ZIPEncryptFTP is a program I developed to make off-site backups of important data. Like its name suggests, it ZIPs one or more directories, Encrypts the ZIP file with AES and uploads it to a FTP server.
ZIPEncryptFTP is a C# command-line program, you will need the .NET 2.0 framework runtime to run it. It will write to the Application eventlog, so you need to run it the first time with administrator privileges, to register ZIPEncryptFTP with the eventlog.
To backup data, use ZIPEncryptFTP with these parameters:
ZIPEncryptFTP /directory /password /url /ftpuser /ftppassword
Example:
ZIPEncryptFTP /directory:c:\Data /password:Secret /url:ftp://ftp.com/backup /ftpuser:Didier /ftppassword:1234
This will compress the c:\Data directory and its content (including subdirectories) to a ZIP file, encrypt the ZIP file with AES using password Secret, and then upload the file to FTP server ftp.com and call the file backup. The credentials to access the FTP server are user Didier with password 1234.
Everything is done in memory, no temporary (ZIP) files are created. The ZIP file is created and encrypted in memory.
The password is converted to a 256 bit key, and the initialization vector is generated at random. The effect of this is that encrypting the same file twice will yield 2 completely different encrypted files.
You can ZIP more than one directory or file, proceed like this:
ZIPEncryptFTP /directory:c:\MyData /directory:c:\MyPictures …
To recover the data, you will need to retrieve the encrypted file backup from the FTP server with your favorite FTP-client. Then decrypt the file backup with this command:
ZIPEncryptFTP /password /infile /outfile
Example:
ZIPEncryptFTP /password:Secret /infile:backup /outfile:backup.zip
Use your favorite ZIP application to extract your files from file backup.zip
If you don’t want to provide the encryption password and FTP credentials on the command-line, I’ve added a function (dpapi) to encrypt and store them in the registry with the Data Protection API, just like Internet Explorer does when you let it remember your passwords.
You could decide to use dpapi because you use ZIPEncryptFTP in a script or batch file and don’t want the password and credentials to appear in clear and be readable by everybody.
To store the encryption password and FTP credentials in the registry, use this command:
ZIPEncryptFTP /dpapi /password /ftpuser /ftppassword
Example:
ZIPEncryptFTP /dpapi /password:Secret /ftpuser:Didier /ftppassword:1234
Once you have stored the credentials in the registry, you can backup your data with this command:
ZIPEncryptFTP /directory /url /dpapi
Example:
ZIPEncryptFTP /directory:c:\Data /url:ftp://ftp.com/backup /dpapi
And decrypting is done with this command:
ZIPEncryptFTP /dpapi /infile /outfile
Example:
ZIPEncryptFTP /dpapi /infile:backup /outfile:backup.zip
To display the encryption password and FTP credentials stored in the registry, use this command:
ZIPEncryptFTP /dpapi
Download:
Program: ZIPEncryptFTP_V1_2_1.zip (https)
MD5: 8C11212F459BF9D540F53D1213BC1323
SHA256: 90BA06D33B09F1E0150830A243FDBB052D4AD24CAC5403847A39995DDD1F6929
Source code: ZIPEncryptFTP_V1_2_1_Source.zip (https)
MD5: 75DC4992552A1A07F634A989D5E1436B
SHA256: A575D77D96C089CDA54E9EC2054B200B6C50830206E2498D40D9A0333A60F52C
Installation: copy files ZipEncryptFTP.exe and ICSharpCode.SharpZipLib.dll to the same directory of your choice.
Didier Stevens 
Zip Encrypt Ftp Backups
Didier Stevens did it again with a pretty useful tool that could be used for backups that should be placed on another server on the internet. This is great if you want to separate site or operating system backups from the running server to avoid that b…
Trackback by gHacks tech news — Saturday 17 February 2007 @ 6:44
Thanks for the tool. I was looking for something like this for quite something. You rock! Thanks once again.
Cheers,
Sudar
Comment by sudar — Sunday 18 February 2007 @ 10:23
Thank you!!!!
Ranimi (Italy)
Comment by ranimi — Monday 19 February 2007 @ 8:09
The program does not seem to run on Vista 😦
Unhandled Exception: System.Security.SecurityException: The source was not found
, but some or all event logs could not be searched. Inaccessible logs: Security
.
at System.Diagnostics.EventLog.FindSourceRegistration(String source, String m
achineName, Boolean readOnly)
at System.Diagnostics.EventLog.SourceExists(String source, String machineName
)
at System.Diagnostics.EventLog.VerifyAndCreateSource(String sourceName, Strin
g currentMachineName)
at System.Diagnostics.EventLog.WriteEntry(String message, EventLogEntryType t
ype, Int32 eventID, Int16 category, Byte[] rawData)
at System.Diagnostics.EventLog.WriteEntry(String message, EventLogEntryType t
ype, Int32 eventID)
at ZipEncryptFTP.MyEventLog.WriteID(EventLogEntryType eventType, IDs id)
at ZipEncryptFTP.Program.Main(String[] args)
The Zone of the assembly that failed was:
MyComputer
Comment by James — Friday 12 December 2008 @ 22:51
@James:
Did you follow my advise?
> It will write to the Application eventlog, so you need to run it the first time with administrator privileges,
> to register ZIPEncryptFTP with the eventlog.
Don’t forget that Vista’s UAC force you to explicitly select “Run as administrator”
Comment by Didier Stevens — Saturday 13 December 2008 @ 8:12
Sorry, I’m still getting used to Vista. I ran it from an account with admin privileges, but did not realize I also had to explicitly select “Run as administrator”. Thanks for your help, this utility is awesome.
Comment by James — Monday 15 December 2008 @ 1:57
No problem. One of the design requirements for this program was working without an installation program. That’s why the program itself will register its event source the first time it is run. This requires admin rights, but only the first time.
Comment by Didier Stevens — Tuesday 16 December 2008 @ 18:50
Your samples do not show that the program can store multiple credentials using DPAPI (how does it know which one it needs to use?) plus I’m wondering if I could use 2 users for the same FTP site.
Comment by tc — Thursday 24 June 2010 @ 11:09
@tc it supports only one credential
Comment by Didier Stevens — Friday 25 June 2010 @ 9:21
[…] Didier Stevens did it again with a pretty useful tool that could be used for backups that should be placed on another server on the internet. This is great if you want to separate site or operating system backups from the running server to avoid that both are not recoverable after a crash. […]
Pingback by Zip encrypt ftp backups – initialization vector, system backups — Saturday 30 July 2011 @ 20:29
You links to download don’t work.
Comment by Anonymous — Thursday 1 September 2011 @ 17:32
Fixed.
Comment by Didier Stevens — Thursday 1 September 2011 @ 18:03
Hi Didier, I am able to FTP via DOS and transfer files, but I get error 550 when I run your exe. Please help. Thank you in advance! Bill
Comment by Bill Naylor — Friday 11 May 2018 @ 23:55
550 FTP means authentication error.
Comment by Didier Stevens — Sunday 13 May 2018 @ 17:27
I think it is due to switching our website to HTTPS. At the command prompt I can no longer access; hangs when I try DIR. But using IPSwitch WS_FTP software I can connect with passive mode. Is there a way to specify passive mode with your software? Thank you for getting back to me, Didier! Bill
Comment by Bill Naylor — Sunday 13 May 2018 @ 20:20
No, there is no such option.
Comment by Didier Stevens — Monday 21 May 2018 @ 10:44