Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Does libzip support "Central Directory Encryption"? #415

Closed
fdegros opened this issue Oct 6, 2023 · 6 comments
Closed

Does libzip support "Central Directory Encryption"? #415

fdegros opened this issue Oct 6, 2023 · 6 comments
Labels
enhancement Request a new feature.

Comments

@fdegros
Copy link

fdegros commented Oct 6, 2023

Description

The ZIP format specification contains a "Central Directory Encryption" feature since version 6.2 released in 2004. I'm not sure if I have ever seen any tool or library that implements this feature. Does libzip deal with it? If yes, how can I create a ZIP archive with an encrypted central directory?

Describe alternatives you've considered

The considered alternative is to use an inner ZIP that gets embedded and encrypted in an outer ZIP. This workaround should be compatible with other tools and libraries. However, this has performance and usability implications.
@fdegros fdegros added the enhancement Request a new feature. label Oct 6, 2023
@dillof
Copy link
Member

dillof commented Oct 6, 2023

No, it currently does not.

We would probably need a new variant of zip_open() to allow providing a password, and a new archive flag like ZIP_AFL_ENCRYPTED_CENTRAL_DIRCTORY. You could then check if it is encrypted with zip_get_archive_flag() and set whether to encrypt with zip_set_archive_flag().

@fdegros
Copy link
Author

fdegros commented Oct 8, 2023

How does the current libzip 1.10 react when faced with an encrypted central directory? Does it fails with ZIP_ER_NOZIP or another error code?

For context, around 2% of all the ZIP archives that are opened by the ChromeOS Files App fail with ZIP_ER_NOZIP. This percentage is stable over time, and it looks quite high. I'm wondering what could be causing that, and if the "central directory encryption" could play a role in that.

@0-wiz-0
Copy link
Member

0-wiz-0 commented Oct 9, 2023

I think recognizing it as a ZIP archive might work (at least without the consistency check flag). The data in the central directory is zeroed out though, so it'll be useless (no file sizes etc.)
Do you have an example file for us?

@fdegros
Copy link
Author

fdegros commented Oct 10, 2023

Do you have an example file for us?

I wish I had one. Unfortunately, I don't even know how to create such a ZIP file with an encrypted central directory.

@dillof
Copy link
Member

dillof commented Oct 10, 2023

Thomas found that Central Directory Encryption is patented, accoring to PKWare developer Marius Volkhart, see https://stackoverflow.com/questions/58394110/pkware-zip-central-directory-encryption

Therefore, we can't implement it. If we can get an example zip archive, we'll make sure that it is recognised as a zip archive and that zip_open() returns an appropriate error code.

@dillof dillof closed this as completed Oct 10, 2023
@fdegros
Copy link
Author

fdegros commented Oct 10, 2023

Interesting. That explains why such ZIPs aren't that common.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement Request a new feature.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@dillof @0-wiz-0 @fdegros