How to create an encrypted zip file on Linux

Suppose you want to create a zip archive, but with password protection, so that whoever tries to uncompress the zip file must know the right password. On Linux, there are several ways to encrypt and password protect a zip file.

In this tutorial, I will describe how to create an encrypted zip file on Linux.

Method One

The zip command line tool provides an encryption option. The encryption algorithm used by zip command is PKZIP stream cipher. The PKZIP algorithm is known to be insecure. Also, the fact that the password is typed and shown in plain text makes it even more vulnerable.

To create an encrypted zip file with zip:

$ zip --password MY_SECRET secure.zip doc.pdf doc2.pdf doc3.pdf

To uncompress a zip file that is encrypted with zip command:

$ unzip secure.zip
Archive:  secure.zip
[secure.zip] doc.pdf password:

Method Two

7z file archiver can produce zip-format archives with more secure encryption scheme. According to the official description, 7z archiver supports AES-256 encryption algorithm with SHA-256 hash algorithm based key generation.

To create an encrypted zip file with 7z archiver:

$ 7za a -tzip -pMY_SECRET -mem=AES256 secure.zip doc.pdf doc2.pdf doc3.pdf

To uncompress a zip file that is encrypted with 7za command:

$ 7za e secure.zip
7-Zip (A) [64] 9.20  Copyright (c) 1999-2010 Igor Pavlov  2010-11-18
p7zip Version 9.20 (locale=en_US.UTF-8,Utf16=on,HugeFiles=on,8 CPUs)

Processing archive: secure.zip

Extracting  doc.pdf
Enter password (will not be echoed) :

Method Three

Another way to create a secure zip archive is to use GnuPG's symmetric key encryption.

To create an encrypted compressed tar archive with GnuPG:

$ tar czvpf - doc.pdf doc2.pdf doc3.pdf | gpg --symmetric --cipher-algo aes256 -o secure.tar.gz.gpg

To uncompress an archive file encrypted with GnuPG:

$ gpg -d secure.tar.gz.gpg | tar xzvf -

Method Four

If you use Nautilus file manager on your Linux desktop, you can use Nautilus GUI to create a password-protected zip file easily.

First, highlight a set of files to include in the archive. Then right-click them, and choose "Compression" option.

Fill in the archive file name, and select ".zip" suffix (or ".7z" if you have installed 7z archiver). Click on "Other Options" and fill in your password. Underneath Nautilus, it will use zip command to create an encrypted archive.

Subscribe to Xmodulo

Do you want to receive Linux FAQs, detailed tutorials and tips published at Xmodulo? Enter your email address below, and we will deliver our Linux posts straight to your email box, for free. Delivery powered by Google Feedburner.

6 thoughts on “How to create an encrypted zip file on Linux

  1. In case you're just a 'little bit' paranoid, this is a great way to upload your data to the cloud and not have to worry. Also check out openssl. And for you NSA whisteblowers, feel free to add as many layers of encryption as you like. If it takes 1 million years to brute force your archive then you win.

  2. You can add the "bcrypt" command to those mentioned in the article. This is my favorite encryption tool.

    • You can remove -a if you need the encrypted file in binary form and of course the arguments to -in and -out are your input and output files for encryption and decryption steps.

  3. @Arul
    can also use for entire directory gpg-zip

    for encryption:
    gpg-zip -c -o output.gpg dirname

    and for decryption:
    gpg-zip -d output.gpg

Leave a comment

Your email address will not be published. Required fields are marked *

Current day month ye@r *