The Linux Page

Encrypt zip or PDF file

Hiding keyboard while typing.

Linux has options to encrypt zip or PDF files.

Note that the zip encryption capabilities are not very strong (i.e. they can be easily cracked). So don't use it if you can avoid it and keep in mind that most anyone can see what's inside either way.

zip --encrypt file.zip files

Note that there is an option to define the password on the command line (with --password) which is safe if you're the only user on your machine, but not so much on a shared machine since the password will appear in the list of processes.

And the PDF is very similar, but you have to enter the passwords on the command line with that one:

qpdf --encrypt [readpass] [ownerpass] 256 -- \
                                [infile].pdf [outfile].pdf

Another thing about having the password on the command line, it will also appear in your history file. On Ubuntu / bash that would be ~/.bash_history. To fix that issue, you have to edit that file and replace the passwords with whatever you'd like...

The qpdf supports two passwords:

  • readpass — password one can use to read the PDF file.
  • ownerpass — password the owner can use to read or write the PDF file.

Make sure to verify that your file is properly protected before sharing it.

For the opposite, you can use the decrypt command like so:

$ echo $export
keepall
$ export HISTCONTROL=ignorespace
$  qpdf --decrypt --password=12345 encrypted_file.pdf \
                                     decrypted_file.pdf
$ export HISTCONTROL=keepall

The HISTCONTROL variable is used to know whether a command should be added to your ~/.bash_history file. Since this command is going to include a password, we do not want it there. So we change the HISTCONTROL variable to ignorespace, which means "do not add command to history if the line starts with one or more spaces".

The echo is used to allow you to restore the value afterward, if you want to do so.

Note that this mechanism can also be used by the command above. If you forget to do so first, make sure to edit your ~/.bash_history file and remove the line(s) with your password(s).