Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

archive/zip: support for encrypted archives #12081

raichu opened this issue Aug 9, 2015 · 4 comments

archive/zip: support for encrypted archives #12081

raichu opened this issue Aug 9, 2015 · 4 comments


Copy link

@raichu raichu commented Aug 9, 2015

ZIP file format specification includes encrypted archives.
Current implementation doesn't support writing/reading such archives.

@ianlancetaylor ianlancetaylor changed the title zip: support for encrpyted archives archive/zip: support for encrpyted archives Aug 9, 2015
@ianlancetaylor ianlancetaylor added this to the Unplanned milestone Aug 9, 2015
Copy link

@alexmullins alexmullins commented Dec 5, 2015

I've got a working implementation of archive/zip that can read/write password protected archives. The code is at

The encryption/decryption method used is WinZip AES Encryption Specification ( There are 2 other encryption methods specified in the original Zip Spec (, Sections 6 and 7) which aren't implemented. The method described in Section 6, also known as ZipCrypto, is generally considered 'weak' and isn't advisable to use. The method described in Section 7 seems to be exclusively used with PKWARE products as I haven't seen any other opensource implementations support it.

Public API additions:

  • FileHeader.DeferAuth
  • func (*FileHeader) IsEncrypted
  • func (*FileHeader) SetPassword
  • func (*Writer) Encrypt

Current roadblocks:

  • The method to turn a password into a master-key is PBKDF2 and I'm getting that functionality from the 3rd party package
  • Duplicating the cipher.NewCTR implementation from Go's Standard Library. (See here: It was clarified for me that Go uses a right-aligned counter which is the standard way of doing it. WinZip AES uses a left-aligned counter. The difference between the two is:


WinZip CTR:

Any feedback is welcome.


@bradfitz bradfitz changed the title archive/zip: support for encrpyted archives archive/zip: support for encrypted archives May 10, 2016
Copy link

@yeka yeka commented Oct 17, 2016

I was working on a project that requires me to send a password protected zip file to a system that can only read Zip Standard Encryption. Not finding any go source for this, I manage to create a working code based on @alexmullins code. Special thanks to you Sir 👍

While it's not advisable to use Zip Standard Encryption for security reason, for those who have to work with it, you can check my code at

I hope the awesome Go Team can integrate encryption into their standard zip/archive 😄


Copy link

@ghost ghost commented Jul 15, 2017

Any updates here? officially supporting protected files would be good enough :)


Copy link

@florianpinel florianpinel commented Aug 29, 2018

@yeka Could you add a license to your git repo?


Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
6 participants