Encrypted ZIP shows contents structure

[artincube]

Possible Security Issue

Configuration
Keka version: Version 1.1.30 (3477)
macOS version: macOS 10.14.6 (18G6020)

Describe the bug
Create a zip with a password and 256 encryption. I upload these to Google Drive (web interface) and without password I can see the content of one of the zips, in Google Drive. I repeated with that folder, same result. This is quite a security issue if I don't miss a step.

To Reproduce
Steps to reproduce the behavior:

1. set Keka with ZIP 256bits encryption
2. Drop several folders to zip them individually, then upload these to Google Drive.
3. Then I noticed I didn't setup encryption on first one, so deleted it from Google Drive, re zipped it localy with encryption and uploaded again. I could see content in Google Drive!
4. I then tried again changing the name of the folder before zipping it, thinking to avoid potential issues with that (upload delete reupload same name file). But same again, content accessible.Wow

[aonez]

@artincube encrypted ZIP files have the contents structure (filenames) unencrypted by design. That's why you can see the structure of the file without needing the password. You can't extract them without the password in any case.

If you want to also encrypt the filenames I suggest you use 7Z with the "Encrypt filenames" option enabled.

Hope this helps :)

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.