7za create AES256 password protected encrypted zip of a folder

4

I want to create an AES256 encrypted zip of a folder. I am on Mac and I want to create the zip file and store it in an external drive. I want to AES256 encrypt the file in case I lose the external drive, no one can read it.

I am using the command

7za a -tzip '-pPASSWORD' -mem=AES256 personal_data.zip /Users/myuser/personal_data

The directory /Users/myuser/personal_data has subfolders and files inside it.

When I extract, the directory structure is non retained and it extracts all the content, at the root of place where I extract.

I use below command to extract.

7za e personal_data.zip

I have two questions:

  1. How can I maintain the directory structure when it extracts?
  2. Is this the most secure way to store a Zip file with sensitive content on the personal system?

Thank you

user2230605

Posted 2018-06-17T05:47:35.933

Reputation: 151

Answers

3

Well first,
e Extract files from archive (without using directory names)
so you want to use
x eXtract files with full paths
instead to extract.

[I'm assuming the debian & mac versions of 7za are equivalent.]

It's definitely not the most secure method, for one your password could be getting stored in your .history file, or be easily visible from a process listing showing the full command line.

And 7z isn't an encryption / security program. Even if it does use AES256 competently, it might not be picking suitable random numbers, or could be making any number of seemingly tiny mistakes that drastically lower security. Look into using GPG instead (you can pipe into/out of it, as in tar ...|gpg... 7z can pipe in or out too but may have some trouble doing both at the same time).

Or an on-the-fly encryption like LUKS, or eCryptfs, or EncFS (maybe older, maybe unsupported, still appears functional), or even TrueCrypt/VeraCrypt, there's probably some mac-specific software too. Then you don't have to worry about unencrypted files, or their remnants lying around after deletion.

Xen2050

Posted 2018-06-17T05:47:35.933

Reputation: 12 097

Thank you x worked. I am planning to create an encrypted zip file and store it in external hard-drive. Do you still think, 7za way of saving file won't be safe? I get your point of .history. I will read about other options you suggested. Thank you. – user2230605 – 2018-06-17T07:03:34.567

Depends on your threat model. It could be "safe enough", should easily stop nosy friends & family, probably businesses, but gpg has stumped the biggest governments. The biggest threat IMO with storing an archive that has to be extracted to view is managing the unencrypted data, undeleting files from a drive is easy, and flash drives might quietly swap sectors making real overwriting impossible to verify (and overwriting/shreding doesn't always work on a hard drive either) – Xen2050 – 2018-06-17T07:11:54.567

I'd encrypt the entire external drive with LUKS or VeraCrypt (or even a combination for the paranoid, LUKS can be stacked [encrypt a LUKS device with LUKS again] and I think they can stack together too). Then the entire drive (or just a few partitions) is covered in case of loss/theft, and no unencrypted or undelete-able files are lying around either. – Xen2050 – 2018-06-17T07:27:05.080

Asked: 2018-06-17T05:47:35.933

Viewed: 2 116 times

Active: 2018-06-17T07:06:23.490