Version 5.1 adds support for the following:
AES 128 bit, 192 bit, and 256 bit
Version 6.1 introduces encryption data changes to support
interoperability with SmartCard and USB Token certificate storage
methods which do not support the OAEP strengthening standard.
Version 6.2 introduces support for encrypting metadata by compressing
and encrypting the central directory data structure to reduce information
leakage. Information leakage can occur in legacy ZIP applications
through exposure of information about a file even though that file is
stored encrypted. The information exposed consists of file
characteristics stored within the records and fields defined by this
specification. This includes data such as a files name, its original
size, timestamp and CRC32 value.
Central Directory Encryption provides greater protection against
information leakage by encrypting the Central Directory structure and
by masking key values that are replicated in the unencrypted Local
Header. ZIP compatible programs that cannot interpret an encrypted
Central Directory structure cannot rely on the data in the corresponding
Local Header for decompression information.
Extra Field records that may contain information about a file that should
not be exposed should not be stored in the Local Header and should only
be written to the Central Directory where they can be encrypted. This
design currently does not support streaming. Information in the End of
Central Directory record, the ZIP64 End of Central Directory Locator,
and the ZIP64 End of Central Directory record are not encrypted. Access
to view data on files within a ZIP file with an encrypted Central Directory
requires the appropriate password or private key for decryption prior to
viewing any files, or any information about the files, in the archive.
Older ZIP compatible programs not familiar with the Central Directory
Encryption feature will no longer be able to recognize the Central
Directory and may assume the ZIP file is corrupt. Programs that
attempt streaming access using Local Headers will see invalid
information for each file. Central Directory Encryption need not be
used for every ZIP file. Its use is recommended for greater security.
ZIP files not using Central Directory Encryption should operate as
in the past.
The details of the strong encryption specification for certificates
remain under development as design and testing issues are worked out
for the range of algorithms, encryption methods, certificate processing
and cross-platform support necessary to meet the advanced security needs
of .ZIP file users today and in the future.
This feature specification is intended to support basic encryption needs
of today, such as password support. However this specification is also
designed to lay the foundation for future advanced security needs.
Encryption provides data confidentiality and privacy. It is
recommended that you combine X.509 digital signing with encryption
to add authentication and non-repudiation.
Single Password Symmetric Encryption Method:
-------------------------------------------
The Single Password Symmetric Encryption Method using strong
encryption algorithms operates similarly to the traditional
PKWARE encryption defined in this format. Additional data
structures are added to support the processing needs of the
strong algorithms.
The Strong Encryption data structures are:
1. General Purpose Bits - Bits 0 and 6 of the General Purpose bit
flag in both local and central header records. Both bits set
indicates strong encryption. Bit 13, when set indicates the Central
Directory is encrypted and that selected fields in the Local Header
are masked to hide their actual value.
2. Extra Field 0x0017 in central header only.
Fields to consider in this record are:
Format - the data format identifier for this record. The only
value allowed at this time is the integer value 2.
AlgId - integer identifier of the encryption algorithm from the
following range
0x6601 - DES
0x6602 - RC2 (version needed to extract < 5.2)
0x6603 - 3DES 168
0x6609 - 3DES 112
0x660E - AES 128
0x660F - AES 192
0x6610 - AES 256
0x6702 - RC2 (version needed to extract >= 5.2)
0x6801 - RC4
0xFFFF - Unknown algorithm
Bitlen - Explicit bit length of key
40
56
64
112
128
168
192
256
Flags - Processing flags needed for decryption
0x0001 - Password is required to decrypt
0x0002 - Certificates only
0x0003 - Password or certificate required to decrypt
Values > 0x0003 reserved for certificate processing
欢迎来到蓝梦软件下载中心!
免责声明:本站软件仅用于恢复和销毁存储介质数据,如果涉及个人隐私等问题,请使用者自行承担,使用软件默认同意本声明!
