Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

AES encrypted Zips not matching specification #552

Closed
remogloor opened this issue Dec 11, 2020 · 2 comments · Fixed by #554
Closed

AES encrypted Zips not matching specification #552

remogloor opened this issue Dec 11, 2020 · 2 comments · Fixed by #554
Labels
bug encryption zip Related to ZIP file format

Comments

@remogloor
Copy link

Steps to reproduce

  1. Create a AES encrypted zip using ZipOutputStream, probably also using ZipFile

Expected behavior

A Zip according to the specification is created
https://www.winzip.com/win/en/aes_info.html#comp-method

The specication states that:

  • AE-1: The version supports CRC, The CRC must be set to the actual CRC of the content
  • AE-2: This version does not support CRC, CRC value must be 0

The reason behind not using CRC in case of AE-2 is that this is an unnecessary redundant overhead. AES has an Auth code which is even better than a simple CRC. Therefore the computation time for the CRC can be removed to improve perfromance.

Actual behavior

A AE-2 zip is created that has the CRC value set to the actual value

To match the specification:
-> Either change the version to AE-1
-> Or set the CRC to 0

In order to fix this issue it first needs to be decided which version the zip files shall use:
AE-1 or AE-2

Version of SharpZipLib

Obtained from (only keep the relevant lines)

  • Compiled from source, commit: b7bc4e0
@Numpsy
Copy link
Contributor

Numpsy commented Dec 19, 2020

it first needs to be decided which version the zip files shall use

I don't know there - the WinZip docs say different versions use different defaults, and it could potentially be made configurable, but then I don't know how much people actually care about that.

@piksel
Copy link
Member

piksel commented Dec 20, 2020

@Numpsy I doubt there is enough interest to warrant dual code paths for this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug encryption zip Related to ZIP file format
Projects
None yet
Development

Successfully merging a pull request may close this issue.

3 participants