72

I'm using the Unix tar command as follows to tar up a directory and its files:

tar cvzf fileToTar.tgz directoryToTar

Is there a way to password protect the .tgz file? I've created password-protected ZIP files on Windows so I would assume Unix has the same capability. Any ideas?

vdd
  • 107
  • 2
c12
  • 821
  • 1
  • 6
  • 4

6 Answers6

56

Use crypt or gpg on the file.

Simple examples:

cat filename | crypt > filename.crypt

gpg -c –o filename.gpg filename

Tanky Woo
  • 165
  • 1
  • 1
  • 11
Christopher Neylan
  • 859
  • 9
  • 7
  • 5
    this makes no sense, where is the password? – Alexander Mills May 07 '19 at 19:27
  • 8
    @AlexanderMills Most password-accepting tools prompt the user for it from the terminal rather than a command line argument, as to prevent the password showing up in history. – Daffy May 26 '19 at 03:52
  • 5
    `crypt` should not be used since it is considered too cryptographically weak by modern standards, which is also why it isn't included with most Linux distros. – Snake Jan 28 '21 at 02:13
55

You can use command:

zip -P password file.zip file

Or better:

zip -e file.zip file

man zip
mtk
  • 1,137
  • 3
  • 17
  • 28
Panta
  • 651
  • 4
  • 2
  • Does zip know enough to scrub the password section of the command line the moment it's run so it doesn't show up (or only shows up for millicsonds) in a ps? That's human readable. – tgm1024--Monica was mistreated Aug 01 '19 at 17:40
  • 1
    No. My zip manpage has a warning to this effect: "THIS IS INSECURE! Many multi-user operating systems provide ways for any user to see the current command line of any other user; even on stand-alone systems there is always the threat of over-the-shoulder peeking." – saagarjha Jan 21 '20 at 22:30
  • 1
    The `-e` option should work. It says `Encrypt the contents of the zip archive using a password which is entered on the terminal in response to a prompt (this will not be echoed; if standard error is not a tty, zip will exit with an error). The password prompt is repeated to save the user from typing errors.` – Chai T. Rex Jan 25 '23 at 01:07
24

You can use gpg (=GnuPG):

gpg -o fileToTar.tgz.gpg --symmetric fileToTar.tgz

This will prompt you for a passphrase.

To decrypt the file later on, just do a:

gpg fileToTar.tgz.gpg

This will prompt you, again, for the passphrase.

thiagowfx
  • 1,718
  • 1
  • 16
  • 17
  • 2
    Note: `-c` is short for `--symmetric`, i.e., use the default symmetric cipher, which means that the same passphrase is used for both encryption and decryption. (As opposed to asymmetric, which involves public keys and private keys.) – Evgeni Sergeev Nov 24 '17 at 05:30
19

Neither the tar format nor the gz format has built-in support for password-protecting files.

The Windows zip format combines several different piece of functionality: compression (e.g. gzip), archiving multiple files into one (e.g. tar), encryption (e.g. gnupg), and probably others. Unix tends to have individual tools, each of which does one thing well, and lets you combine them.

The Unix equivalent of a password-protected .zip file would probably be called something like foo.tar.gz.gpg or foo.tgz.gpg.

And there are open-source zip and unzip tools for Unix, though they may not provide all the capabilities of the Windows versions (I'm fairly sure the newer .zipx format isn't supported).

Chris W. Rea
  • 10,740
  • 16
  • 76
  • 95
Keith Thompson
  • 5,075
  • 2
  • 25
  • 33
9

You can use ccrypt.

Things can be encrypted by a pipe:

tar cvvjf - /path/to/files | ccrypt > backup.tar.bz2.cpt

Or in place:

ccrypt backup.tar.bz2

For automating, you can save a passkey into a file and use this passkey to encrypt:

ccrypt -k ~/.passkey backup.tar.bz2
c4baf058
  • 388
  • 1
  • 3
  • 7
5

To zip a file with password run the following command:

zip -er name.zip folder/

It will show a prompt to enter a hidden password.

To unzip the file, run:

unzip name.zip

And enter the password you added before.

Ahmad Shbita
  • 81
  • 1
  • 3