![]() The switch -x"%~f0" prevents adding the batch file also into the RAR archive file if being stored in current directory on execution of the batch file. So you might better use just * as wildcard. Rar adds only files containing a dot in name of file into the RAR archive file on using *.*. Note: Rar and WinRAR interpret *.* different to * as also explained in manual in comparison to Windows kernel functions interpreting them identical. The RAR archive files1.rar is created on user's desktop by this code as root of directory C: is usually write-protected. So finally the command line set "RAR=-hp""!(/!$!#!#=)\%%"" defines the environment variable RAR with switch -hp passing the string "!(/!$!#!#=)\% to Rar.exe as password to use on encryption. ![]() In a batch file % marks begin/end of an environment variable reference except it is escaped with one more %. The password must be defined with two additional double quotes using ""!(/!$!#!#=)\%" to let really used password start with a straight double quote character. So it is not possible to define the password with "!(/!$!#!#=)\%. For that reason Rar.exe removes from the passed password/passphrase the first and last double quote if there is one at begin and/or end. Argument strings containing a space or one of these characters &()^= !'+,`~ needs to be enclosed in double quotes on Windows command line. The Windows command interpreter cmd.exe and Rar.exe itself determine how arguments specified on command line are interpreted on parsing the command line. In addition, I don't know if the above can be made to work under Windows. I note that I didn't dive into unrar's publicly available source code the above is merely based on the general documentation. All of this aims to conveniently make good use of rar's password/key space. with gpg using your own public key so as to lock the archive password under your private key/key phrase. The password file may be safely stored separately or together with the archive, in the latter case (of course) after encrypting it, e.g. listed, by reading the password back from the file, for instance like so: rar l -p"$(cat /tmp/pwd)" archive.rar ![]() The dd-pipe above will read 48 (pseudo)random bytes from the kernel's (non-blocking) random number source device, convert these into a 64 character password, tell rar to use that password for deriving a 256-bit (AES256) encryption key (RAR5-format), and at the same time store the password in the file `/tmp/pwd'. rar a -hp"$(dd if=/dev/urandom bs=48 count=1 | base64 -w0 | tee /tmp/pwd)" archive In a base64-encoded string, each character represents 6 bits of data a 64 character password thus amounts to 384 random bits, which may be derived from 48 random bytes. To avoid this, the archive password you pick should be no longer than 512 bits or 64 characters. Per PBKDF2, passwords longer than the block size of the hash function are first pre-hashed into a digest of 256 bits, which digest is then used as the password (instead of the original password). However, rar currently uses a password based key derivation function based on PBKDF2 using the HMAC-SHA256 hash function, which has a block size of 512 bits. It is not clear (to me) precisely which characters are part of the password space, but at least base64-encoded strings work. ![]() Rar's documented maximum password length is 127 characters/bytes. Especially for Linux users using winrar/rar from the commandline, it may be worth realizing that rar effectively accepts "keyfiles", which may overcome the need to fiddle with quotes as part of the password. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |