Yes, I know I updated the tools page and now recommend against encrypting with 7zip. But sometimes we have to do things we don’t want to do.
Like eat our vegetables. Wait. No, that’s actually good for you.
Whatever.
You get the idea.
Encrypting a file with 7zip is simple. Use the -p
option:
~$ 7z a archive.7z -pSTRONG_PASSWORD_THAT_IS_REALLY_LONG_HERE! folder/
7-Zip [64] 17.04 : Copyright (c) 1999-2021 Igor Pavlov : 2017-08-28
p7zip Version 17.04 (locale=utf8,Utf16=on,HugeFiles=on,64 bits,8 CPUs x64)
Scanning the drive:
1 folder, 4 files, 0 bytes
Creating archive: archive.7z
Items to compress: 5
Files read from disk: 0
Archive size: 186 bytes (1 KiB)
Everything is Ok
I have always loved 7zip’s attempt to make me feel better.
“Don’t worry. Everything is Ok.” :thumbs_up: :grinning_squinting_face:
Note: There is no space between the option and the password. That’s an oddity with 7z that I just don’t see with many other CLI tools.
You may notice, however, that when you go to list the contents of the archive, the folder and file names are listed without prompting for the password!
~$ 7z l archive.7z
7-Zip [64] 17.04 : Copyright (c) 1999-2021 Igor Pavlov : 2017-08-28
p7zip Version 17.04 (locale=utf8,Utf16=on,HugeFiles=on,64 bits,8 CPUs x64)
Scanning the drive for archives:
1 file, 186 bytes (1 KiB)
Listing archive: archive.7z
--
Path = archive.7z
Type = 7z
Physical Size = 186
Headers Size = 186
Solid = -
Blocks = 0
Date Time Attr Size Compressed Name
------------------- ----- ------------ ------------ ------------------------
2023-08-23 16:01:10 D.... 0 0 folder
2023-08-23 16:01:10 ....A 0 0 folder/bank_info.xlsx
2023-08-23 16:01:10 ....A 0 0 folder/classified.txt
2023-08-23 16:01:10 ....A 0 0 folder/file1.txt
2023-08-23 16:01:10 ....A 0 0 folder/file2.txt
------------------- ----- ------------ ------------ ------------------------
2023-08-23 16:01:10 0 0 4 files, 1 folders
Showing folder and file names without requiring the password is probably not acceptable for encrypted files. (Then again, ideally we wouldn’t be using 7zip for encryption, but….I already made that point.)
To encrypt the folder and file names, too, we need to use an option that only shows up on the man
page of 7zip and not in the CLI help output:
-mhe=on|off
7z format only : enables or disables archive header encryption (Default : off)
So all of this only works on the 7z format vs traditional zip, etc…
With this, our example changes to:
7z a archive.7z -mhe=on -pSTRONG_PASSWORD_THAT_IS_REALLY_LONG_HERE! folder/
The output is the same until the file contents are listed:
7z l archive.7z
7-Zip [64] 17.04 : Copyright (c) 1999-2021 Igor Pavlov : 2017-08-28
p7zip Version 17.04 (locale=utf8,Utf16=on,HugeFiles=on,64 bits,8 CPUs x64)
Scanning the drive for archives:
1 file, 221 bytes (1 KiB)
Listing archive: archive.7z
Enter password (will not be echoed):
--
Path = archive.7z
Type = 7z
Physical Size = 221
Headers Size = 221
Solid = -
Blocks = 0
Date Time Attr Size Compressed Name
------------------- ----- ------------ ------------ ------------------------
2023-08-23 16:01:10 D.... 0 0 folder
2023-08-23 16:01:10 ....A 0 0 folder/bank_info.xlsx
2023-08-23 16:01:10 ....A 0 0 folder/classified.txt
2023-08-23 16:01:10 ....A 0 0 folder/file1.txt
2023-08-23 16:01:10 ....A 0 0 folder/file2.txt
------------------- ----- ------------ ------------ ------------------------
2023-08-23 16:01:10 0 0 4 files, 1 folders
One other thing to note: encrypting a file in this manner will leave the password in your shell history file. I will leave as an exercise to the reader the following search: “HISTCONTROL=ignorespace” 😏