how to check for 7zip compression and encryption?

Help
zipq
2013-07-01
2013-07-04
  • zipq
    zipq
    2013-07-01

    I have a random file.

    a) How can i check if this file has been compressed with 7zip?

    b) If (a) is true, how can i check if it has been encrypted with 7zip (without knowledge of the key)? In this case, i am looking for an automated process, not a trial-and-error way (i.e. try to extract the file and see if it requires a key).

    Thank you in advance!

     
  • Jānis Zalāns
    Jānis Zalāns
    2013-07-01

    All 7zip archives have file signature - first 6 bytes should be 37 7A BC AF 27 1C. If they don't match, then Your file is not 7zip archive. AFAIK, 7zip archives doesn't contain information like "Compressed with X".

    I think there is byte in end header that identities if archive is encrypted. But i haven't fully figured out headers, so i can't help You with that ATM... i think there was similar post in Help section with answer, try searching for it ;)

     
  • Igor Pavlov
    Igor Pavlov
    2013-07-02

    7z l a.7z -slt > list.txt
    and look
    Encrypted = +
    and / or
    "7zAES"
    in "Method ="

     
  • zipq
    zipq
    2013-07-02

    My thanks to both of you sirs!

    I noticed that after a "7z l a.7z -slt > list.txt", the file "list.txt" shows the original filenames of the files that the archive contains. Is it possible to 7zip a file with encryption and to make the original filenames not visible?

     
    Last edit: zipq 2013-07-02
  • Jānis Zalāns
    Jānis Zalāns
    2013-07-02

    when compressing archive, there is a checkbox to encrypt file names ;) (below encryption method in v9.22 beta)

     
    • zipq
      zipq
      2013-07-04

      I am using linux and the p7zip package, so i'm guessing that you mean the "-mhe=on" switch.

      This does the trick but the command "7z l a.7z -slt" does not work anymore unless you know the password.

      Is it possible to check a random file for 7z compression and encryption but without knowing the key and supposing that the -p and -mhe switches are on?