How to Safely Encrypt Both File Names and Contents Using 7zip through the Command Line

 

Page content

7zip is a popular open-source file archiving software that supports a wide range of compression formats, including its own .7z format. It also offers strong encryption features, which can be accessed via the command line. In this tutorial, you will learn how to encrypt not only the contents of a file but also the file names using 7zip from the command line.

Step 1: Download and Install 7zip

To use 7zip from the command line, you first need to download and install the software. 7zip is available for Windows, Linux, and macOS. You can download 7zip from its official website at https://www.7-zip.org/

Install 7zip on Mac with brew

To install 7zip using Homebrew, simply run the following command in the Terminal:

brew install p7zip

Install 7zip on Linux with apt

To install 7zip using apt, run the following command in the terminal:

sudo apt install p7zip-full

Debian may install binary as 7zz to /usr/bin/7zz:

$ dpkg -L 7zip
/.
/usr
/usr/bin
/usr/bin/7zz
/usr/share
/usr/share/doc
/usr/share/doc/7zip
/usr/share/doc/7zip/7zC.txt.gz
/usr/share/doc/7zip/7zFormat.txt.gz
/usr/share/doc/7zip/Methods.txt
/usr/share/doc/7zip/changelog.Debian.gz
/usr/share/doc/7zip/copyright
/usr/share/doc/7zip/lzma.txt.gz
/usr/share/doc/7zip/readme.txt.gz
/usr/share/doc/7zip/src-history.txt.gz
/usr/share/man
/usr/share/man/man1
/usr/share/man/man1/7zz.1.gz

Install 7zip on Linux with sdkman

To install 7zip using SDKMAN, run the following command in the terminal:

sdk install 7zip

Step 2: Open the Command Prompt or Terminal

On Windows, open the Command Prompt by pressing the Windows key + X and selecting “Command Prompt” from the menu. On macOS or Linux, open the Terminal application.

Step 3: Encrypt a File and File Names

To encrypt both the contents and names of a file using 7zip from the command line, use the following syntax:

7z a -p[password] -mhe=on [destination_file].7z [file_to_encrypt]
7z a -p[password] -mhe=on -mx9 [destination_file].7z [file_to_encrypt]

Replace [password] with your chosen password, [destination_file] with the name of the encrypted archive you want to create, and [file_to_encrypt] with the path to the file you want to encrypt. For example:

$ 7z a -psecret -mhe=on archive.7z document.txt

Scanning the drive:
1 file, 120 bytes (1 KiB)

Creating archive: archive.7z

Items to compress: 1


Files read from disk: 1
Archive size: 319 bytes (1 KiB)
Everything is Ok

This command will create an encrypted archive named archive.7z that contains the file document.txt. The file names will also be encrypted. When prompted, enter your password to encrypt the archive.

Step 4: Decrypt a File and File Names

To decrypt both the contents and names of a file using 7zip from the command line, use the following syntax:

7z x -p[password] [encrypted_archive].7z

Replace [password] with the password for the encrypted archive and [encrypted_archive] with the path to the encrypted archive. For example:

$ 7z x -psecret archive.7z

Scanning the drive for archives:
1 file, 319 bytes (1 KiB)

Extracting archive: archive.7z
--
Path = archive.7z
Type = 7z
Physical Size = 319
Headers Size = 191
Method = LZMA2:12 7zAES
Solid = -
Blocks = 1

Everything is Ok

Size:       120
Compressed: 319

This command will extract the contents of archive.7z to the current directory. The file names will also be decrypted. When prompted, enter the password for the encrypted archive.

To not enter password in command line, just use 7z x command and input password after prompt:

$ 7z x archive.7z

Scanning the drive for archives:
1 file, 319 bytes (1 KiB)

Extracting archive: archive.7z

Enter password (will not be echoed):
--
Path = archive.7z
Type = 7z
Physical Size = 319
Headers Size = 191
Method = LZMA2:12 7zAES
Solid = -
Blocks = 1

7zip Command Line Quick Reference

You can alway use 7z -h to get usage of 7zip:

$ 7z -h

7-Zip [64] 17.04 : Copyright (c) 1999-2021 Igor Pavlov : 2017-08-28
p7zip Version 17.04 (locale=utf8,Utf16=on,HugeFiles=on,64 bits,12 CPUs x64)

Usage: 7z <command> [<switches>...] <archive_name> [<file_names>...]

<Commands>
  a : Add files to archive
  b : Benchmark
  d : Delete files from archive
  e : Extract files from archive (without using directory names)
  h : Calculate hash values for files
  i : Show information about supported formats
  l : List contents of archive
  rn : Rename files in archive
  t : Test integrity of archive
  u : Update files to archive
  x : eXtract files with full paths

<Switches>
  -- : Stop switches parsing
  @listfile : set path to listfile that contains file names
  -ai[r[-|0]]{@listfile|!wildcard} : Include archives
  -ax[r[-|0]]{@listfile|!wildcard} : eXclude archives
  -ao{a|s|t|u} : set Overwrite mode
  -an : disable archive_name field
  -bb[0-3] : set output log level
  -bd : disable progress indicator
  -bs{o|e|p}{0|1|2} : set output stream for output/error/progress line
  -bt : show execution time statistics
  -i[r[-|0]]{@listfile|!wildcard} : Include filenames
  -m{Parameters} : set compression Method
    -mmt[N] : set number of CPU threads
    -mx[N] : set compression level: -mx1 (fastest) ... -mx9 (ultra)
  -o{Directory} : set Output directory
  -p{Password} : set Password
  -r[-|0] : Recurse subdirectories
  -sa{a|e|s} : set Archive name mode
  -scc{UTF-8|WIN|DOS} : set charset for for console input/output
  -scs{UTF-8|UTF-16LE|UTF-16BE|WIN|DOS|{id}} : set charset for list files
  -scrc[CRC32|CRC64|SHA1|SHA256|*] : set hash function for x, e, h commands
  -sdel : delete files after compression
  -seml[.] : send archive by email
  -sfx[{name}] : Create SFX archive
  -si[{name}] : read data from stdin
  -slp : set Large Pages mode
  -slt : show technical information for l (List) command
  -snh : store hard links as links
  -snl : store symbolic links as links
  -sni : store NT security information
  -sns[-] : store NTFS alternate streams
  -so : write data to stdout
  -spd : disable wildcard matching for file names
  -spe : eliminate duplication of root folder for extract command
  -spf : use fully qualified file paths
  -ssc[-] : set sensitive case mode
  -ssw : compress shared files
  -stl : set archive timestamp from the most recently modified file
  -stm{HexMask} : set CPU thread affinity mask (hexadecimal number)
  -stx{Type} : exclude archive type
  -t{Type} : Set type of archive
  -u[-][p#][q#][r#][x#][y#][z#][!newArchiveName] : Update options
  -v{Size}[b|k|m|g] : Create volumes
  -w[{path}] : assign Work directory. Empty path means a temporary directory
  -x[r[-|0]]{@listfile|!wildcard} : eXclude filenames
  -y : assume Yes on all queries

Summary

To encrypt both the contents and names of a file using 7zip from the command line, use the following syntax:

7z a -p[password] -mhe=on [destination_file].7z [file_to_encrypt]

7zip is a powerful file archiving software that offers strong encryption features that can be accessed via the command line. By using 7zip from the command line, you can quickly and easily encrypt both the contents and names of your files, ensuring that your sensitive data is protected. Just follow the steps outlined in this tutorial to encrypt and decrypt files with encrypted file names using 7zip from the command line.