48
20
I'm using the Unix tar command as follows to tar up a directory and its files:
tar cvzf fileToTar.tgz directoryToTar
Is there a way to password protect the .tgz file? I've created password-protected ZIP files on Windows so I would assume Unix has the same capability. Any ideas?
c12
Posted 2011-12-21T19:00:31.360
Reputation: 581
37
You can use command:
zip -P password file.zip file
Or better:
zip -e file.zip file
man zip
Panta
Posted 2011-12-21T19:00:31.360
Reputation: 471
Does zip know enough to scrub the password section of the command line the moment it's run so it doesn't show up (or only shows up for millicsonds) in a ps? That's human readable. – tgm1024--Monica was mistreated – 2019-08-01T17:40:39.270
No. My zip manpage has a warning to this effect: "THIS IS INSECURE! Many multi-user operating systems provide ways for any user to see the current command line of any other user; even on stand-alone systems there is always the threat of over-the-shoulder peeking." – saagarjha – 2020-01-21T22:30:04.613
17
Neither the tar format nor the gz format has built-in support for password-protecting files.
The Windows zip format combines several different piece of functionality: compression (e.g. gzip), archiving multiple files into one (e.g. tar), encryption (e.g. gnupg), and probably others. Unix tends to have individual tools, each of which does one thing well, and lets you combine them.
The Unix equivalent of a password-protected .zip file would probably be called something like foo.tar.gz.gpg or foo.tgz.gpg.
And there are open-source zip and unzip tools for Unix, though they may not provide all the capabilities of the Windows versions (I'm fairly sure the newer .zipx format isn't supported).
Keith Thompson
Posted 2011-12-21T19:00:31.360
Reputation: 4 645
14
You can use gpg (=GnuPG):
gpg -o fileToTar.tgz.gpg --symmetric fileToTar.tgz
This will prompt you for a passphrase.
To decrypt the file later on, just do a:
gpg fileToTar.tgz.gpg
This will prompt you, again, for the passphrase.
thiagowfx
Posted 2011-12-21T19:00:31.360
Reputation: 1 514
1Note: -c is short for --symmetric, i.e., use the default symmetric cipher, which means that the same passphrase is used for both encryption and decryption. (As opposed to asymmetric, which involves public keys and private keys.) – Evgeni Sergeev – 2017-11-24T05:30:35.720
8
You can use ccrypt.
Things can be encrypted by a pipe:
tar cvvjf - /path/to/files | ccrypt > backup.tar.bz2.cpt
Or in place:
ccrypt backup.tar.bz2
For automating, you can save a passkey into a file and use this passkey to encrypt:
ccrypt -k ~/.passkey backup.tar.bz2
c4baf058
Posted 2011-12-21T19:00:31.360
Reputation: 368
3this makes no sense, where is the password? – Alexander Mills – 2019-05-07T19:27:09.200
4@AlexanderMills Most password-accepting tools prompt the user for it from the terminal rather than a command line argument, as to prevent the password showing up in history. – Daffy – 2019-05-26T03:52:52.510