Afio archiver is more robust than tar, because afio compresses each file in the archive instead of the archive file itself. But afio has no ability to compress the header that includes filename, size, timestamp, and so on. This becomes serious problem when afio creates encrypted archive.
# create $ find secret_dir | \ afio -ovUZ -Penc_prg secret.afz secret_dir -- okay secret_dir/customer_name.docx.z -- (88%) # snoop $ strings secret.afz | \ head -2 | tail -1 | tr -d "0-9" secret_dir/customer_name.docx.z # OOPS!
Patched version of afio on this page is able to compress the header with new option "-N".
$ find secret_dir | \ afio -ovUZ -C1 -N -Penc_prg secret.afz secret_dir -- okay secret_dir/customer_name.docx.z -- (88%) $ strings secret.afz | \ head -2 | tail -1 | tr -d "0-9" A;Salted__c # OK, header was encrypted.
patch file: comphead-20120206.diff
2012/02/06
- patch for afio-2.5.1
If you want to compress each file before encrypt, you MUST prepare encryption/decryption script. Do not use gpg/pgp/openssl directly with their compression option. It sometimes produces corrupt archive. This restriction came from original afio.
$ ls -go *zip | tr -d "0-9:" -rwxr-xr-x -- egunzip -rwxr-xr-x -- egzip $ cat egzip #!/bin/sh gzip -c | \ openssl enc -e -aes-256-cbc -salt -pass fd:3 $ cat egunzip #!/bin/sh openssl enc -d -aes-256-cbc -pass fd:3 | \ gzip -dc
Create an archive with encrypted files and headers:
$ find .... | \ afio -ovzNUZ -1 C -3 3 -P egzip archive \ 3< passphrase-file 4< passphrase-file
Extract from the archive:
$ afio -ivzZ -1 C -3 3 -P egunzip archive \ 3< passphrase-file 4< passphrase-file
Use -t option for listing, -r option for verifying instead of -i option.
Unless explicitly stated, afio patch provided by this page is covered by the MIT License.
The license of original afio is a bit complex. See comments of afio.c file.
2012/01/06
- modified: man file.
2012/01/01
- initial version.
Using -N option compresses the header part of the archive. Same program and options are used for both header and file, so use -Z (and -P, -Q) with -N option.
If the compression program, specified by -P, is an encryption/decryption script, it may require passphrase file redirection. -3 option specifies filedescriptor number in this case, but both the number and number+1 are used internally to separate header compression process and file's. So you must add one more redirection, for example, -3 3 3< pass_file 4< passfile .