Linux ZIP command Examples for Compressing and Decompressing Files Securely
Zip utility is used to combine as well as compress files in Linux.In this article i have included the uses of zip command and how to secure zip files.As i am going to discuss zip related security topics here so i have included security related loopholes too and also the trick or idea to remove such loopholes in detail with examples. We can see how zip utility is used and how it's beneficial to use as well as how to secure your zip files and what precautions you should take while zipping or while providing security to your zip files.To enhance security of zip files i have also included encryption and decryption concept a bit.
Zip utility is to compress or you can say zip a file or files or a directory but what matters is it's compression ratio. It can be used by different compression level and each level has it's own benefit and requirement which depends up on clients requirement.
An important fact to note here about zip command is that, your compression ration always depends upon the type of files that you are compressing. Zip,Gzip etc gives a wonderful compression ratio when used with simple text files. Hence you can compress your large log file for example, and achieve a good compression ratio. However if you compress some big video/audio files with zip or gzip, you will not get better results. Hence i would suggest to keep zip only to compress files with textual content.
How to zip a file using zip utility in Linux?
So now if you want to zip a file in Linux, you must have some files to zip.Here i have created three files satish.txt, sarath.txt and slashroot.txt just for testing purpose.
Let's have a look on the size of these files.
[root@localhost test]# ls -lh total 196K -rw-r--r-- 1 root root 12K Apr 19 05:26 sarath.txt -rw-r--r-- 1 root root 113K Apr 19 05:26 satish.txt -rw-r--r-- 1 root root 57K Apr 19 05:26 slashroot.txt
We can see the file sizes of sarath.txt, satish.txt and slashroot.txt are 12K,113K and 57K respectively.
Now i am going to zip satish.txt file here.
[root@localhost test]# zip satish.zip satish.txt adding: satish.txt (deflated 98%) [root@localhost test]# ls -lh total 200K -rw-r--r-- 1 root root 12K Apr 19 05:26 sarath.txt -rw-r--r-- 1 root root 113K Apr 19 05:26 satish.txt -rw-r--r-- 1 root root 2.1K Apr 19 05:27 satish.zip -rw-r--r-- 1 root root 57K Apr 19 05:26 slashroot.txt
Now you can see the size of zip file is less than the size of original file. i.e satish.txt file.
The size of satish.txt was 113 KB while after zipping it's become 2.1KB only.It means 98% deflated.And hence you can see that by using zip command you have saved 98% of your Disk space here.
In this way you can keep approximately 2TB Data in a Hard Disk of size 1 TB (Provided you have a large number of big text files).I think it will be a quite nice idea to do so.Later i will also include the method to give protection to your zip files so that not only you can optimize your disk space usage but also you provide a layer of security to your files and folders.
Now how to unzip zip file back to original?
first i am going to remove the satish.txt file and then i will get it back by unziping satish.zip file using unzip command.
[root@localhost test]# rm -rf satish.txt
[root@localhost test]# unzip satish.zip Archive: satish.zip inflating: satish.txt [root@localhost test]#
How to zip multiple files and keep them inside a single file?
I have three files satish.txt, sarath.txt and slashroot.txt and i am going to zip them all at a time and archieve them inside a single file named allfiles.zip.
[root@localhost test]# zip allfiles.zip satish.txt sarath.txt slashroot.txt adding: satish.txt (deflated 98%) adding: sarath.txt (deflated 97%) adding: slashroot.txt (deflated 98%) [root@localhost test]#
Now to see whether files are zipped or not, or if zipped how much deflated type the below command.
[root@localhost test]# ls -lh total 200K -rw-r--r-- 1 root root 3.7K Apr 19 06:01 allfiles.zip -rw-r--r-- 1 root root 12K Apr 19 05:26 sarath.txt -rw-r--r-- 1 root root 113K Apr 19 05:26 satish.txt -rw-r--r-- 1 root root 57K Apr 19 05:26 slashroot.txt
Here you can compare the size easily and hence calculate how much compression is done by using simple mathematical calculation.
Now to unzip it you can simply use the unzip command.
Let remove the files first so that it does not ask for overwrite option.
[root@localhost test]# rm -rf sarath.txt satish.txt slashroot.txt
Now you can see we have only one zip file. so i am going to unzip it using unzip command.
[root@localhost test]# unzip allfiles.zip Archive: allfiles.zip inflating: satish.txt inflating: sarath.txt inflating: slashroot.txt
We can even use Encryption Decryption Technology with zip files to enhanced or to increase the security of Files.
How to Encrypt a zip file in Linux?
TRICK1:
For testing encryption decryption technology for zip files i have created a plain text file linux.txt.
Now i will first zip it and then i will encrypt the zip file.
[root@localhost test]# zip linux.zip linux.txt adding: linux.txt (deflated 9%)
Encrypting linux.zip file through gpg command:
[root@localhost test]# gpg -c linux.zip gpg: directory `/root/.gnupg' created gpg: new configuration file `/root/.gnupg/gpg.conf' created gpg: WARNING: options in `/root/.gnupg/gpg.conf' are not yet active during this run gpg: keyring `/root/.gnupg/pubring.gpg' created passphrase:
gpg utility has been used here to encrypt the zip file.
-c option is used to create gpg based encrypted file.
VIEW THE ENCRYPTED FILE:
[root@localhost test]# ls -lh total 208K -rw-r--r-- 1 root root 3.7K Apr 19 06:01 allfiles.zip -rw-r--r-- 1 root root 199 Apr 19 06:26 linux.zip -rw-r--r-- 1 root root 188 Apr 19 07:10 linux.zip.gpg -rw-r--r-- 1 root root 12K Apr 19 05:26 sarath.txt -rw-r--r-- 1 root root 113K Apr 19 05:26 satish.txt -rw-r--r-- 1 root root 57K Apr 19 05:26 slashroot.txt [root@localhost test]#
you can see linux.zip.gpg file. This file is encrypted form of linux.zip and is protected by a passphrase.
Now let's see what heppens when we try to unzip that encrypted zip file.
[root@localhost test]# unzip linux.zip.gpg Archive: linux.zip.gpg End-of-central-directory signature not found. Either this file is not a zipfile, or it constitutes one disk of a multi-part archive. In the latter case the central directory and zipfile comment will be found on the last disk(s) of this archive. unzip: cannot find zipfile directory in one of linux.zip.gpg or linux.zip.gpg.zip, and cannot find linux.zip.gpg.ZIP, period.
so you can see that you cannot unzip it simply without decrypting it.
so Now how to Decrypt encrypted zip files?
[root@localhost test]# gpg linux.zip.gpg gpg: keyring `/root/.gnupg/secring.gpg' created gpg: CAST5 encrypted data Enter passphrase:
now when you enter the passphrase which you have given during encryption time the file will be decrypted.
now see the output after decryption:
[root@localhost test]# ls -lh total 208K -rw-r--r-- 1 root root 3.7K Apr 19 06:01 allfiles.zip -rw-r--r-- 1 root root 199 Apr 19 07:22 linux.zip -rw-r--r-- 1 root root 188 Apr 19 07:10 linux.zip.gpg -rw-r--r-- 1 root root 12K Apr 19 05:26 sarath.txt -rw-r--r-- 1 root root 113K Apr 19 05:26 satish.txt -rw-r--r-- 1 root root 57K Apr 19 05:26 slashroot.txt
How to give password to a ZIP file without encryption?
TRICK 2
In the previous method we saw above, we have protected the file with the help of encryption done by GPG command. Now if you dont want to encrypt your file but want to just give a minimal amount of security, then you can do that by locking your zip file with a password.
This can be done by -P option in the zip command. Lets see an example.
[root@localhost test]# zip -P redhat123 linux.zip linux.txt adding: linux.txt (deflated 9%)
- In above command redhat123 is the password.
- Linux.zip is password protected file now.
- Linux.txt is the file on which we have implemented this security.
Now if you want to unzip linux.zip you must know the password.
[root@localhost test]# unzip linux.zip Archive: linux.zip [linux.zip] linux.txt password:
You can even achieve the same result by compressing a whole directory instead of file. Lets see with an example. I will compress the whole /var/log/ directory and see what happens.
[root@localhost test]# zip -P redhat123 varlogprotected.zip /var/log/* adding: var/log/acpid (deflated 88%) adding: var/log/anaconda.log (deflated 87%) adding: var/log/anaconda.syslog (deflated 70%) adding: var/log/anaconda.xlog (deflated 77%) adding: var/log/audit/ (stored 0%) adding: var/log/boot.log (stored 0%) adding: var/log/boot.log.1 (stored 0%) adding: var/log/boot.log.2 (stored 0%)
The above shown command output is pretty long, as you are compressing all contents inside /var/log, due to which it might take some time.
LOOPHOLES IN ABOVE COMMAND:
The security implementation through the above method is not secure. There is a loopwhole in this technique. Using history command anyone can see your encryption password.
#history 1013 cat linux.txt 1014 zip -P redhat123 linux.zip linux.txt
you can clearly see the output of history command showing the applied password also. So this technique is not safe.
So let's see another method do that, in a much secure way.
TRICK3:
This Trick will remove the loopholes of TRICK2 i.e above technique.
[root@localhost test]# zip -e linux.zip linux.txt Enter password: Verify password: adding: linux.txt (deflated 9%) [root@localhost test]#
In the above shown example, we have used -e option with zip command. Now if you read the man page for zip command in linux, you will come to know that -e option is used for both encrypting the file and also securing the encryption with the help of a password.
So here we are not using gpg for encryption but we are using zip command itself for encryption as well as password protection.
Even we can protect or provide security to a complete directory in this way:
foe example i want to secure /var/log/ directory.
#zip -e varlogprotected.zip /var/log/*
Now you can also unzip it by the below method
[root@localhost test]# unzip linux.zip Archive: linux.zip [linux.zip] linux.txt password:
- To unzip it you must know the password.Because Linux.zip is password protected.
- This technique is able to remove the loopholes of TRICK2.
But even this technique has another loophole
LOOPHOLES OF TRICK3:
IF you carefully observe the output of the above command you can see that even without giving password anyone can know the name of the file or list of the files in that zip file.The name of all files can be disclosed even by typing wrong password.
Now let's remove the security issues in TRICK 3
TRICK4:
The major problem with the previous method, was that, a normal user can see the content of the zip file. We can solve this problem by making an archive of the file.
Archive does simply create one file that contains all the required file. making an archive of your required files and then zipping it will provide more security because a user will be unable to see the content of the archive.
[root@localhost test]# ls linux.txt sarath.txt satish.txt slashroot.txt
so you can see four text files here. now i am going to provide security while zipping on these files with other method. i.e TRICK4. As told, we will be making an archive with tar command first.
[root@localhost test]# tar -cvzf securefile.tgz *.txt linux.txt sarath.txt satish.txt slashroot.txt
Now let's zip that archived file with the help the same zip command and -e option.
[root@localhost test]# zip -e securezip securefile.tgz Enter password: Verify password: adding: securefile.tgz (deflated 77%)
Now let's see what happen's when you unzip that file. It will surely ask for password, but will not reveal the names of the file inside it. Because the files are inside the archive.
[root@localhost test]# ls securezip.zip [root@localhost test]# unzip securezip.zip Archive: securezip.zip [securezip.zip] securefile.tgz password:
Now if you type the correct password you got the .tgz file which then you need to just extract using tar command.
[root@localhost test]# ls securefile.tgz securezip.zip
How to extract .tgz files?
Note: .tar.gz and .tgz are same.
[root@localhost test]# tar -xvzf securefile.tgz linux.txt sarath.txt satish.txt slashroot.txt [root@localhost test]# ls linux.txt sarath.txt satish.txt securefile.tgz securezip.zip slashroot.txt [root@localhost test]#
Now how to validate a zip archive without extracting?
[root@localhost test]# unzip -t securezip.zip Archive: securezip.zip [securezip.zip] securefile.tgz password: testing: securefile.tgz OK No errors detected in compressed data of securezip.zip.
You can cleary see that no error is detected in compressed data of securezip.zip file.
How to zip a directory and its sub-directories recursively?
I am going to zip /var/spool/ directory with all its subdirectory and files.
[root@localhost test]# zip -r var-spool.zip /var/spool/ adding: var/spool/ (stored 0%) adding: var/spool/mail/ (stored 0%) adding: var/spool/mail/p4 (stored 0%)
How to see a detailed output while unzipping files
You can simply use the verbose mode for seeing a detailed output while unzipping.
[root@localhost test]# unzip -v varspool.zip Archive: varspool.zip Length Method Size Ratio Date Time CRC-32 Name -------- ------ ------- ----- ---- ---- ------ ---- 0 Stored 0 0% 03-14-13 23:23 00000000 var/spool/ 0 Stored 0 0% 03-14-13 23:30 00000000 var/spool/anacron/ 0 Stored 0 0% 04-14-13 05:58 00000000 var/spool/at/ 0 Stored 0 0% 04-23-13 01:35 00000000 var/spool/clientmqueue/ 0 Stored 0 0% 07-15-08 10:41 00000000 var/spool/cron/ 0 Stored 0 0% 03-14-13 23:18 00000000 var/spool/cups/ 0 Stored 0 0% 08-08-08 11:26 00000000 var/spool/lpd/ 0 Stored 0 0% 04-23-13 01:35 00000000 var/spool/mail/ 0 Stored 0 0% 04-23-13 01:35 00000000 var/spool/mqueue/ 0 Stored 0 0% 07-24-09 01:56 00000000 var/spool/repackage/ 0 Stored 0 0% 06-08-09 17:39 00000000 var/spool/vbox/ -------- ------- --- ------- 0 0 0% 11 files [root@localhost test]#
COMPRESSION LEVEL PROVIDED BY ZIP COMMAND:
Zip command supports 10 level of compression starting from level 0 which is lowest level to level 9 which is maximum compression level.
ZIP compression Level 0:
Level 0 does not compress files. It just archives them.
[root@localhost test]# zip -0 level0.zip *.txt adding: linux.txt (stored 0%) adding: sarath.txt (stored 0%) adding: satish.txt (stored 0%) adding: slashroot.txt (stored 0%) [root@localhost test]# ls -lh total 388K -rw-r--r-- 1 root root 181K Apr 24 01:07 level0.zip -rw-r--r-- 1 root root 54 Apr 19 06:21 linux.txt -rw-r--r-- 1 root root 12K Apr 19 05:26 sarath.txt -rw-r--r-- 1 root root 113K Apr 19 05:26 satish.txt -rw-r--r-- 1 root root 57K Apr 19 05:26 slashroot.txt
ZIP compression Level 1:
Level 1 compression speed is very fast but will do just a little compression.
[root@localhost test]# zip -1 level1.zip *.txt adding: linux.txt (deflated 9%) adding: sarath.txt (deflated 96%) adding: satish.txt (deflated 97%) adding: slashroot.txt (deflated 97%)
You can clearly see the compression level of level 1 is more than level 0.
ZIP compression Level 6:(which is bydefault compression Level)
[root@localhost test]# zip level6.zip *.txt adding: linux.txt (deflated 9%) adding: sarath.txt (deflated 97%) adding: satish.txt (deflated 98%) adding: slashroot.txt (deflated 98%)
Now you can clearly see that compression level of level 6 is more than its previous compression levels.
ZIP compression Level 9:(MAXIMUM COMPRESSION)
This compression level is little bit slow compared to other compression level.
[root@localhost test]# zip -9 level9.zip *.txt adding: linux.txt (deflated 9%) adding: sarath.txt (deflated 98%) adding: satish.txt (deflated 99%) adding: slashroot.txt (deflated 99%)
Hence you can see the compression level 9 is maximum.
1.9K<3.9K<5.6K<181K
Hence you can see the compression level in decreasing order.
OPENSSL BASED SECURITY FOR ZIP FILES
Lets see how to encrypt a zip file with the help of openssl.
I am going to show you how to encrypt a zip file using openssl command.And for demonstartion i am going to use level6.zip file in use here.
[root@localhost test]# openssl des3 -salt -in level6.zip -out level6zip.des3 enter des-ede3-cbc encryption password: Verifying - enter des-ede3-cbc encryption password:
In the above example, i have used DES encryption algorithm to encrypt files. Here am just showing just another method for securing your zip files.
Now how to decrypt encrypted zip file?
here i am going to decrypt level6zip.des3 file and redirect it's output to decryptedfile.zip.
[root@localhost test]# openssl des3 -d -salt -in level6zip.des3 -out decryptedfile.zip enter des-ede3-cbc decryption password:
How to create an MD5 or Sha1 Digest of a zip file?
[root@localhost test]# openssl dgst -md5 decryptedfile.zip MD5(decryptedfile.zip)= 8aec575873fd14b9c7ac738073e2e95d
or
[root@localhost test]# md5sum decryptedfile.zip 8aec575873fd14b9c7ac738073e2e95d decryptedfile.zip
you can see both command is same.
Example showing how to create a sha1 value of a zip file.
[root@localhost test]# openssl dgst -sha1 decryptedfile.zip SHA1(decryptedfile.zip)= b833d6dc64762a2afb1804109a3e79573b7af987
or
[root@localhost test]# sha1sum decryptedfile.zip b833d6dc64762a2afb1804109a3e79573b7af987 decryptedfile.zip
Both command is same here too.
Comments
system admin research
awesome
use of md5 and sha1 encryption
Hi It is very nice tutorial..
I want to know the use of md5 and Sha1 encryption.. can u please explain it with example..and what is the advantage of having md5 and Sha1 encryption and how it is being used in zip files.
Very Useful
Very Useful
Great Job
Really Great article. Thanks
Add new comment