CODEWITHSUNDEEP
linuxbashencryptionzip
Kandrat
Kandrat

Reputation: 474

How zip file with encryption from bash script

I want to zip files in bash script with password and I need to send password when zip prompt for pass and verification.

Here is code and it still asks for pass and pass_confirm:

#!/bin/bash
DIRECTORY=.
for i in $DIRECTORY/*.tar; do
  echo 'mypassword' | zip -0 -e $i'.zip' $i;
done

How send pass from script to zip command?

Upvotes: 0

Views: 11667

Answers (3)

Erik B
Erik B

Reputation: 42554

It seems like the real problem here is that OP doesn't understand why -P is considered insecure.

  -P password
  --password password
         Use password to encrypt zipfile entries (if any).   THIS  IS  INSECURE!
         Many  multi-user operating systems provide ways for any user to see the
         current command line of any other user;  even  on  stand-alone  systems
         there  is  always the threat of over-the-shoulder peeking.  Storing the
         plaintext password as part of a command line in an automated script  is
         even worse.  Whenever possible, use the non-echoing, interactive prompt
         to enter passwords.  (And where security is truly important, use strong
         encryption  such  as Pretty Good Privacy instead of the relatively weak
         standard encryption provided by zipfile utilities.)

To summarise, the two reasons for it being considered insecure, is that other users of the system may be able to see your executed commands and that people in the room may be able to see your password on the screen. What your attempt completely misses is that "Storing the plaintext password as part of a command line in an automated script is even worse."

From a security point of view, there is absolutely no difference between:

echo 'mypassword' | zip -e "$i.zip" $i

and

zip -e "$i.zip" $i -P 'mypassword'

In both cases, your password is part of the command and in both cases you are storing your password in plaintext in a script.

What you need is for your script to handle your password securely:

password=$(get_password_in_secure_manner)
zip -e "$i.zip" $i -P $password

As you might realise get_password_in_secure_manner isn't a real command unless you implement it. It's just a placeholder for what you might do to get the password into your script securely.

In summary, -P isn't inherently insecure, it just facilitates insecure behaviour. It also facilitates scripting, which is what you are doing.

Upvotes: 2

Aman Saurav
Aman Saurav

Reputation: 826

Try this out it should work.

#!/bin/bash
DIRECTORY=.
for i in $DIRECTORY/*.tar; do
zip -0 -e $i'.zip' $i -P mypassword
done

Upvotes: 1

Aman Saurav
Aman Saurav

Reputation: 826

You can easily encrypt and decrypt ZIP files from the Linux command line without being prompted for the password. You can use the -P argument.

zip -P passw0rd secure.zip file
zip -P passw0rd secure.zip file1 file2 file3

Also note that the standard ZIP encryption is very weak and could be cracked easily.

Upvotes: -1

Related Questions