I need to zip and password-protect a file. Is there a good (free) library for this?
This needs to be opened by a third party, so the password protection needs to work with standard tools.
+1
A:
Is there a good (free) library for this?
java.util.zip will do the zipping, but it won't do the passwords. And no, I don't know of any free ones that will. The cheapest I've seen is $150 for a developer seat.
Oli
2008-10-03 11:06:06
A:
Two Minutes of googling found this library
http://www.download32.com/chilkat-java-zip-library-d8681.html
I found that, however:"Chilkat components and libraries are unlocked at runtime by calling the UnlockComponent method once at the beginning of a program. A 30-day trial automatically begins if an invalid unlock code is passed to UnlockComponent."
nearly_lunchtime
2008-10-03 11:27:00
Two seconds of reading found that License = Shareware. Shareware != Free. Even if it did not enforce the license mechanism, distributing your software with unlicensed/unpaid shareware is likely to be illegal.
James Schek
2008-10-06 22:11:24
+4
A:
7-Zip has to option to add a password in its command-line mode. Perhaps you can exec it to get this result (and it has a good compression ration too).
Drawbacks: external process, hard to make portable (even if 7-Zip is portable itself), not sure of distribution license.
Note that InfoZip's Zip utility, highly portable too, also supports password.
PhiLho
2008-10-03 11:26:03
7-zip has libraries to use in self-written programs I believe, so it would not have to be an external process.
Quagmire
2009-10-15 11:07:46
+1
A:
If you give a better usage scenario then there are other alternatives.
- Do you require the zip to be opened by the standard Zip tools that can handle a zip password?
- The same question as previous are you going to pass this zip to an external entity that has to open the zip?
- Is it internal only and you just want to protect the contents of the zip?
For 3 then you can just use java to encrypt the stream contents of the zip as a normal file, probably best to change the file extension to .ezip or somesuch too.
For 1 and 2 then you can use the chillkat solution as mentioned, or an equivalent. However be aware that chillkat is not a pure Java solution, it uses JNI.
Donal Tobin
2008-10-03 11:32:02
A:
Here is the source for a .NET free zip library supporting encryption. There you can see how it's done and port it.
Vinko Vrsalovic
2008-10-03 11:34:11
DotNetZip is the library mentioned, and yes it is open-source and does AES. Using that it shouldn't be hard to produce a general solution for AES-encrypted zip files for Java. You need to use an Aes cipher, in ECB mode, with no padding. Use RFC2898 (1000 cycles) for the Password-based keygen. For each 16-byte block you encrypt a nonce and XOR *that* with the plaintext to get the cryptotext. And you have to manage the MAC, too (HMACSHA1). The winzipaes project is a good start. The .NET/C# code should be pretty easy to read.
Cheeso
2009-05-11 17:44:11
+1
A:
Additional info: I googled a bit more and indeed, it is a quite common question, and it appears there is no free solution (yet?).
Now, the standard algorithm of Zip encryption is well defined: See PKWARE's Application Note on the .ZIP file format. It appears to be an encryption done on the encrypted stream. If somebody feels like coding it...
Now, I wonder why Sun didn't include it in its library? Lack of standard? Patent/legal issue? Too weak to be usable?
PhiLho
2008-10-03 12:08:57
I did exactly this about 5 years ago for one of our apps. It took some effort (and I can't, unfortunately, post code for it) - but it's good to know that it can be done. We actually implemented the AES strong encryption system promoted by WinZip.
Kevin Day
2008-10-04 02:42:40
+1
A:
This isn't an answer, but it is a caution to keep in mind when evaluating potential solutions.
One very important thing about zip encryption:
There are several types of zip encryption. The old type (part of the original zip standard) is not at all worth bothering with (it can be cracked in less than 10 minutes with apps easily available online).
If you are doing any sort of encryption of zip files, please, please be sure you use one of the strong encryption standards (I believe that WinZip's 128- and 256-bit AES standard is the best supported). Here are the technical specs - we used this when developing our own Java encrypted zip system (can't provide source - sorry - it's internal use only)
The only thing worse than having no encryption is thinking that you have encryption and being wrong :-)
Kevin Day
2008-10-04 02:49:30
You may want to support both. AES-encrypted zip files are, aFAIK, not yet supported by Windows Explorer, while PKZIP-encrypted zip files are. You can view the entries of either type of encrypted zip file, but you can only extract from a PKZIP-encrypted (weakly encrypted) zipfile using Windows Explorer. You will need WinZip or another suitable tool on Windows to open AES-encrypted zips. (The free DotNetZip ships with such a tool).
Cheeso
2009-05-11 17:46:46
Windows XP SP3 and Vista both support AES zip files. My opinion (which any and all are free to disagree with) is that supporting something that isn't even remotely secure is a bad idea. M$ not supporting a secure format is not a valid reason for implementing something that is insecure.
Kevin Day
2009-05-13 04:24:47
+10
A:
After much searching, I've found three approaches:
A freely available set of source code, suitable for a single file zip. However, there is no license. Usage is AesZipOutputStream.zipAndEcrypt(...). http://merkert.de/de/info/zipaes/src.zip (http://forums.sun.com/thread.jspa?threadID=619940)
UPDATE: This code is now Apache licensed and released at http://code.google.com/p/winzipaes/ . It worked for me (one file in the zip), and fills a hole in Java's opens source libraries nicely.
A commercial product ($500 at the time of writing). I can't verify if this works, as their trial license approach is complex. Its also a ported .NET app: http://www.nsoftware.com/ipworks/zip/default.aspx
A commercial product ($290 at the time of writing). Suitable only for Wnidows as it uses a dll: http://www.example-code.com/java/zip.asp
JodaStephen
2009-03-25 15:05:49
A:
I currently use Zip Password Recovery 5.0, which can recover lost or forgotten passwords of Zip-archives created using WinZip, PKZip, WinRAR or any other ZIP-compatible software. http://www.recoverlostpassword.com/products/zippasswordrecovery.html
tony
2009-11-25 14:41:22
A:
Try Zip4j, a free & open-source java library to handle zip files. It supports Standard Zip Encryption and AES Encryption. http://www.lingala.net/zip4j/
Mark
2010-10-13 20:08:00