tags:

views:

85

answers:

3
+2  Q: 

Write AES encrypted zip and read encrypted zip via Java

I was looking at this lib http://code.google.com/p/winzipaes/ but it writes temp data to disk which can't happen. We'll be writing sensitive data in the zip and having temp decrypted data written to disk is not good practice for a secure system. If the system exits in the middle of a decryption we're left with a tmp file on disk that's un-encrypted.

Anyone have any ideas on an open source lib that can handle the zip encryption/decryption inflation/deflation in ram only?

+1  A: 

There is 14 java files in this project, and as it's open source, I bet you can find a way to rewrite some parts to have everything stored in memory instead of a temp file.

Colin Hebert  2010-10-06 15:07:41
+2  A: 

Since it's an open source library you might be able to change the guts to use a byte stream instead of a file stream.

Teflon Ted  2010-10-06 15:09:46
Granted, though I'd rather not re-invent a wheel if there's a lib that's already done this.
dstarh  2010-10-06 15:17:12
Doesn't seem like re-invent the wheel, more like a retread.
JackN  2010-10-06 19:55:44
In the end I ended up re-writing the portion of the file method that decrypts the entry and wrote that to an outputstream, decrypted, then wrote that to a ZipInputStream and inflated it to another outputstream which gave me the bytes of the file. Since the file in this case will be text it serves my needs perfectly and no longer writes decrypted data to disk.
dstarh  2010-10-06 20:10:29
+2  A: 

Why don't you use the java intern java.util.zip and java.security ? Just encrypt your data and stream it through a zipstream to a file.

kasten  2010-10-06 15:10:14
Encrypted files are not compressable
JackN  2010-10-06 15:12:13
An encrypted zip is a zip with an encrypted zip file in it, the password to decrypt is combined with a salt that is stored in the zip to create the key to encrypt/decrypt the file.
dstarh  2010-10-06 15:16:26
@JackN In the case the zip is just a container for the encrypted data. It doesn't matter that it doesn't compress well.
Steve Kuo  2010-10-06 15:45:04
@Steve. You assume that compression doesn't matter. I may be a large file. Completing the zip/compression prior to the encryption saves storage, cpu, and bandwith if the file needs to be sent somewhere. What is the purpose of performing a zip without compression on a single file?
JackN  2010-10-06 19:54:32

related questions

Java Time Zone is messed up
Eclipse on win64
Automate builds for Java RCP for deployment with JNLP
Why are professors or schools picking Java over C++ to teach to students?
Is there a real benefit of using J#?
Public/Popular Websites using JavaServer Faces
Why can't I use a try block around my super() call?
Accessing post variables using Java Servlets
Personal Linux web server
Is this really widening vs autoboxing?
How can I Java webstart multiple, dependent, native libraries?
Why can't I call toString() on a Java primitive?
How do I use Java to read from a file that is actively being written?
What code analysis tools do you use for your Java projects?
IllegalArgumentException or NullPointerException for a null parameter?
How do I configure and communicate with a serial port?
What is the best way to parse strings in Java
Getting started with a custom JXTA PeerGroup
Creating a custom button in Java
How to get started "writing" a code coverage tool?
Which Build-/Configuration Management Tool?
What is the difference between an int and an Integer in Java/C#?
What is the meaning of the type safety warning in certain Java generics casts?
How would you access Object properties from within an object method?
Converting CSV File to XML in Java