              37734




              37734








              • 10





                Zip file encryption is not safe in any way.

                – Kristopher Ives
                May 2 '14 at 6:55






              • 3





                @KristopherIves can you elaborate on the unsafeness?

                – tscizzle
                Jun 2 '16 at 22:26











              • @tscizzle unix-ag.uni-kl.de/~conrad/krypto/pkcrack/pkcrack-readme.html

                – Kristopher Ives
                Jun 4 '16 at 2:09






              • 3





                @KristopherIves It requires "another ZIP-archive, containing at least one of the files from the encrypted archive in unencrypted form" to work.

                – Franklin Yu
                Dec 30 '16 at 20:36






              • 3





                "You need to know only a part of the plaintext (at least 13 bytes)". This makes it much more vulnerable than if an entire unencrypted file was required (which is already pretty bad). Also, zip encryption is not resistant to brute-force attacks (e.g. with Jack the Ripper). Nobody should be using it for anything serious.

                – EM0
                Jul 24 '17 at 15:41














              • 10





                Zip file encryption is not safe in any way.

                – Kristopher Ives
                May 2 '14 at 6:55






              • 3





                @KristopherIves can you elaborate on the unsafeness?

                – tscizzle
                Jun 2 '16 at 22:26











              • @tscizzle unix-ag.uni-kl.de/~conrad/krypto/pkcrack/pkcrack-readme.html

                – Kristopher Ives
                Jun 4 '16 at 2:09






              • 3





                @KristopherIves It requires "another ZIP-archive, containing at least one of the files from the encrypted archive in unencrypted form" to work.

                – Franklin Yu
                Dec 30 '16 at 20:36






              • 3





                "You need to know only a part of the plaintext (at least 13 bytes)". This makes it much more vulnerable than if an entire unencrypted file was required (which is already pretty bad). Also, zip encryption is not resistant to brute-force attacks (e.g. with Jack the Ripper). Nobody should be using it for anything serious.

                – EM0
                Jul 24 '17 at 15:41








              10




              10





              Zip file encryption is not safe in any way.

              – Kristopher Ives
              May 2 '14 at 6:55





              Zip file encryption is not safe in any way.

              – Kristopher Ives
              May 2 '14 at 6:55




              3




              3





              @KristopherIves can you elaborate on the unsafeness?

              – tscizzle
              Jun 2 '16 at 22:26





              @KristopherIves can you elaborate on the unsafeness?

              – tscizzle
              Jun 2 '16 at 22:26













              @tscizzle unix-ag.uni-kl.de/~conrad/krypto/pkcrack/pkcrack-readme.html

              – Kristopher Ives
              Jun 4 '16 at 2:09





              @tscizzle unix-ag.uni-kl.de/~conrad/krypto/pkcrack/pkcrack-readme.html

              – Kristopher Ives
              Jun 4 '16 at 2:09




              3




              3





              @KristopherIves It requires "another ZIP-archive, containing at least one of the files from the encrypted archive in unencrypted form" to work.

              – Franklin Yu
              Dec 30 '16 at 20:36





              @KristopherIves It requires "another ZIP-archive, containing at least one of the files from the encrypted archive in unencrypted form" to work.

              – Franklin Yu
              Dec 30 '16 at 20:36




              3




              3





              "You need to know only a part of the plaintext (at least 13 bytes)". This makes it much more vulnerable than if an entire unencrypted file was required (which is already pretty bad). Also, zip encryption is not resistant to brute-force attacks (e.g. with Jack the Ripper). Nobody should be using it for anything serious.

              – EM0
              Jul 24 '17 at 15:41





              "You need to know only a part of the plaintext (at least 13 bytes)". This makes it much more vulnerable than if an entire unencrypted file was required (which is already pretty bad). Also, zip encryption is not resistant to brute-force attacks (e.g. with Jack the Ripper). Nobody should be using it for anything serious.

              – EM0
              Jul 24 '17 at 15:41











              16














              Here's a few ways to do this. One thing to note is that if you're going to use separate compression and encryption tools you should always compress before encryption, since encrypted data is essentially non-compressible.



              These examples compress and encrypt a file called clear_text.



              Using gpg



              $ gpg -c clear_text #Compress & Encrypt
              $ gpg -d clear_text.gpg #Decrypt & Decompress


              gpg will compress the input file before encryption by default, -c means to use symmetric encryption with a password. The output file will be clear_text.gpg. One benefit of using gpg is that is uses standard OpenPGP formats, so any encryption software that supports OpenPGP will be able to decrypt it.



              Using mcrypt



              $ mcrypt -z clear_text #Compress & Encrypt
              $ mdecrypt -z clear_text.gz.nc #Decrypt & Decompress


              The -z option compresses. By default this outputs a file called clear_text.gz.nc.



              Using bcrypt



              $ bcrypt -r clear_text #Compress & Encrypt
              $ bcrypt -r clear_text.bfe #Decrypt & Decompress


              bcrypt compresses before encrypting by default, the -r option is so that the input file isn't deleted in the process. The output file is called clear_text.bfe by default.



              Using gzip and aespipe



              $ cat clear_text | gzip | aespipe > clear_text.gz.aes #Compress & Encrypt
              $ cat clear_text.gz.aes | aespipe -d | gunzip > clear_text #Decrypt & Decompress


              aespipe is what it sounds like, a program that takes input on stdin and outputs aes encrypted data on stdout. It doesn't support compression, so you can pipe the input through gzip first. Since the output goes to stdout you'll have to redirect it to a file with a name of your own choosing. Probably not the most effective way to do what you're asking but aespipe is a versatile tool so I thought it was worth mentioning.






              share|improve this answer




























                16














                Here's a few ways to do this. One thing to note is that if you're going to use separate compression and encryption tools you should always compress before encryption, since encrypted data is essentially non-compressible.



                These examples compress and encrypt a file called clear_text.



                Using gpg



                $ gpg -c clear_text #Compress & Encrypt
                $ gpg -d clear_text.gpg #Decrypt & Decompress


                gpg will compress the input file before encryption by default, -c means to use symmetric encryption with a password. The output file will be clear_text.gpg. One benefit of using gpg is that is uses standard OpenPGP formats, so any encryption software that supports OpenPGP will be able to decrypt it.



                Using mcrypt



                $ mcrypt -z clear_text #Compress & Encrypt
                $ mdecrypt -z clear_text.gz.nc #Decrypt & Decompress


                The -z option compresses. By default this outputs a file called clear_text.gz.nc.



                Using bcrypt



                $ bcrypt -r clear_text #Compress & Encrypt
                $ bcrypt -r clear_text.bfe #Decrypt & Decompress


                bcrypt compresses before encrypting by default, the -r option is so that the input file isn't deleted in the process. The output file is called clear_text.bfe by default.



                Using gzip and aespipe



                $ cat clear_text | gzip | aespipe > clear_text.gz.aes #Compress & Encrypt
                $ cat clear_text.gz.aes | aespipe -d | gunzip > clear_text #Decrypt & Decompress


                aespipe is what it sounds like, a program that takes input on stdin and outputs aes encrypted data on stdout. It doesn't support compression, so you can pipe the input through gzip first. Since the output goes to stdout you'll have to redirect it to a file with a name of your own choosing. Probably not the most effective way to do what you're asking but aespipe is a versatile tool so I thought it was worth mentioning.






                share|improve this answer


























                  16












                  16








                  16







                  Here's a few ways to do this. One thing to note is that if you're going to use separate compression and encryption tools you should always compress before encryption, since encrypted data is essentially non-compressible.



                  These examples compress and encrypt a file called clear_text.



                  Using gpg



                  $ gpg -c clear_text #Compress & Encrypt
                  $ gpg -d clear_text.gpg #Decrypt & Decompress


                  gpg will compress the input file before encryption by default, -c means to use symmetric encryption with a password. The output file will be clear_text.gpg. One benefit of using gpg is that is uses standard OpenPGP formats, so any encryption software that supports OpenPGP will be able to decrypt it.



                  Using mcrypt



                  $ mcrypt -z clear_text #Compress & Encrypt
                  $ mdecrypt -z clear_text.gz.nc #Decrypt & Decompress


                  The -z option compresses. By default this outputs a file called clear_text.gz.nc.



                  Using bcrypt



                  $ bcrypt -r clear_text #Compress & Encrypt
                  $ bcrypt -r clear_text.bfe #Decrypt & Decompress


                  bcrypt compresses before encrypting by default, the -r option is so that the input file isn't deleted in the process. The output file is called clear_text.bfe by default.



                  Using gzip and aespipe



                  $ cat clear_text | gzip | aespipe > clear_text.gz.aes #Compress & Encrypt
                  $ cat clear_text.gz.aes | aespipe -d | gunzip > clear_text #Decrypt & Decompress


                  aespipe is what it sounds like, a program that takes input on stdin and outputs aes encrypted data on stdout. It doesn't support compression, so you can pipe the input through gzip first. Since the output goes to stdout you'll have to redirect it to a file with a name of your own choosing. Probably not the most effective way to do what you're asking but aespipe is a versatile tool so I thought it was worth mentioning.






                  share|improve this answer













                  Here's a few ways to do this. One thing to note is that if you're going to use separate compression and encryption tools you should always compress before encryption, since encrypted data is essentially non-compressible.



                  These examples compress and encrypt a file called clear_text.



                  Using gpg



                  $ gpg -c clear_text #Compress & Encrypt
                  $ gpg -d clear_text.gpg #Decrypt & Decompress


                  gpg will compress the input file before encryption by default, -c means to use symmetric encryption with a password. The output file will be clear_text.gpg. One benefit of using gpg is that is uses standard OpenPGP formats, so any encryption software that supports OpenPGP will be able to decrypt it.



                  Using mcrypt



                  $ mcrypt -z clear_text #Compress & Encrypt
                  $ mdecrypt -z clear_text.gz.nc #Decrypt & Decompress


                  The -z option compresses. By default this outputs a file called clear_text.gz.nc.



                  Using bcrypt



                  $ bcrypt -r clear_text #Compress & Encrypt
                  $ bcrypt -r clear_text.bfe #Decrypt & Decompress


                  bcrypt compresses before encrypting by default, the -r option is so that the input file isn't deleted in the process. The output file is called clear_text.bfe by default.



                  Using gzip and aespipe



                  $ cat clear_text | gzip | aespipe > clear_text.gz.aes #Compress & Encrypt
                  $ cat clear_text.gz.aes | aespipe -d | gunzip > clear_text #Decrypt & Decompress


                  aespipe is what it sounds like, a program that takes input on stdin and outputs aes encrypted data on stdout. It doesn't support compression, so you can pipe the input through gzip first. Since the output goes to stdout you'll have to redirect it to a file with a name of your own choosing. Probably not the most effective way to do what you're asking but aespipe is a versatile tool so I thought it was worth mentioning.







                  share|improve this answer












                  share|improve this answer



                  share|improve this answer










                  answered May 1 '14 at 1:38









                  Graphics NoobGraphics Noob

                  29549




                  29549























                      12














                      You can use 7zip to create your password protected archive. You can specify the password on the command line (or in a script) the following way:



                      7z a -p<password> <someprotectedfile>.7z file1.txt file2.txt



                      7zip can also read from STDIN as follows:



                      cat <somefile> | 7z a -si -p<password> <someprotectedfile>.7z



                      If it's mandatory to use zip files, you might want to play around with the -t<type> parameter (e.g. -tzip).






                      share|improve this answer



















                      • 4





                        I picked this as the answer because it's the only one that answers the question. The question isn't how to encrypt a message, it's how to password protect an archive. That's all I needed to do. (Gmail was blocking my server backups because it decided there was something unsafe in the attachment, and I just needed to add a password. It doesn't have to be secure.)

                        – felwithe
                        Sep 23 '16 at 16:56
















                      12














                      You can use 7zip to create your password protected archive. You can specify the password on the command line (or in a script) the following way:



                      7z a -p<password> <someprotectedfile>.7z file1.txt file2.txt



                      7zip can also read from STDIN as follows:



                      cat <somefile> | 7z a -si -p<password> <someprotectedfile>.7z



                      If it's mandatory to use zip files, you might want to play around with the -t<type> parameter (e.g. -tzip).






                      share|improve this answer



















                      • 4





                        I picked this as the answer because it's the only one that answers the question. The question isn't how to encrypt a message, it's how to password protect an archive. That's all I needed to do. (Gmail was blocking my server backups because it decided there was something unsafe in the attachment, and I just needed to add a password. It doesn't have to be secure.)

                        – felwithe
                        Sep 23 '16 at 16:56














                      12












                      12








                      12







                      You can use 7zip to create your password protected archive. You can specify the password on the command line (or in a script) the following way:



                      7z a -p<password> <someprotectedfile>.7z file1.txt file2.txt



                      7zip can also read from STDIN as follows:



                      cat <somefile> | 7z a -si -p<password> <someprotectedfile>.7z



                      If it's mandatory to use zip files, you might want to play around with the -t<type> parameter (e.g. -tzip).






                      share|improve this answer













                      You can use 7zip to create your password protected archive. You can specify the password on the command line (or in a script) the following way:



                      7z a -p<password> <someprotectedfile>.7z file1.txt file2.txt



                      7zip can also read from STDIN as follows:



                      cat <somefile> | 7z a -si -p<password> <someprotectedfile>.7z



                      If it's mandatory to use zip files, you might want to play around with the -t<type> parameter (e.g. -tzip).







                      share|improve this answer












                      share|improve this answer



                      share|improve this answer










                      answered Oct 17 '14 at 9:52









                      SaeXSaeX

                      294414




                      294414








                      • 4





                        I picked this as the answer because it's the only one that answers the question. The question isn't how to encrypt a message, it's how to password protect an archive. That's all I needed to do. (Gmail was blocking my server backups because it decided there was something unsafe in the attachment, and I just needed to add a password. It doesn't have to be secure.)

                        – felwithe
                        Sep 23 '16 at 16:56














                      • 4





                        I picked this as the answer because it's the only one that answers the question. The question isn't how to encrypt a message, it's how to password protect an archive. That's all I needed to do. (Gmail was blocking my server backups because it decided there was something unsafe in the attachment, and I just needed to add a password. It doesn't have to be secure.)

                        – felwithe
                        Sep 23 '16 at 16:56








                      4




                      4





                      I picked this as the answer because it's the only one that answers the question. The question isn't how to encrypt a message, it's how to password protect an archive. That's all I needed to do. (Gmail was blocking my server backups because it decided there was something unsafe in the attachment, and I just needed to add a password. It doesn't have to be secure.)

                      – felwithe
                      Sep 23 '16 at 16:56





                      I picked this as the answer because it's the only one that answers the question. The question isn't how to encrypt a message, it's how to password protect an archive. That's all I needed to do. (Gmail was blocking my server backups because it decided there was something unsafe in the attachment, and I just needed to add a password. It doesn't have to be secure.)

                      – felwithe
                      Sep 23 '16 at 16:56











                      7














                      Neither tar, gzip, nor bzip2 supports password protection. Either use a compression format that does, such as zip, or encrypt it with another tool such as GnuPG.






                      share|improve this answer
























                      • Ah, that explains why I couldn't find anything online. I think I'll go for zip.

                        – morpheous
                        Jul 12 '10 at 13:01











                      • Gah!, I'm trying to recursively zip a directory with passwors, and it only creates a zip file with the name foobar as an (empty) directory in it. Here is the command I am using: zip -e foobar.zip foobar. foobar is a non-empty folder in the current directory

                        – morpheous
                        Jul 12 '10 at 13:22






                      • 4





                        Just like the man says, -r.

                        – Ignacio Vazquez-Abrams
                        Jul 12 '10 at 13:24
















                      7














                      Neither tar, gzip, nor bzip2 supports password protection. Either use a compression format that does, such as zip, or encrypt it with another tool such as GnuPG.






                      share|improve this answer
























                      • Ah, that explains why I couldn't find anything online. I think I'll go for zip.

                        – morpheous
                        Jul 12 '10 at 13:01











                      • Gah!, I'm trying to recursively zip a directory with passwors, and it only creates a zip file with the name foobar as an (empty) directory in it. Here is the command I am using: zip -e foobar.zip foobar. foobar is a non-empty folder in the current directory

                        – morpheous
                        Jul 12 '10 at 13:22






                      • 4





                        Just like the man says, -r.

                        – Ignacio Vazquez-Abrams
                        Jul 12 '10 at 13:24














                      7












                      7








                      7







                      Neither tar, gzip, nor bzip2 supports password protection. Either use a compression format that does, such as zip, or encrypt it with another tool such as GnuPG.






                      share|improve this answer













                      Neither tar, gzip, nor bzip2 supports password protection. Either use a compression format that does, such as zip, or encrypt it with another tool such as GnuPG.







                      share|improve this answer












                      share|improve this answer



                      share|improve this answer










                      answered Jul 12 '10 at 12:52









                      Ignacio Vazquez-AbramsIgnacio Vazquez-Abrams

                      95.9k6154211




                      95.9k6154211













                      • Ah, that explains why I couldn't find anything online. I think I'll go for zip.

                        – morpheous
                        Jul 12 '10 at 13:01











                      • Gah!, I'm trying to recursively zip a directory with passwors, and it only creates a zip file with the name foobar as an (empty) directory in it. Here is the command I am using: zip -e foobar.zip foobar. foobar is a non-empty folder in the current directory

                        – morpheous
                        Jul 12 '10 at 13:22






                      • 4





                        Just like the man says, -r.

                        – Ignacio Vazquez-Abrams
                        Jul 12 '10 at 13:24



















                      • Ah, that explains why I couldn't find anything online. I think I'll go for zip.

                        – morpheous
                        Jul 12 '10 at 13:01











                      • Gah!, I'm trying to recursively zip a directory with passwors, and it only creates a zip file with the name foobar as an (empty) directory in it. Here is the command I am using: zip -e foobar.zip foobar. foobar is a non-empty folder in the current directory

                        – morpheous
                        Jul 12 '10 at 13:22






                      • 4





                        Just like the man says, -r.

                        – Ignacio Vazquez-Abrams
                        Jul 12 '10 at 13:24

















                      Ah, that explains why I couldn't find anything online. I think I'll go for zip.

                      – morpheous
                      Jul 12 '10 at 13:01





                      Ah, that explains why I couldn't find anything online. I think I'll go for zip.

                      – morpheous
                      Jul 12 '10 at 13:01













                      Gah!, I'm trying to recursively zip a directory with passwors, and it only creates a zip file with the name foobar as an (empty) directory in it. Here is the command I am using: zip -e foobar.zip foobar. foobar is a non-empty folder in the current directory

                      – morpheous
                      Jul 12 '10 at 13:22





                      Gah!, I'm trying to recursively zip a directory with passwors, and it only creates a zip file with the name foobar as an (empty) directory in it. Here is the command I am using: zip -e foobar.zip foobar. foobar is a non-empty folder in the current directory

                      – morpheous
                      Jul 12 '10 at 13:22




                      4




                      4





                      Just like the man says, -r.

                      – Ignacio Vazquez-Abrams
                      Jul 12 '10 at 13:24





                      Just like the man says, -r.

                      – Ignacio Vazquez-Abrams
                      Jul 12 '10 at 13:24











                      3














                      Create with:



                      tar czvf - directory | gpg --symmetric --cipher-algo aes256 -o passwordprotectedarchive.tar.gz.gpg


                      It will ask you for a password.



                      Decrypt with:



                      gpg -d passwordprotectedarchive.tar.gz.gpg | tar xzvf -





                      share|improve this answer




























                        3














                        Create with:



                        tar czvf - directory | gpg --symmetric --cipher-algo aes256 -o passwordprotectedarchive.tar.gz.gpg


                        It will ask you for a password.



                        Decrypt with:



                        gpg -d passwordprotectedarchive.tar.gz.gpg | tar xzvf -





                        share|improve this answer


























                          3












                          3








                          3







                          Create with:



                          tar czvf - directory | gpg --symmetric --cipher-algo aes256 -o passwordprotectedarchive.tar.gz.gpg


                          It will ask you for a password.



                          Decrypt with:



                          gpg -d passwordprotectedarchive.tar.gz.gpg | tar xzvf -





                          share|improve this answer













                          Create with:



                          tar czvf - directory | gpg --symmetric --cipher-algo aes256 -o passwordprotectedarchive.tar.gz.gpg


                          It will ask you for a password.



                          Decrypt with:



                          gpg -d passwordprotectedarchive.tar.gz.gpg | tar xzvf -






                          share|improve this answer












                          share|improve this answer



                          share|improve this answer










                          answered May 23 '17 at 12:25









                          LHollemanLHolleman

                          1311




                          1311






























                              draft saved

                              draft discarded




















































                              Thanks for contributing an answer to Super User!


                              • Please be sure to answer the question. Provide details and share your research!

                              But avoid



                              • Asking for help, clarification, or responding to other answers.

                              • Making statements based on opinion; back them up with references or personal experience.


                              To learn more, see our tips on writing great answers.




                              draft saved


                              draft discarded














                              StackExchange.ready(
                              function () {
                              StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f162624%2fhow-to-password-protect-gzip-files-on-the-command-line%23new-answer', 'question_page');
                              }
                              );

                              Post as a guest















                              Required, but never shown





















































                              Required, but never shown














                              Required, but never shown












                              Required, but never shown







                              Required, but never shown

































                              Required, but never shown














                              Required, but never shown












                              Required, but never shown







                              Required, but never shown







                              Popular posts from this blog

                              Сан-Квентин

                              Алькесар

                              Josef Freinademetz