affordableCebu total members
Home » Questions » Computers [ Ask a new question ]

Best Secure Encryption for Zip Files via Linux

Best Secure Encryption for Zip Files via Linux

I want to use highly secure encryption for zipped files via Linux/Ubuntu using a command line terminal, what is the best command line tool to get this job done?

Asked by: Guest | Views: 298
Total answers/comments: 2
Guest [Entry]

"The compression offered by 7zip (in the 7z format) is more secure than any of the ""standard"" methods or encrypting a zip format file (many of which date back years and are barely secure at all). In either case make sure you chose a good password/key - with a badly chosen password all encryption techniques are susceptible to dictionary/guess attacks.

If you are encrypting files to send to someone else, GPG would be better (see help.ubuntu.com/community/GnuPrivacyGuardHowto for some Ubuntu specific notes, or Google for many other similar resources) if the person you are sending to is capable+willing to use GPG/PGP/compatible (or is already using them). The standard GPG tools are command line driven so easy to work into scripts if you are archiving files regularly and want to automate it. This is public key based so removes the problem of trying to get the key to the recipient by secure means as you encrypt with their public key and only they have the private key needed to unlock the resulting file (even you, the person who encrypted the file in the first place, would not be able to decrypt it). For paranoia++, encrypt with 7zip as you make the archive then with the recipient's public key via GPG."
Guest [Entry]

"From the zip man page:

-P password
--password password
Use password to encrypt zipfile entries (if any). THIS IS INSECURE! Many multi-user operating systems provide ways
for any user to see the current command line of any other user; even on stand-alone systems there is always the
threat of over-the-shoulder peeking. Storing the plaintext password as part of a command line in an automated script
is even worse. Whenever possible, use the non-echoing, interactive prompt to enter passwords. (And where security
is truly important, use strong encryption such as Pretty Good Privacy instead of the relatively weak standard encryp-
tion provided by zipfile utilities.)

The upshot is that if your zip process takes a while, another user on the system might be able to see the command entered, which would include the password. oops. Presumably this applies to the .7z solution as well."