How to password protect gzip files on the command line?
you have to apply the unix-philosophy to this task: one tool for each task.
tarring and compression is a job for tar
and gzip
or bzip2
, crypto is a job for either gpg
or openssl
:
Encrypt
% tar cz folder_to_encrypt | \
openssl enc -aes-256-cbc -e > out.tar.gz.enc
Decrypt
% openssl enc -aes-256-cbc -d -in out.tar.gz.enc | tar xz
Or using gpg
% gpg --encrypt out.tar.gz
the openssl-variant uses symetric encryption, you would have to tell the receiving party about the used 'password' (aka 'the key'). the gpg-variant uses a combination of symetric and asymetric encryption, you use the key of the receiving party (which means that you do not have to tell any password involved to anyone) to create a session key and crypt the content with that key.
if you go the zip (or 7z) route: essentially that is the same as the openssl-variant, you have to tell the receiving party about the password.
If your intent is to just password protect files, then use the hand zip utility through command line
zip -e <file_name>.zip <list_of_files>
-e asks the zip utility to encrypt the files mentioned in
Working example:
$ touch file_{0,1}.txt # creates blank files file_0 & file_1
$ zip -e file.zip file_* # ask zip to encrypt
$ ENTER PASSWORD:
$ VERIFY PASSWORD:
$ ls file*
Here's a few ways to do this. One thing to note is that if you're going to use separate compression and encryption tools you should always compress before encryption, since encrypted data is essentially non-compressible.
These examples compress and encrypt a file called clear_text
.
Using gpg
$ gpg -c clear_text #Compress & Encrypt
$ gpg -d clear_text.gpg #Decrypt & Decompress
gpg will compress the input file before encryption by default, -c
means to use symmetric encryption with a password. The output file will be clear_text.gpg
. One benefit of using gpg
is that is uses standard OpenPGP formats, so any encryption software that supports OpenPGP will be able to decrypt it.
Using mcrypt
$ mcrypt -z clear_text #Compress & Encrypt
$ mdecrypt -z clear_text.gz.nc #Decrypt & Decompress
The -z
option compresses. By default this outputs a file called clear_text.gz.nc
.
Using bcrypt
$ bcrypt -r clear_text #Compress & Encrypt
$ bcrypt -r clear_text.bfe #Decrypt & Decompress
bcrypt compresses before encrypting by default, the -r
option is so that the input file isn't deleted in the process. The output file is called clear_text.bfe
by default.
Using gzip
and aespipe
$ cat clear_text | gzip | aespipe > clear_text.gz.aes #Compress & Encrypt
$ cat clear_text.gz.aes | aespipe -d | gunzip > clear_text #Decrypt & Decompress
aespipe is what it sounds like, a program that takes input on stdin and outputs aes encrypted data on stdout. It doesn't support compression, so you can pipe the input through gzip first. Since the output goes to stdout you'll have to redirect it to a file with a name of your own choosing. Probably not the most effective way to do what you're asking but aespipe is a versatile tool so I thought it was worth mentioning.