feat: AES-2 encryption

This adds AES-2 encryption as requested/discussed in #93 and defined at https://www.winzip.com/en/support/aes-encryption/ For now, AES-2 is used over AES-1 to prevent leakage of information via CRC-32 for small files, at the price of not having a checksum on the uncompressed plain text data (although there is an HMAC check on the encrypted compressed data as part of AES-2). In a later change, we should be able to make it AES-1 for larger files as recommended at https://www.winzip.com/en/support/aes-encryption/, but not doing this now to keep this change reasonably small.
uktrade · Jan 4, 2024 · 7c0defb · 7c0defb
1 parent 666dc16
commit 7c0defb
Show file tree

Hide file tree

Showing 7 changed files with 374 additions and 70 deletions.
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -34,6 +34,17 @@ jobs:
       - name: "Install bsdcpio"
         run: |
           ./install-libarachive.sh
+      - name: "Install 7z"
+        run: |
+          mkdir bin
+          (
+            cd ./bin
+            wget https://www.7-zip.org/a/7z2301-linux-x64.tar.xz
+            echo "23babcab045b78016e443f862363e4ab63c77d75bc715c0b3463f6134cbcf318 7z2301-linux-x64.tar.xz" | sha256sum --check
+            tar -xJf ./7z2301-linux-x64.tar.xz 7zz
+            rm 7z2301-linux-x64.tar.xz
+            echo "$PWD" >> $GITHUB_PATH
+          )
       - name: "Install python dependencies"
         run: |
           pip install ".[ci]"

diff --git a/README.md b/README.md
@@ -23,6 +23,8 @@ In addition to being memory efficient (with some [limitations](https://stream-zi
 
 - Can construct ZIP files that contain directories, including empty directories
 
+- Can constuct password protected/encrypted ZIP files adhering to the [WinZip AE-2 specification](https://www.winzip.com/en/support/aes-encryption/).
+
 - Allows the specification of permissions on the member files and directories (although not all clients respect them)
 
 - By default stores modification time as an extended timestamp. An extended timestamp is a more accurate timestamp than the original ZIP format allows

diff --git a/docs/features.md b/docs/features.md
@@ -14,6 +14,8 @@ In addition to being memory efficient (with some [limitations](/get-started/#lim
 
 - Can construct ZIP files that contain directories, including empty directories
 
+- Can constuct password protected/encrypted ZIP files adhering to the [WinZip AE-2 specification](https://www.winzip.com/en/support/aes-encryption/).
+
 - Allows the specification of permissions on the member files and directories (although not all clients respect them)
 
 - By default stores modification time as an extended timestamp. An extended timestamp is a more accurate timestamp than the original ZIP format allows
diff --git a/docs/get-started.md b/docs/get-started.md
@@ -147,6 +147,23 @@ The `stat.S_IFDIR` on the file is technically optional, but is probably good pra
 It is not required to have a directory member file in order to have files in that directory. So this pattern is most useful to have empty directories in the ZIP.
 
 
+## Password
+
+The data of ZIP files can be password protected by passing a password as the `password` parameter to `stream_zip`
+
+```python
+password_protected_zipped_chunks = stream_zip(member_files(), password='my-password'):
+```
+
+Note:
+
+1. This encrypts the data with AES-256, adhering to the [WinZip AE-2 specification](https://www.winzip.com/en/support/aes-encryption/).
+
+2. This is seen as more secure than ZipCrypto, the original mechanism of password protecting ZIP files, but fewer clients can open such ZIP files.
+
+3. While a step forward from ZipCrypto, it has flaws that you should be aware of before using it. See ["Attacking and Repairing the WinZip Encryption Scheme" by Tadayoshi Kohno](https://homes.cs.washington.edu/~yoshi/papers/WinZip/winzip.pdf).
+
+
 ## Methods
 
 Each member file is compressed with a method that must be specified in client code. See [Methods](/methods/) for an explanation of each.

diff --git a/pyproject.toml b/pyproject.toml
@@ -16,19 +16,25 @@ classifiers = [
     "License :: OSI Approved :: MIT License",
     "Topic :: System :: Archiving :: Compression",
 ]
+dependencies = [
+    "pycryptodome>=3.10.1",
+]
 
 [project.optional-dependencies]
 dev = [
     "coverage>=6.2",
     "pytest>=7.0.1",
     "pytest-cov>=3.0.0",
-    "stream-unzip>=0.0.86"
+    "stream-unzip>=0.0.86",
+    "pyzipper>=0.3.6",
 ]
 ci = [
+    "pycryptodome==3.10.1",
     "coverage==6.2",
     "pytest==7.0.1",
     "pytest-cov==3.0.0",
-    "stream-unzip==0.0.86"
+    "stream-unzip==0.0.86",
+    "pyzipper==0.3.6",
 ]
 
 [project.urls]