Linux ZIP command Examples for Compressing and Decompressing Files Securely

Satish Tiwary's picture
Compression and Decompression security

Zip utility is used to combine as well as compress files in Linux.In this article i have included the uses of zip command and how to secure zip files.As i am going to discuss zip related security topics here so i have included security related loopholes too and also the trick or idea to remove such loopholes  in detail with examples. We can see how zip utility is used and how it's beneficial to use as well as how to secure your zip files and what precautions you should take while zipping or while providing security to your zip files.To enhance security of zip files i have also included encryption and decryption concept a bit.

Zip utility is to compress or you can say zip a file or files or a directory but what matters is it's compression ratio. It can be used by different compression level and each level has it's own benefit and requirement which depends up on clients requirement.

An important fact to note here about zip command is that, your compression ration always depends upon the type of files that you are compressing. Zip,Gzip etc gives a wonderful compression ratio when used with simple text files. Hence you can compress your large log file for example, and achieve a good compression ratio. However if you compress some big video/audio files with zip or gzip, you will not get better results. Hence i would suggest to keep zip only to compress files with textual content.

 

How to zip a file using zip utility in Linux?

So now if you want to zip a file in Linux, you must have some files to zip.Here i have created three files satish.txt, sarath.txt and slashroot.txt just for testing purpose.

Let's have a look on the size of these files.

[root@localhost test]# ls -lh
total 196K
-rw-r--r-- 1 root root  12K Apr 19 05:26 sarath.txt
-rw-r--r-- 1 root root 113K Apr 19 05:26 satish.txt
-rw-r--r-- 1 root root  57K Apr 19 05:26 slashroot.txt


We can see the file sizes of sarath.txt, satish.txt and slashroot.txt  are 12K,113K and 57K respectively.

Now i am going to zip satish.txt file here.

 

[root@localhost test]# zip satish.zip satish.txt
  adding: satish.txt (deflated 98%)
[root@localhost test]# ls -lh
total 200K
-rw-r--r-- 1 root root  12K Apr 19 05:26 sarath.txt
-rw-r--r-- 1 root root 113K Apr 19 05:26 satish.txt
-rw-r--r-- 1 root root 2.1K Apr 19 05:27 satish.zip
-rw-r--r-- 1 root root  57K Apr 19 05:26 slashroot.txt

 

Now you can see the size of zip file is less than the size of original file. i.e satish.txt file.

The size of satish.txt was 113 KB while after zipping it's become 2.1KB only.It means 98% deflated.And hence you can see that by using zip command you have saved 98% of your Disk space here.

In this way you can keep approximately 2TB Data in a Hard Disk of size 1 TB (Provided you have a large number of big text files).I think it will be a quite nice idea to do so.Later i will also include the method to give protection to your zip files so that not only you can optimize your disk space usage but also you provide a layer of security to your files and folders.

 

Now how to unzip zip file back to original?

first i am going to remove the satish.txt file and then i will get it back by unziping satish.zip file using unzip command.

[root@localhost test]# rm -rf satish.txt

 

[root@localhost test]# unzip satish.zip
Archive:  satish.zip
  inflating: satish.txt              
[root@localhost test]#

How to zip multiple files and keep them inside a single file?

I have three files satish.txt, sarath.txt and slashroot.txt and i am going to zip them all at a time and archieve them inside a single file named allfiles.zip.

 

[root@localhost test]# zip allfiles.zip satish.txt sarath.txt slashroot.txt
  adding: satish.txt (deflated 98%)
  adding: sarath.txt (deflated 97%)
  adding: slashroot.txt (deflated 98%)
[root@localhost test]#

Now to see whether files are zipped or not, or if zipped how much deflated type the below command.

[root@localhost test]# ls -lh
total 200K
-rw-r--r-- 1 root root 3.7K Apr 19 06:01 allfiles.zip
-rw-r--r-- 1 root root  12K Apr 19 05:26 sarath.txt
-rw-r--r-- 1 root root 113K Apr 19 05:26 satish.txt
-rw-r--r-- 1 root root  57K Apr 19 05:26 slashroot.txt


Here you can compare the size easily and hence calculate how much compression is done by using simple mathematical calculation.

 

Now to unzip it you can simply use the unzip command.

Let remove the files first so that it does not ask for overwrite option.

[root@localhost test]# rm -rf sarath.txt satish.txt slashroot.txt

Now you can see we have only one zip file. so i am going to unzip it using unzip command.

[root@localhost test]# unzip allfiles.zip
Archive:  allfiles.zip
  inflating: satish.txt              
  inflating: sarath.txt              
  inflating: slashroot.txt

         

We can even use Encryption Decryption Technology with zip files to enhanced or to increase the security of Files.

 

How to Encrypt a zip file in Linux?

 

TRICK1:

For testing encryption decryption technology for zip files i have created a plain text file linux.txt.

Now i will first zip it and then i will encrypt the zip file.

[root@localhost test]# zip linux.zip linux.txt
  adding: linux.txt (deflated 9%)


Encrypting linux.zip file through gpg command:

 

[root@localhost test]# gpg -c linux.zip
gpg: directory `/root/.gnupg' created
gpg: new configuration file `/root/.gnupg/gpg.conf' created
gpg: WARNING: options in `/root/.gnupg/gpg.conf' are not yet active during this run
gpg: keyring `/root/.gnupg/pubring.gpg' created

passphrase:

 

gpg utility has been used here to encrypt the zip file.

-c option is used to create gpg based encrypted file.

 

VIEW THE ENCRYPTED FILE:

[root@localhost test]# ls -lh
total 208K
-rw-r--r-- 1 root root 3.7K Apr 19 06:01 allfiles.zip
-rw-r--r-- 1 root root  199 Apr 19 06:26 linux.zip
-rw-r--r-- 1 root root  188 Apr 19 07:10 linux.zip.gpg
-rw-r--r-- 1 root root  12K Apr 19 05:26 sarath.txt
-rw-r--r-- 1 root root 113K Apr 19 05:26 satish.txt
-rw-r--r-- 1 root root  57K Apr 19 05:26 slashroot.txt
[root@localhost test]#

you can see linux.zip.gpg file. This file is encrypted form of linux.zip and is protected by a passphrase.

Now let's see what heppens when we try to unzip that encrypted zip file.

[root@localhost test]# unzip linux.zip.gpg
Archive:  linux.zip.gpg
  End-of-central-directory signature not found.  Either this file is not
  a zipfile, or it constitutes one disk of a multi-part archive.  In the
  latter case the central directory and zipfile comment will be found on
  the last disk(s) of this archive.
unzip:  cannot find zipfile directory in one of linux.zip.gpg or
        linux.zip.gpg.zip, and cannot find linux.zip.gpg.ZIP, period.

 

so you can see that you cannot unzip it simply without decrypting it.

 

so Now how to Decrypt encrypted zip files?

[root@localhost test]# gpg linux.zip.gpg
gpg: keyring `/root/.gnupg/secring.gpg' created
gpg: CAST5 encrypted data
Enter passphrase:


now when you enter the passphrase which you have given during encryption time the file will be decrypted.

now see the output after decryption:

[root@localhost test]# ls -lh
total 208K
-rw-r--r-- 1 root root 3.7K Apr 19 06:01 allfiles.zip
-rw-r--r-- 1 root root  199 Apr 19 07:22 linux.zip
-rw-r--r-- 1 root root  188 Apr 19 07:10 linux.zip.gpg
-rw-r--r-- 1 root root  12K Apr 19 05:26 sarath.txt
-rw-r--r-- 1 root root 113K Apr 19 05:26 satish.txt
-rw-r--r-- 1 root root  57K Apr 19 05:26 slashroot.txt


How to give password to a ZIP file without encryption?

TRICK 2

In the previous method we saw above, we have protected the file with the help of encryption done by GPG command. Now if you dont want to encrypt your file but want to just give a minimal amount of security, then you can do that by locking your zip file with a password.

This can be done by -P option in the zip command. Lets see an example.

 

[root@localhost test]# zip -P redhat123 linux.zip linux.txt
  adding: linux.txt (deflated 9%)

 

  • In above command redhat123 is the password.
  • Linux.zip is password protected file now.
  • Linux.txt is the file on which we have implemented this security.

 

Now if you want to unzip linux.zip you must know the password.

[root@localhost test]# unzip linux.zip
Archive:  linux.zip
[linux.zip] linux.txt password:



You can even achieve the same result by compressing a whole directory instead of file. Lets see with an example. I will compress the whole /var/log/ directory and see what happens.

[root@localhost test]# zip -P redhat123  varlogprotected.zip /var/log/*
  adding: var/log/acpid (deflated 88%)
  adding: var/log/anaconda.log (deflated 87%)
  adding: var/log/anaconda.syslog (deflated 70%)
  adding: var/log/anaconda.xlog (deflated 77%)
  adding: var/log/audit/ (stored 0%)
  adding: var/log/boot.log (stored 0%)
  adding: var/log/boot.log.1 (stored 0%)
  adding: var/log/boot.log.2 (stored 0%)

The above shown command output is pretty long, as you are compressing all contents inside /var/log, due to which it might take some time.

 

LOOPHOLES IN ABOVE COMMAND:

The security implementation through the above method is not secure. There is a loopwhole in this technique. Using history command anyone can see your encryption password.

#history

 1013  cat linux.txt
 1014  zip -P redhat123 linux.zip linux.txt

you can clearly see the output of history command showing the applied password also. So this technique is not safe.


So let's see another method do that, in a much secure way.

 

TRICK3:

This Trick will remove the loopholes of TRICK2 i.e above technique.

[root@localhost test]# zip -e linux.zip linux.txt
Enter password:
Verify password:
  adding: linux.txt (deflated 9%)
[root@localhost test]#

In the above shown example, we have used -e option with zip command. Now if you read the man page for zip command in linux, you will come to know that -e option is used for both encrypting the file and also securing the encryption with the help of a password.

So here we are not using gpg for encryption but  we are using zip command itself for encryption as well as password protection.
 

Even we can protect or provide security to a complete directory in this way:

foe example i want to secure /var/log/ directory.

#zip -e varlogprotected.zip    /var/log/*

Now you can also unzip it by the below method

 

[root@localhost test]# unzip linux.zip
Archive:  linux.zip
[linux.zip] linux.txt password:

 

  • To unzip it you must know the password.Because Linux.zip is password protected.
  • This technique is able to remove the loopholes of TRICK2.

But even this technique has another loophole

 

LOOPHOLES OF TRICK3:

IF you carefully observe the output of the above command you can see that even without giving password anyone can know the name of the file or list of the files in that zip file.The name of all files can be disclosed even by typing wrong password.

 

Now let's remove the security issues in TRICK 3

 

TRICK4:

The major problem with the previous method, was that, a normal user can see the content of the zip file. We can solve this problem by making an archive of the file.

Archive does simply create one file that contains all the required file. making an archive of your required files and then zipping it will provide more security because a user will be unable to see the content of the archive.

[root@localhost test]# ls
linux.txt  sarath.txt  satish.txt  slashroot.txt

so you can see four text files here. now i am going to provide security while zipping on these files with other method. i.e TRICK4. As told, we will be making an archive with tar command first.

[root@localhost test]# tar -cvzf securefile.tgz *.txt
linux.txt
sarath.txt
satish.txt
slashroot.txt

Now let's zip that archived file with the help the same zip command and -e option.

[root@localhost test]# zip -e securezip securefile.tgz
Enter password:
Verify password:
  adding: securefile.tgz (deflated 77%)


Now let's see what happen's when you unzip that file. It will surely ask for password, but will not reveal the names of the file inside it. Because the files are inside the archive.

[root@localhost test]# ls
securezip.zip
[root@localhost test]# unzip securezip.zip
Archive:  securezip.zip
[securezip.zip] securefile.tgz password:

 

Now if you type the correct password you got the .tgz  file which then you need to just extract using tar command.        

[root@localhost test]# ls
securefile.tgz  securezip.zip

How to extract .tgz files?

Note: .tar.gz and .tgz are same.

[root@localhost test]# tar -xvzf securefile.tgz
linux.txt
sarath.txt
satish.txt
slashroot.txt

[root@localhost test]# ls
linux.txt  sarath.txt  satish.txt  securefile.tgz  securezip.zip  slashroot.txt
[root@localhost test]#



Now how to validate a zip archive without extracting?

[root@localhost test]# unzip -t securezip.zip
Archive:  securezip.zip
[securezip.zip] securefile.tgz password:
    testing: securefile.tgz           OK
No errors detected in compressed data of securezip.zip.

You can cleary see that no error is detected in compressed data of securezip.zip file.

 

How to zip a directory and its sub-directories recursively?


I am going to zip /var/spool/ directory with all its subdirectory and files.

[root@localhost test]# zip -r var-spool.zip /var/spool/
  adding: var/spool/ (stored 0%)
  adding: var/spool/mail/ (stored 0%)
  adding: var/spool/mail/p4 (stored 0%)

 

How to see a detailed output while unzipping files

You can simply use the verbose mode for seeing a detailed output while unzipping.

[root@localhost test]# unzip -v varspool.zip
Archive:  varspool.zip
 Length   Method    Size  Ratio   Date   Time   CRC-32    Name
--------  ------  ------- -----   ----   ----   ------    ----
       0  Stored        0   0%  03-14-13 23:23  00000000  var/spool/
       0  Stored        0   0%  03-14-13 23:30  00000000  var/spool/anacron/
       0  Stored        0   0%  04-14-13 05:58  00000000  var/spool/at/
       0  Stored        0   0%  04-23-13 01:35  00000000  var/spool/clientmqueue/
       0  Stored        0   0%  07-15-08 10:41  00000000  var/spool/cron/
       0  Stored        0   0%  03-14-13 23:18  00000000  var/spool/cups/
       0  Stored        0   0%  08-08-08 11:26  00000000  var/spool/lpd/
       0  Stored        0   0%  04-23-13 01:35  00000000  var/spool/mail/
       0  Stored        0   0%  04-23-13 01:35  00000000  var/spool/mqueue/
       0  Stored        0   0%  07-24-09 01:56  00000000  var/spool/repackage/
       0  Stored        0   0%  06-08-09 17:39  00000000  var/spool/vbox/
--------          -------  ---                            -------
       0                0   0%                            11 files
[root@localhost test]#

 

COMPRESSION LEVEL PROVIDED BY ZIP COMMAND:

Zip command supports 10 level of compression starting from level 0 which is lowest level to level 9 which is maximum compression level.

ZIP compression Level 0:

Level 0 does not compress files. It just archives them.

[root@localhost test]# zip -0 level0.zip *.txt
  adding: linux.txt (stored 0%)
  adding: sarath.txt (stored 0%)
  adding: satish.txt (stored 0%)
  adding: slashroot.txt (stored 0%)
[root@localhost test]# ls -lh
total 388K
-rw-r--r-- 1 root root 181K Apr 24 01:07 level0.zip
-rw-r--r-- 1 root root   54 Apr 19 06:21 linux.txt
-rw-r--r-- 1 root root  12K Apr 19 05:26 sarath.txt
-rw-r--r-- 1 root root 113K Apr 19 05:26 satish.txt
-rw-r--r-- 1 root root  57K Apr 19 05:26 slashroot.txt


ZIP compression Level 1:

Level 1 compression speed is very fast but will do just a little compression.

[root@localhost test]# zip -1 level1.zip *.txt
  adding: linux.txt (deflated 9%)
  adding: sarath.txt (deflated 96%)
  adding: satish.txt (deflated 97%)
  adding: slashroot.txt (deflated 97%)

You can clearly see the compression level of level 1 is more than level 0.

ZIP compression Level 6:(which is bydefault compression Level)

[root@localhost test]# zip  level6.zip *.txt
  adding: linux.txt (deflated 9%)
  adding: sarath.txt (deflated 97%)
  adding: satish.txt (deflated 98%)
  adding: slashroot.txt (deflated 98%)

Now you can clearly see that compression level of level 6 is more than its previous compression levels.

ZIP compression Level 9:(MAXIMUM COMPRESSION)

This compression level is little bit slow compared to other compression level.

[root@localhost test]# zip  -9 level9.zip *.txt
  adding: linux.txt (deflated 9%)
  adding: sarath.txt (deflated 98%)
  adding: satish.txt (deflated 99%)
  adding: slashroot.txt (deflated 99%)

Hence you can see the compression level 9 is maximum.

1.9K<3.9K<5.6K<181K

Hence you can see the compression level in decreasing order.

 

OPENSSL BASED SECURITY FOR ZIP FILES

Lets see how to encrypt a zip file with the help of openssl.

I am going to show you how to encrypt a zip file using openssl command.And for demonstartion i am going to use level6.zip file in use here.

[root@localhost test]# openssl des3 -salt -in level6.zip -out level6zip.des3
enter des-ede3-cbc encryption password: Verifying - enter des-ede3-cbc encryption password:

In the above example, i have used DES encryption algorithm to encrypt files.  Here am just showing just another method for securing your zip files.

Now how to decrypt encrypted zip file?

here i am going to decrypt level6zip.des3 file and redirect it's output to decryptedfile.zip.

[root@localhost test]# openssl des3 -d -salt -in level6zip.des3 -out decryptedfile.zip
enter des-ede3-cbc decryption password:

 

How to create an MD5 or Sha1 Digest of a zip file?

[root@localhost test]# openssl dgst -md5 decryptedfile.zip
MD5(decryptedfile.zip)= 8aec575873fd14b9c7ac738073e2e95d



                     or

 

[root@localhost test]# md5sum decryptedfile.zip
8aec575873fd14b9c7ac738073e2e95d  decryptedfile.zip

you can see both command is same.
 

Example showing how to create a sha1 value of a zip file.

[root@localhost test]# openssl dgst -sha1 decryptedfile.zip
SHA1(decryptedfile.zip)= b833d6dc64762a2afb1804109a3e79573b7af987

 

                      or

[root@localhost test]# sha1sum decryptedfile.zip
b833d6dc64762a2afb1804109a3e79573b7af987  decryptedfile.zip

Both command is same here too.

 

 

Rate this article: 
Average: 4.2 (38 votes)

Comments

awesome

Hi It is very nice tutorial..
I want to know the use of md5 and Sha1 encryption.. can u please explain it with example..and what is the advantage of having md5 and Sha1 encryption and how it is being used in zip files.

Very Useful

Add new comment

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Type the characters you see in this picture. (verify using audio)
Type the characters you see in the picture above; if you can't read them, submit the form and a new image will be generated. Not case sensitive.