Make aes-encrypted zip file in ruby?

Ruby
1

For a client project, I am trying to create an AES-256 encrypted zip
file in Ruby, and having trouble finding applicable tools (mainly
gems). I have looked at these:

  • RubyZip, we are currently using for other purposes. However, this
    does not support encryption at all.

  • jphastings’ fork of RubyZip might do it, I see mention of AES in
    some pull requests, but the docs haven’t been updated to reflect any
    crypto support, and I haven’t slogged through the code to see how
    complete (let alone correct and robust) the AES support is.

  • Archive::Zip looked plausible, if we write a custom encryption
    codec. Maybe someone’s already done one that supports AES-256? Not
    that I could find. Anyway, the project is dormant, and only claims
    v0.0.0 so it doesn’t seem mature and reliable.

  • ZipRuby claims to do crypto, but only “legacy” crypto, the kind most
    compression utilities have had built in for ages, which is much weaker
    than AES. Also, it apparently doesn’t even do that, according to a
    fairly old unaddressed bug. No hint, at a quick glance, of being able
    to plug in alternate crypto.

  • Chilkat’s library seems suitable at a quick glance, but we’d much
    prefer something free and open source. Not so much for the cost, but
    just the sheer hassles, especially since Chilkat’s license is tied to
    specific named developers… and I’m a contractor.

Other details:

  • I think it needs to be openable by 7zip, which means it should
    either use the same mode and initialization vector, or let me set
    them. (I think I can find out what those are set to.)

  • I think the deployment will be on Linux, but development and a lot
    of the testers are on Macs, so if one of the standard command-line
    utilities common to both environments will do it, I will happily just
    use a system call. However, Mac’s standard zip only supports the weak
    “password protect” crypto.

  • If someone is thinking “why not just use RubyZip to compress and
    OpenSSL to encrypt”: no, an “encrypted zip file” doesn’t mean “take a
    zip file and encrypt it”, it has to be in standard zip format so an
    unzipper knows how to extract entries, which are what is encrypted.

  • I’m open to other approaches, if anybody’s got suggestions! I have
    reached out to the folks consuming the file to see if maybe they don’t
    really need an AES-256 encrypted zip file specifically openable by
    7zip – the files are probably small to begin with, so maybe we can
    skip compression…

Thanks,
Dave

2

On 06/19/2014 10:04 AM, Dave A. wrote:

For a client project, I am trying to create an AES-256 encrypted zip
file in Ruby, and having trouble finding applicable tools (mainly
gems). I have looked at these:

  • Archive::Zip looked plausible, if we write a custom encryption
    codec. Maybe someone’s already done one that supports AES-256? Not
    that I could find. Anyway, the project is dormant, and only claims
    v0.0.0 so it doesn’t seem mature and reliable.
    I’m the author of Archive::Zip, and while the project is pretty dormant,
    that version string is a development detail. I leave that string in
    place on the tip of the master branch after every release so that people
    don’t mistakenly assume that they have version X when they really have
    installed from the tip of the master branch which may contain version X
  • additional, unreleased changes. Check rubygems to see the actual
    released versions.

All that said, a custom codec would be necessary, and I haven’t heard of
anyone doing this for Archive::Zip yet. If such a codec were created
though, I would be open to including it into the Archive::Zip project
after a little time in the wild to shake out any major issues.

-Jeremy

3

please unsubscribe me

Andrew CP Kelley

Founder & CEO | CallRed

(t) 401.300.0034

On Thu, Jun 19, 2014 at 8:04 AM, Dave A. <

4

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hello! It seems like you’ve tried to unsubscribe from the mailing list
you’re on (Ruby-Talk). There’s two simple ways to accomplish this task:

  1. Point your web browser at
    Mailing Lists and unsubscribe
    via the simple web form at the bottom of the page (change the action
    to “unsubscribe”), or

  2. Send an e-mail to the controller address for this mailing list
    (Ruby-Talk), which is located at [email protected]. The
    email should have the subject “unsubscribe” and the body “unsubscribe”
    (no quotes). Please be sure to send this as a plain-text e-mail, as
    HTML e-mails have known issues with interacting with controller e-mails.

Instructions sourced from
https://www.ruby-lang.org/en/community/mailing-lists/manual-instructions/
and Mailing Lists.

On 6/19/2014 12:48, Andrew Kelley wrote:

this does not support encryption at all.

contractor.
will happily just use a system call. However, Mac’s standard zip
they don’t really need an AES-256 encrypted zip file specifically

Rylee F.
[email protected]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBCgAGBQJTo1eWAAoJEAWmNCH2N+MzF7cH/ilCGDtpgKR5+RftpbFbShw/
fo3z4ApSgROUKPul7Svm/xlrhdtEkn5wTJdBG6X7NS8N+BjjxP6SDeHefzbtdIet
QSu0LneP4d2Cm0RnfUAYTSqeA1prLWY22rdQ5OXYjXI/SHOgbvUbKaZqPboo/vYI
GpJSasKJSsrz3Qtm1mKshAExiKjnzNjNnkH7z3iyBOztZq4CalX/6nnyIzu2C0FT
YzqwngMfNc1SHcWklgEL0T1uSeZVSIDgYHeaZ3cgVF/NgNFAFIxkMndzaZ3jPLNj
Av+xvEVkibXHB5MniW43K20G+lRvz7gfLEhB1tos6nN/5Fgo68frBsLR7W+rVro=
=xuLW
-----END PGP SIGNATURE-----

5

FYI we’ve added traditional encryption support to RubyZip on master,
with a structure that should make it easy to implement AES as well. (AES
is still available via jphastings’ fork and if anyone wants to pickup
the task)