loop for i <- 0 to 11
C <- buffer(i) ^ decrypt_byte()
update_keys(C)
buffer(i) <- C
end loop
Where decrypt_byte() is defined as:
unsigned char decrypt_byte()
local unsigned short temp
temp <- Key(2) | 2
decrypt_byte <- (temp * (temp ^ 1)) >> 8
end decrypt_byte
After the header is decrypted, the last 1 or 2 bytes in Buffer
should be the high-order word/byte of the CRC for the file being
decrypted, stored in Intel low-byte/high-byte order. Versions of
PKZIP prior to 2.0 used a 2 byte CRC check; a 1 byte CRC check is
used on versions after 2.0. This can be used to test if the password
supplied is correct or not.
Step 3 - Decrypting the compressed data stream
----------------------------------------------
The compressed data stream can be decrypted as follows:
loop until done
read a character into C
Temp <- C ^ decrypt_byte()
update_keys(temp)
output Temp
end loop
XIV. Strong Encryption Specification (EFS)
------------------------------------------
Version 5.x of this specification introduced support for strong
encryption algorithms. These algorithms can be used with either
a password or an X.509v3 digital certificate to encrypt each file.
This format specification supports either password or certificate
based encryption to meet the security needs of today, to enable
interoperability between users within both PKI and non-PKI
environments, and to ensure interoperability between different
computing platforms that are running a ZIP program.
Password based encryption is the most common form of encryption
people are familiar with. However, inherent weaknesses with
passwords (e.g. susceptibility to dictionary/brute force attack)
as well as password management and support issues make certificate
based encryption a more secure and scalable option. Industry
efforts and support are defining and moving towards more advanced
security solutions built around X.509v3 digital certificates and
Public Key Infrastructures(PKI) because of the greater scalability,
administrative options, and more robust security over traditional
password based encryption.
Most standard encryption algorithms are supported with this
specification. Reference implementations for many of these
algorithms are available from either commercial or open source
distributors. Readily available cryptographic toolkits make
implementation of the encryption features straight-forward.
This document is not intended to provide a treatise on data
encryption principles or theory. Its purpose is to document the
data structures required for implementing interoperable data
encryption within the .ZIP format. It is strongly recommended that
you have a good understanding of data encryption before reading
further.
The algorithms introduced in Version 5.0 of this specification
include:
RC2 40 bit, 64 bit, and 128 bit
RC4 40 bit, 64 bit, and 128 bit
DES
3DES 112 bit and 168 bit
欢迎来到蓝梦软件下载中心!
免责声明:本站软件仅用于恢复和销毁存储介质数据,如果涉及个人隐私等问题,请使用者自行承担,使用软件默认同意本声明!
