7z command line with highest encryption: AES-256 + Encrypting the Filenames
I had a question. Im trying to backup and encrypt files, but using the more recent aes256 or aes512 encryption.
1) I heard 7z defaults to aes128, I want to use the best one (aes256... i think?), how do i do it?
Here is my command:
cd /mnt/MyBackupHardDrive ;
7z a MyFullComputerBackup-AES256.7z -t7z -m0=lzma2:d1024m -mx=9 -aoa -mfb=64 -md=32m -ms=on /home/MyHomeDirectory
2) Does this automatically encrypt the filenames too?
Thanks for any help you can offer!
Solution 1:
It is possible to get AES 256 encryption with 7z and make the archive and filenames only visible with the use of a passphrase. I note that the vital 'passphrase' option is missing from your own command line.
An example, for which I have borrowed liberally from the man pages:
7z a \
-t7z -m0=lzma2 -mx=9 -mfb=64 \
-md=32m -ms=on -mhe=on -p'eat_my_shorts' \
archive.7z dir1
A slightly more secure method is to actually leave the -p field blank, then 7z will prompt you to type a password before actually creating the archive.
Explanation:
Here is an explanation for those not well versed in the 7z command line:
a Add (dir1 to archive.7z)
-t7z Use a 7z archive
-m0=lzma2 Use lzma2 method
-mx=9 Use the '9' level of compression = Ultra
-mfb=64 Use number of fast bytes for LZMA = 64
-md=32m Use a dictionary size = 32 megabytes
-ms=on Solid archive = on
-mhe=on 7z format only : enables or disables archive header encryption
-p{Password} Add a password
Testing the archive:
The subsequent archive can be tested with the command 7z l -slt archive.7z which I demonstrate below:
andrew@illium~/test$ 7z l -slt archive.7z
7-Zip [64] 16.02 : Copyright (c) 1999-2016 Igor Pavlov : 2016-05-21
p7zip Version 16.02 (locale=en_US.UTF-8,Utf16=on,HugeFiles=on,64 bits,8 CPUs x64)
Scanning the drive for archives:
1 file, 12919 bytes (13 KiB)
Listing archive: archive.7z
Enter password (will not be echoed): <-------------
--
Path = archive.7z
Type = 7z
Physical Size = 12919
Headers Size = 247
Method = LZMA2:14 7zAES
Solid = -
Blocks = 1
----------
Path = dir1
Size = 0
Packed Size = 0
Modified = 2017-06-23 14:10:59
Attributes = D_ drwxr-xr-x
CRC =
Encrypted = -
Method =
Block =
Path = dir1/200px-Aum_calligraphy.svg.png
Size = 12663
Packed Size = 12672
Modified = 2015-05-06 07:29:23
Attributes = A_ -rw-r--r--
CRC = 77BD9922
Encrypted = + <-------------
Method = LZMA2:14 7zAES:19 <-------------
Block = 0
andrew@illium~/test$
Note the call for a password as well as the notation that gives the encryption as 7zAES:19 aka AES-256 (I have arrowed these points for the sake of clarity).
Caveats:
-
Note that in the man pages there is a specific warning against using 7z for archival purposes under Linux:
DO NOT USE the 7-zip format for backup purpose on Linux/Unix because : - 7-zip does not store the owner/group of the file. Note as well some limitations and work arounds given in the man pages in regards to the backing up of directories under Linux....