4

Is there a way to compress gzip or zipfile as a password protected archive? Here is an example code illustrating how to archive file with no password protection:

import gzip, shutil

filepath = r'c:\my.log'

with gzip.GzipFile(filepath + ".gz", "w") as gz:
    with open(filepath) as with_open_file:
        shutil.copyfileobj(with_open_file, gz)

import zipfile

zf = zipfile.ZipFile(filepath + '.zip', 'w')
zf.write(filepath)
zf.close()
alphanumeric
  • 17,967
  • 64
  • 244
  • 392

2 Answers2

4

Python supports extracting password protected zips:

zipfile.ZipFile('myarchive.zip').extractall(pwd='P4$$W0rd')

Sadly, it does not support creating them. You can either call an external tool like 7zip or use a third-party library like this zlib wrapper.

Community
  • 1
  • 1
L3viathan
  • 26,748
  • 2
  • 58
  • 81
  • While `pyminizip` could offer an easy solution for those who create the password protected archives it was very hard to install. Please let me know if you have a recommendation on how to install it on Windows for Python 2.7. – alphanumeric Feb 23 '17 at 23:57
  • On Windows I would just install 7zip and call it from Python. – L3viathan Feb 24 '17 at 08:11
1

Use gpg for encryption. That would be a separate wrapper around the archived and compressed data.

Mark Adler
  • 101,978
  • 13
  • 118
  • 158
  • Would you be willing to post an example on how to encrypt the source data (a file or variable), archive it to a `zip` or `gzip` file, then un-archive it and decrypt producing the original uncompressed and decrypted source data. – alphanumeric Feb 24 '17 at 00:06
  • First off, you got it backwards. You have to archive and compress _before_ encryption, not after. Encrypted data appears random and is not compressible. Second, look at the link for examples. – Mark Adler Feb 24 '17 at 00:25
  • It is not working for me. I have installed it using `pip install python-gnupg`. Imported module with `import gnupg`. Then I try to initiate the instance with `gpg = gnupg.GPG('C:/temp')` which gives an error message I post below – alphanumeric Feb 24 '17 at 00:41
  • `Traceback (most recent call last): File "C:\temp\test.py", line 19, in gpg = gnupg.GPG('C:/temp') File "C:\Python27\lib\site-packages\gnupg\gnupg.py", line 125, in __init__ ignore_homedir_permissions=ignore_homedir_permissions, File "C:\Python27\lib\site-packages\gnupg\_meta.py", line 181, in __init__ self.homedir = os.path.expanduser(home) if home else _util._conf` – alphanumeric Feb 24 '17 at 00:42
  • `File "C:\Python27\lib\site-packages\gnupg\_util.py", line 765, in __set__ getattr(obj, self.fset.__name__)(value) File "C:\Python27\lib\site-packages\gnupg\_meta.py", line 438, in _homedir_setter raise RuntimeError(str(ae)) RuntimeError: Homedir ''C:\temp\gnupghome\.config\python-gnupg'' needs read/write permissions` – alphanumeric Feb 24 '17 at 00:43
  • @MarkAdler if you encrypt a compressed file, doesn't that lead to a vulnerability? The compressed file adheres to strict protocols on header, footer, etc. So a cracker would have some plain text from within your encrypted file to work with in the search for the password. – hobs Feb 16 '20 at 22:59
  • @hobs gpg precedes the compressed data with a small amount of random data before encryption for this reason. – Mark Adler Feb 17 '20 at 01:12
  • @MarkAdler yes, but that just obsficates the location of the header in the encrypted text, it does not change the presence of the plaintext header itself. So a brute force attack would merely have to grep for the header within the trial and error decompressed files. Salting, I think, is an attempt to mitigate this vulnerability, but that does not change the fact that it is a vulnerability: https://stackoverflow.com/a/29836684/623735 – hobs Feb 17 '20 at 19:21