zipcloak

Encrypt the contents of a Zip archive

$ zipcloak [path/to/archive.zip]

$ zipcloak [[-d|--decrypt]] [path/to/archive.zip]

$ zipcloak [path/to/archive.zip] [[-O|--output-file]] [path/to/encrypted.zip]

zipcloak [options] zipfile

-d
    -d
Decrypts the entries in the specified zipfile, removing any existing password protection.

-b
    -b
Performs a binary operation; useful on systems where text files might be altered by default.

-q
    -q
Quiet mode; suppresses most messages and prompts, except for password entry.

-v
    -v
Verbose mode; displays more information about the operation being performed.

zipfile
    zipfile
The path to the .zip archive to be modified. This argument is mandatory.

zipcloak is a utility from the Info-ZIP project designed to add, change, or remove password protection for entries within an existing .zip archive. Unlike creating a new encrypted archive from scratch, zipcloak modifies the specified zipfile directly, prompting the user for a password to either encrypt the contents or decrypt them.

It is particularly useful when you need to secure specific data inside an archive without recreating the entire file. When encrypting, it applies a password to the data streams of the archive's entries. When decrypting, it removes this protection, making the entries accessible without a password. The command supports both the traditional weak PKZIP 2.0 compatible encryption and, if the underlying zip library was compiled with it, stronger AES-256 encryption. This tool is a convenient way to manage the security of your archived data post-creation.

In-Place Modification: zipcloak modifies the archive in place. It is highly recommended to create a backup of your .zip file before using zipcloak to prevent accidental data loss or corruption.

Encryption Strength: By default, zipcloak may use the weak PKZIP 2.0 compatible encryption, which is known to be vulnerable. If the underlying zip utility supports it, AES-256 encryption might be used, but this depends on the compilation options of the zip library.

Compatibility: Archives encrypted with AES-256 using modern zipcloak/zip might not be compatible with older unzip versions or other zip programs that do not support AES encryption.

Filename Protection: zipcloak only encrypts the file contents, not the filenames or other metadata within the archive. These remain visible even if the contents are encrypted.

zipcloak will interactively prompt for a password. When encrypting, it will ask for the new password twice for confirmation. When decrypting, it will ask for the existing password. For silent operations, consider piping the password, though this is generally less secure and not directly supported via a command-line option for password input.

If an invalid password is provided during decryption, zipcloak will fail to decrypt the entries. If the archive is corrupt or unreadable, the command will also report an error.

zipcloak is an integral part of the Info-ZIP suite of tools, which originated in the early 1990s as a portable, open-source alternative to commercial PKZIP utilities. It evolved alongside the core zip and unzip commands, providing the crucial functionality of securing archived data without the need to re-compress files. Its development mirrored the progression of encryption standards within the ZIP format, initially supporting the weaker, widely compatible PKZIP 2.0 encryption. More recently, with the advent of stronger algorithms like AES-256 being incorporated into the underlying zip libraries, zipcloak has also gained the capability to utilize these stronger methods, provided the system's zip was compiled with the necessary support. Its continued usage highlights the ongoing need for secure, on-the-fly modification of archive security.

zip(1), unzip(1), zipnote(1), zipsplit(1)