Didier Stevens

ZIPEncryptFTP

ZIPEncryptFTP is a program I developed to make off-site backups of important data. Like its name suggests, it ZIPs one or more directories, Encrypts the ZIP file with AES and uploads it to a FTP server.

ZIPEncryptFTP is a C# command-line program, you will need the .NET 2.0 framework runtime to run it. It will write to the Application eventlog, so you need to run it the first time with administrator privileges, to register ZIPEncryptFTP with the eventlog.

To backup data, use ZIPEncryptFTP with these parameters:

ZIPEncryptFTP /directory /password /url /ftpuser /ftppassword

Example:

ZIPEncryptFTP /directory:c:\Data /password:Secret /url:ftp://ftp.com/backup /ftpuser:Didier /ftppassword:1234

This will compress the c:\Data directory and its content (including subdirectories) to a ZIP file, encrypt the ZIP file with AES using password Secret, and then upload the file to FTP server ftp.com and call the file backup. The credentials to access the FTP server are user Didier with password 1234.

Everything is done in memory, no temporary (ZIP) files are created. The ZIP file is created and encrypted in memory.

The password is converted to a 256 bit key, and the initialization vector is generated at random. The effect of this is that encrypting the same file twice will yield 2 completely different encrypted files.

You can ZIP more than one directory or file, proceed like this:

ZIPEncryptFTP /directory:c:\MyData /directory:c:\MyPictures …

To recover the data, you will need to retrieve the encrypted file backup from the FTP server with your favorite FTP-client. Then decrypt the file backup with this command:

ZIPEncryptFTP /password /infile /outfile

Example:

ZIPEncryptFTP /password:Secret /infile:backup /outfile:backup.zip

Use your favorite ZIP application to extract your files from file backup.zip

If you don’t want to provide the encryption password and FTP credentials on the command-line, I’ve added a function (dpapi) to encrypt and store them in the registry with the Data Protection API, just like Internet Explorer does when you let it remember your passwords.

You could decide to use dpapi because you use ZIPEncryptFTP in a script or batch file and don’t want the password and credentials to appear in clear and be readable by everybody.

To store the encryption password and FTP credentials in the registry, use this command:

ZIPEncryptFTP /dpapi /password /ftpuser /ftppassword

Example:

ZIPEncryptFTP /dpapi /password:Secret /ftpuser:Didier /ftppassword:1234

Once you have stored the credentials in the registry, you can backup your data with this command:

ZIPEncryptFTP /directory /url /dpapi

Example:

ZIPEncryptFTP /directory:c:\Data /url:ftp://ftp.com/backup /dpapi

And decrypting is done with this command:

ZIPEncryptFTP /dpapi /infile /outfile

Example:

ZIPEncryptFTP /dpapi /infile:backup /outfile:backup.zip

To display the encryption password and FTP credentials stored in the registry, use this command:

ZIPEncryptFTP /dpapi

 

Download:

Program: ZIPEncryptFTP_V1_2_1.zip (https)

MD5: 8C11212F459BF9D540F53D1213BC1323

SHA256: 90BA06D33B09F1E0150830A243FDBB052D4AD24CAC5403847A39995DDD1F6929

Source code: ZIPEncryptFTP_V1_2_1_Source.zip (https)

MD5: 75DC4992552A1A07F634A989D5E1436B
SHA256: A575D77D96C089CDA54E9EC2054B200B6C50830206E2498D40D9A0333A60F52C

Installation: copy files ZipEncryptFTP.exe and ICSharpCode.SharpZipLib.dll to the same directory of your choice.

12 Comments »

  1. Zip Encrypt Ftp Backups

    Didier Stevens did it again with a pretty useful tool that could be used for backups that should be placed on another server on the internet. This is great if you want to separate site or operating system backups from the running server to avoid that b…

    Trackback by gHacks tech news — Saturday 17 February 2007 @ 6:44

  2. Thanks for the tool. I was looking for something like this for quite something. You rock! Thanks once again.

    Cheers,
    Sudar

    Comment by sudar — Sunday 18 February 2007 @ 10:23

  3. Thank you!!!!
    Ranimi (Italy)

    Comment by ranimi — Monday 19 February 2007 @ 8:09

  4. The program does not seem to run on Vista :-(

    Unhandled Exception: System.Security.SecurityException: The source was not found
    , but some or all event logs could not be searched. Inaccessible logs: Security
    .
    at System.Diagnostics.EventLog.FindSourceRegistration(String source, String m
    achineName, Boolean readOnly)
    at System.Diagnostics.EventLog.SourceExists(String source, String machineName
    )
    at System.Diagnostics.EventLog.VerifyAndCreateSource(String sourceName, Strin
    g currentMachineName)
    at System.Diagnostics.EventLog.WriteEntry(String message, EventLogEntryType t
    ype, Int32 eventID, Int16 category, Byte[] rawData)
    at System.Diagnostics.EventLog.WriteEntry(String message, EventLogEntryType t
    ype, Int32 eventID)
    at ZipEncryptFTP.MyEventLog.WriteID(EventLogEntryType eventType, IDs id)
    at ZipEncryptFTP.Program.Main(String[] args)
    The Zone of the assembly that failed was:
    MyComputer

    Comment by James — Friday 12 December 2008 @ 22:51

  5. @James:

    Did you follow my advise?
    > It will write to the Application eventlog, so you need to run it the first time with administrator privileges,
    > to register ZIPEncryptFTP with the eventlog.

    Don’t forget that Vista’s UAC force you to explicitly select “Run as administrator”

    Comment by Didier Stevens — Saturday 13 December 2008 @ 8:12

  6. Sorry, I’m still getting used to Vista. I ran it from an account with admin privileges, but did not realize I also had to explicitly select “Run as administrator”. Thanks for your help, this utility is awesome.

    Comment by James — Monday 15 December 2008 @ 1:57

  7. No problem. One of the design requirements for this program was working without an installation program. That’s why the program itself will register its event source the first time it is run. This requires admin rights, but only the first time.

    Comment by Didier Stevens — Tuesday 16 December 2008 @ 18:50

  8. Your samples do not show that the program can store multiple credentials using DPAPI (how does it know which one it needs to use?) plus I’m wondering if I could use 2 users for the same FTP site.

    Comment by tc — Thursday 24 June 2010 @ 11:09

  9. @tc it supports only one credential

    Comment by Didier Stevens — Friday 25 June 2010 @ 9:21

  10. [...] Didier Stevens did it again with a pretty useful tool that could be used for backups that should be placed on another server on the internet. This is great if you want to separate site or operating system backups from the running server to avoid that both are not recoverable after a crash. [...]

    Pingback by Zip encrypt ftp backups – initialization vector, system backups — Saturday 30 July 2011 @ 20:29

  11. You links to download don’t work.

    Comment by Anonymous — Thursday 1 September 2011 @ 17:32

  12. Fixed.

    Comment by Didier Stevens — Thursday 1 September 2011 @ 18:03


RSS feed for comments on this post. TrackBack URI

Leave a Reply (comments are moderated)

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

The Rubric Theme. Blog at WordPress.com.

Follow

Get every new post delivered to your Inbox.

Join 221 other followers

%d bloggers like this: