For a client project, I am trying to create an AES-256 encrypted zip
file in Ruby, and having trouble finding applicable tools (mainly
gems). I have looked at these:
-
RubyZip, we are currently using for other purposes. However, this
does not support encryption at all.
-
jphastings’ fork of RubyZip might do it, I see mention of AES in
some pull requests, but the docs haven’t been updated to reflect any
crypto support, and I haven’t slogged through the code to see how
complete (let alone correct and robust) the AES support is.
-
Archive::Zip looked plausible, if we write a custom encryption
codec. Maybe someone’s already done one that supports AES-256? Not
that I could find. Anyway, the project is dormant, and only claims
v0.0.0 so it doesn’t seem mature and reliable.
-
ZipRuby claims to do crypto, but only “legacy” crypto, the kind most
compression utilities have had built in for ages, which is much weaker
than AES. Also, it apparently doesn’t even do that, according to a
fairly old unaddressed bug. No hint, at a quick glance, of being able
to plug in alternate crypto.
-
Chilkat’s library seems suitable at a quick glance, but we’d much
prefer something free and open source. Not so much for the cost, but
just the sheer hassles, especially since Chilkat’s license is tied to
specific named developers… and I’m a contractor.
Other details:
-
I think it needs to be openable by 7zip, which means it should
either use the same mode and initialization vector, or let me set
them. (I think I can find out what those are set to.)
-
I think the deployment will be on Linux, but development and a lot
of the testers are on Macs, so if one of the standard command-line
utilities common to both environments will do it, I will happily just
use a system call. However, Mac’s standard zip only supports the weak
“password protect” crypto.
-
If someone is thinking “why not just use RubyZip to compress and
OpenSSL to encrypt”: no, an “encrypted zip file” doesn’t mean “take a
zip file and encrypt it”, it has to be in standard zip format so an
unzipper knows how to extract entries, which are what is encrypted.
-
I’m open to other approaches, if anybody’s got suggestions! I have
reached out to the folks consuming the file to see if maybe they don’t
really need an AES-256 encrypted zip file specifically openable by
7zip – the files are probably small to begin with, so maybe we can
skip compression…
Thanks,
Dave
On 06/19/2014 10:04 AM, Dave A. wrote:
For a client project, I am trying to create an AES-256 encrypted zip
file in Ruby, and having trouble finding applicable tools (mainly
gems). I have looked at these:
…
- Archive::Zip looked plausible, if we write a custom encryption
codec. Maybe someone’s already done one that supports AES-256? Not
that I could find. Anyway, the project is dormant, and only claims
v0.0.0 so it doesn’t seem mature and reliable.
I’m the author of Archive::Zip, and while the project is pretty dormant,
that version string is a development detail. I leave that string in
place on the tip of the master branch after every release so that people
don’t mistakenly assume that they have version X when they really have
installed from the tip of the master branch which may contain version X
- additional, unreleased changes. Check rubygems to see the actual
released versions.
All that said, a custom codec would be necessary, and I haven’t heard of
anyone doing this for Archive::Zip yet. If such a codec were created
though, I would be open to including it into the Archive::Zip project
after a little time in the wild to shake out any major issues.
-Jeremy
please unsubscribe me
Andrew CP Kelley
Founder & CEO | CallRed
(t) 401.300.0034
On Thu, Jun 19, 2014 at 8:04 AM, Dave A. <
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hello! It seems like you’ve tried to unsubscribe from the mailing list
you’re on (Ruby-Talk). There’s two simple ways to accomplish this task:
-
Point your web browser at
Mailing Lists and unsubscribe
via the simple web form at the bottom of the page (change the action
to “unsubscribe”), or
-
Send an e-mail to the controller address for this mailing list
(Ruby-Talk), which is located at [email protected]. The
email should have the subject “unsubscribe” and the body “unsubscribe”
(no quotes). Please be sure to send this as a plain-text e-mail, as
HTML e-mails have known issues with interacting with controller e-mails.
Instructions sourced from
https://www.ruby-lang.org/en/community/mailing-lists/manual-instructions/
and Mailing Lists.
On 6/19/2014 12:48, Andrew Kelley wrote:
this does not support encryption at all.
contractor.
will happily just use a system call. However, Mac’s standard zip
they don’t really need an AES-256 encrypted zip file specifically
Rylee F.
[email protected]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQEcBAEBCgAGBQJTo1eWAAoJEAWmNCH2N+MzF7cH/ilCGDtpgKR5+RftpbFbShw/
fo3z4ApSgROUKPul7Svm/xlrhdtEkn5wTJdBG6X7NS8N+BjjxP6SDeHefzbtdIet
QSu0LneP4d2Cm0RnfUAYTSqeA1prLWY22rdQ5OXYjXI/SHOgbvUbKaZqPboo/vYI
GpJSasKJSsrz3Qtm1mKshAExiKjnzNjNnkH7z3iyBOztZq4CalX/6nnyIzu2C0FT
YzqwngMfNc1SHcWklgEL0T1uSeZVSIDgYHeaZ3cgVF/NgNFAFIxkMndzaZ3jPLNj
Av+xvEVkibXHB5MniW43K20G+lRvz7gfLEhB1tos6nN/5Fgo68frBsLR7W+rVro=
=xuLW
-----END PGP SIGNATURE-----
FYI we’ve added traditional encryption support to RubyZip on master,
with a structure that should make it easy to implement AES as well. (AES
is still available via jphastings’ fork and if anyone wants to pickup
the task)