Site Navigation

Mar 25, 2015

Simple Command Line File Encryption with 7zip

This is a brief write up on how perform simple file encryption of a directory using the 7zip program. After TrueCrypt was abandoned by its developers, I have looked around a bit for a really simple, easy to use tool for lightweight ecryption. Simple and easy are my goals, not the most secure. You can use something like Gnu Privacy Guard if you want a really full featured suite of security tools.

7zip is a free, open source file compression tool for Windows, OS X, and Linux. Most folks use 7zip to zip and unzip .zip files. But 7zip has its own 7z file format which provides better compression and better encryption than standard .zip files. The 7zip program uses strong AES-256 encryption based on a password you provide when you compress files. Thusly, the goal of quick and easy is met. The password will keep nosy relatives out the file, but I am sure, given enough time, the NSA could get in if they really wanted to. :)

7zip Installation

You can get 7zip from the 7zip web site. That works best for Windows, but for other operating systems you can use a package manager.


For windows, just go to the main site to download and install the software. The files are:

  • 7zip.exe (Windows 32-bit)
  • 7zip.msi (Windows 64-bit)


For OS X, the easiest way to install is to use HomeBrew. If you do not have HomeBrew, get it. You can thank me later. It is a fantastic tool for OS X. To install, just use the following from a terminal:

  • brew install p7zip

Ubuntu Linux

For Debian Linux, just use apt. For example:

  • apt-get install p7zip-full

Encrypting your Stuff

The following steps outline how to encrypt your stuff from the command line. The command line options should be the same on any platform, but there could be minor differences. The note was written using OS X.

Compress a Directory

To compress a directory named temp, use the following command:

7z a temp.7z temp/ -pSECRET -mhe

or alternatively

7z a temp.7z temp/ -p -mhe

The second option prompts you for the password to type in. The longer the password, the harder it would be for someone to decrypt the file. But of course, that will also make it hard to remember.

Here is a quick breakdown of the command line options:

  • a – Append files to the archive. Will just update the archive if it exists, so best to make sure the file does not exist.
  • temp.7z – The name of the archive file.
  • temp/ – The directory to be zipped.
  • -p – Prompt for the password.
  • -mhe – Encrypt the archive headers.

On OS X or Linux, the password is case sensitive by default. On Windows, the password is case insensitive by default.

Decompress the Archive

To decompress the archive just use:

7z x temp.7z

You will be prompted to enter your password and the file is uncomressed. For more information on 7zip see this 7zip tutorial which was a big help in writing this post.

That is it. An easy way to encrypt a directory.

No comments:

Favorite Links Feed