0

I'm adding aes encryption to the zip but I have some doubts.

1 - Where is the IV stored to be restored by other compactors?

2 - Will the encryption header continue to be 12 bytes?

3 - Where do you say the zip will be encrypted with AES? I added in Extra data from the local file header and from the central directory Header. But I don't know if it was enough.

Remy Lebeau
  • 555,201
  • 31
  • 458
  • 770
Bruno da Silva
  • 1
  • 1

1 Answers1

2

The definitive source of for AES encryption in Zip files is on the WinZip support pages here. Also here.

1 - Where is the IV stored to be restored by other compactors?

If you are referring to what WinZip refers to as Salt (see here) then it is stored directly before the compressed & encrypted payload in the zip file.

2 - Will the encryption header continue to be 12 bytes?

Not sure what field you are referring to. The only 12 byte field that WinZip uses for AES encryption is the 12 byte salt field used with 192 bit key size encryption. The value is 8 bytes for a 128 bit key & 16 bytes for a 256 bit key.

3 - Where do you say the zip will be encrypted with AES? I added in Extra data from the local file header and from the central directory Header. But I don't know if it was enough.

The Compression Method field also need to be set to 99.

I have a file test.zip that is encrypted with AES & a 256-bit key

$ unzip -lv test.zip 
Archive:  test.zip
 Length   Method    Size  Cmpr    Date    Time   CRC-32   Name
--------  ------  ------- ---- ---------- ----- --------  ----
     446  Unk:099     282  37% 2022-08-07 07:45 f90ee7ff  lorem.txt
--------          -------  ---                            -------
     446              282  37%                            1 file

Here is a dump of the metadata from that zip file generated by zipdetails.

Key points to note are:

  1. The encryption bit is set in the General Purpose Flag

  2. Compression Method set to 99 in both local & central headers

  3. The Extra field in both local & central header for AES Encryption

  4. The salt data & Password verification value (listed as AES Pdd Ver) directly before the compressed/encrypted payload

  5. The 10 byte Authentication code directly after the payload

$ zipdetails -v test.zip 

0000 0004 50 4B 03 04 LOCAL HEADER #1       04034B50
0004 0001 14          Extract Zip Spec      14 '2.0'
0005 0001 00          Extract OS            00 'MS-DOS'
0006 0002 01 00       General Purpose Flag  0001
                      [Bit  0]              1 'Encryption'         
0008 0002 63 00       Compression Method    0063 'AES Encryption'  
000A 0004 A4 3D 07 55 Last Mod Time         55073DA4 'Sun Aug  7 08:45:08 2022'
000E 0004 FF E7 0E F9 CRC                   F90EE7FF
0012 0004 26 01 00 00 Compressed Length     00000126
0016 0004 BE 01 00 00 Uncompressed Length   000001BE
001A 0002 09 00       Filename Length       0009
001C 0002 0B 00       Extra Length          000B
001E 0009 6C 6F 72 65 Filename              'lorem.txt'
          6D 2E 74 78
          74
0027 0002 01 99       Extra ID #0001        9901 'AES Encryption'
0029 0002 07 00         Length              0007
002B 0002 01 00         Vendor Version      0001 'AE-1'
002D 0002 41 45         Vendor ID           4541 'AE'
002F 0001 03            Encryption Strength 03 '256-bit encryption key'
0030 0002 08 00         Compression Method  0008 'Deflated'
0032 0010 7A 44 48 12 AES Salt              7A 44 48 12 C7 3E 34 BE 5E 0A 58 9B
          C7 3E 34 BE                       19 B0 3B 0C
          5E 0A 58 9B
          19 B0 3B 0C
0042 0002 E5 35       AES Pwd Ver           E5 35
0044 010A ...         PAYLOAD
014E 000A 3B 4D 4D BF AES Auth              3B 4D 4D BF 98 3B 8F 2C 7D 5B
          98 3B 8F 2C
          7D 5B

0158 0004 50 4B 01 02 CENTRAL HEADER #1     02014B50
015C 0001 14          Created Zip Spec      14 '2.0'
015D 0001 00          Created OS            00 'MS-DOS'
015E 0001 14          Extract Zip Spec      14 '2.0'
015F 0001 00          Extract OS            00 'MS-DOS'
0160 0002 01 00       General Purpose Flag  0001
                      [Bit  0]              1 'Encryption'
0162 0002 63 00       Compression Method    0063 'AES Encryption'
0164 0004 A4 3D 07 55 Last Mod Time         55073DA4 'Sun Aug  7 08:45:08 2022'
0168 0004 FF E7 0E F9 CRC                   F90EE7FF
016C 0004 26 01 00 00 Compressed Length     00000126
0170 0004 BE 01 00 00 Uncompressed Length   000001BE
0174 0002 09 00       Filename Length       0009
0176 0002 0B 00       Extra Length          000B
0178 0002 00 00       Comment Length        0000
017A 0002 00 00       Disk Start            0000
017C 0002 01 00       Int File Attributes   0001
                      [Bit 0]               1 Text Data
017E 0004 20 00 00 00 Ext File Attributes   00000020
                      [Bit 5]               Archive
0182 0004 00 00 00 00 Local Header Offset   00000000
0186 0009 6C 6F 72 65 Filename              'lorem.txt'
          6D 2E 74 78
          74
018F 0002 01 99       Extra ID #0001        9901 'AES Encryption'
0191 0002 07 00         Length              0007
0193 0002 01 00         Vendor Version      0001 'AE-1'
0195 0002 41 45         Vendor ID           4541 'AE'
0197 0001 03            Encryption Strength 03 '256-bit encryption key'
0198 0002 08 00         Compression Method  0008 'Deflated'

019A 0004 50 4B 05 06 END CENTRAL HEADER    06054B50
019E 0002 00 00       Number of this disk   0000
01A0 0002 00 00       Central Dir Disk no   0000
01A2 0002 01 00       Entries in this disk  0001
01A4 0002 01 00       Total Entries         0001
01A6 0004 42 00 00 00 Size of Central Dir   00000042
01AA 0004 58 01 00 00 Offset to Central Dir 00000158
01AE 0002 00 00       Comment Length        0000
Done
pmqs
  • 3,066
  • 2
  • 13
  • 22
  • The links automatically redirect to https://www.winzip.com/en/product/winzip/windows/windows-7-8/. – Andreas Rejbrand Oct 03 '22 at 17:03
  • @AndreasRejbrand the links are working fine for me. What browser are you using? – pmqs Oct 03 '22 at 17:23
  • Firefox 105.0.1 (64-bit, latest version) on Windows 7. – Andreas Rejbrand Oct 03 '22 at 17:25
  • Can you try another browser? – pmqs Oct 03 '22 at 17:32
  • I tried Firefox, Chrome, and Edge. In each of these, I am redirected. Very likely the website redirects every Windows 7 user to that page, at least in my geographical region. – Andreas Rejbrand Oct 03 '22 at 17:36
  • I can confirm the redirect for Windows 7 using [Vivaldi](https://vivaldi.com/). Disabling JavaScript (f.e. via [uMatrix](https://github.com/gorhill/uMatrix/)) prevents this stupidity. – AmigoJack Oct 03 '22 at 20:02
  • @AndreasRejbrand Note it does that redirect for every other page on the winzip site as well. Just wow for that level of incompetence / stupidity. – Brian Oct 03 '22 at 20:04