Encrypted archives should not reveal file names #10
Comments
|
Thank you for your kind words. Regarding your request: Neither ZIP nor 7-ZIP encrypt the filenames, only the content. It's in the specification, so there's nothing I can do about it. |
|
My fault, I should have mentioned, this request was only for the 7z format. So, for example, if you highlight a bunch of files in Windows File Explorer > right-click > select 7-Zip > Add to Archive > select the 7z format > then there is a checkbox to "Encrypt file names". When the 7z archive is created, the names of the files in the 7z file cannot be seen until after the password is entered. For your cmdlet, it would only apply when doing "Compress-7Zip -Format SevenZip ...". |
|
Ok, I see. Is it the same as the custom parameter he=on? Then you should be able to set it in the init scriptblock: $initScript = {
param ($compressor)
$compressor.CustomParameters.Add("he", "on")
}
Compress-7Zip -Format SevenZip -CustomInitialization $initScript ... |
|
Yes, thank you, that $initscript did it. So, the request is: When "-Format SevenZip" and "-Password anything", can "he=on" be the default? I think this is what users are more likely to expect when encrypting archives, it's definitely more secure, and it would still leave the option of setting "he=off" with a custom init when plaintext file names is specifically wanted for some reason. Thanks |
|
7-Zip does not encrypt filenames by default, therefore I wouldn't like to enable it automatically. If someone uses 7z for encryption he has to enable the encryption explicitly, and the Powershell module should behave the same. What I can offer is to add an |
|
Yes, that would be great, maybe "-EncryptFileNames" so that the name of the switch matches the name of the checkbox in the 7-Zip GUI? Btw, do you have a PayPal.me quick link or e-mail address for small thank-you donations? Thanks! |
|
Ok, I'll go with Thanks for your appreciation. Nope, I don't have a PayPal.me account. I'm doing this for fun and to serve my own needs. If others benefit from my code too it's great. I have to thank you for requesting this feature. It makes 7Zip4Powershell better and may help others as well. |
|
Jason, |
|
Btw, with the new -EncryptFilenames switch, I wrote a blog article on it: https://cyber-defense.sans.org/blog/2016/06/06/powershell-7-zip-compress-archive-encryption |
|
Great article. Do you mind if I add a link to it from the readme? |
|
Sure, I hope it helps get the word out. :-) |
Most importantly, Thank You for writing this and making it available on the PSGallery!
Request: please do not show the names of files in archives that have been encrypted with a password. The default should be to encrypt the file names too, not just the file contents.
If this is not practical for some reason, then please add a switch to encrypt file names. The inability to encrypt file names is kind of a deal-killer.
The text was updated successfully, but these errors were encountered: