Like eat our vegetables. Wait. No, that’s actually good for you.

Whatever.

You get the idea.

Encrypting a file with 7zip is simple. Use the -p option:

~$ 7z a archive.7z -pSTRONG_PASSWORD_THAT_IS_REALLY_LONG_HERE! folder/

7-Zip [64] 17.04 : Copyright (c) 1999-2021 Igor Pavlov : 2017-08-28
p7zip Version 17.04 (locale=utf8,Utf16=on,HugeFiles=on,64 bits,8 CPUs x64)

Scanning the drive:
1 folder, 4 files, 0 bytes

Creating archive: archive.7z

Items to compress: 5

    
Files read from disk: 0
Archive size: 186 bytes (1 KiB)
Everything is Ok

I have always loved 7zip’s attempt to make me feel better.

“Don’t worry. Everything is Ok.” :thumbs_up: :grinning_squinting_face:

Note: There is no space between the option and the password. That’s an oddity with 7z that I just don’t see with many other CLI tools.

You may notice, however, that when you go to list the contents of the archive, the folder and file names are listed without prompting for the password!

~$ 7z l archive.7z                   

7-Zip [64] 17.04 : Copyright (c) 1999-2021 Igor Pavlov : 2017-08-28
p7zip Version 17.04 (locale=utf8,Utf16=on,HugeFiles=on,64 bits,8 CPUs x64)

Scanning the drive for archives:
1 file, 186 bytes (1 KiB)

Listing archive: archive.7z

--
Path = archive.7z
Type = 7z
Physical Size = 186
Headers Size = 186
Solid = -
Blocks = 0

   Date      Time    Attr         Size   Compressed  Name
------------------- ----- ------------ ------------  ------------------------
2023-08-23 16:01:10 D....            0            0  folder
2023-08-23 16:01:10 ....A            0            0  folder/bank_info.xlsx
2023-08-23 16:01:10 ....A            0            0  folder/classified.txt
2023-08-23 16:01:10 ....A            0            0  folder/file1.txt
2023-08-23 16:01:10 ....A            0            0  folder/file2.txt
------------------- ----- ------------ ------------  ------------------------
2023-08-23 16:01:10                  0            0  4 files, 1 folders

Showing folder and file names without requiring the password is probably not acceptable for encrypted files. (Then again, ideally we wouldn’t be using 7zip for encryption, but….I already made that point.)

To encrypt the folder and file names, too, we need to use an option that only shows up on the man page of 7zip and not in the CLI help output:

-mhe=on|off
   7z format only : enables or disables archive header encryption (Default : off)

So all of this only works on the 7z format vs traditional zip, etc…

With this, our example changes to:

7z a archive.7z -mhe=on -pSTRONG_PASSWORD_THAT_IS_REALLY_LONG_HERE! folder/

The output is the same until the file contents are listed:

7z l archive.7z                           

7-Zip [64] 17.04 : Copyright (c) 1999-2021 Igor Pavlov : 2017-08-28
p7zip Version 17.04 (locale=utf8,Utf16=on,HugeFiles=on,64 bits,8 CPUs x64)

Scanning the drive for archives:
1 file, 221 bytes (1 KiB)

Listing archive: archive.7z


Enter password (will not be echoed):
--
Path = archive.7z
Type = 7z
Physical Size = 221
Headers Size = 221
Solid = -
Blocks = 0

   Date      Time    Attr         Size   Compressed  Name
------------------- ----- ------------ ------------  ------------------------
2023-08-23 16:01:10 D....            0            0  folder
2023-08-23 16:01:10 ....A            0            0  folder/bank_info.xlsx
2023-08-23 16:01:10 ....A            0            0  folder/classified.txt
2023-08-23 16:01:10 ....A            0            0  folder/file1.txt
2023-08-23 16:01:10 ....A            0            0  folder/file2.txt
------------------- ----- ------------ ------------  ------------------------
2023-08-23 16:01:10                  0            0  4 files, 1 folders

One other thing to note: encrypting a file in this manner will leave the password in your shell history file. I will leave as an exercise to the reader the following search: “HISTCONTROL=ignorespace” 😏

I originally posted this entry on our family’s Wordpress blog, back in 2013. I decided to repost here, since it’s still relevant and fits better here anyway…

Recently, the NSA declassified 136 issues of their monthly internal publication, “Cryptolog”, and released them in PDF versions for public consumption. (alternate Cryptome archive) As a geek this was/is very exciting for me.

Without a great deal of time to read through them, I decided to briefly peruse the edition published the month I was born (Volume V, No 3 – Yes I’m a young whippersnapper) and quickly moved to the article entitled “I had ‘Animal Crackers in my soup,’ but you’ve got a donkey in your WHAT?”.

What immediately struck me was that we’re still fighting the same mindset: the mindset that we can determine the health/security/etc of a given system simply by looking at a few numbers on a regular basis.

Many will not discover, until a “dead donkey” of some sort shows up in their shop, that statistics, as useful as they can be, are not meant to be the end-all. Their purpose is to indicate, hint, or suggest that a problem might exist. They may highlight a known problem or aid a manager in distinguishing between a symptom and an underlying cause. At that point the computerized report has done as much as it can ever do.

Yet we still try to manage to the numbers. Some things never change, I guess.