Forum: Ruby make aes-encrypted zip file in ruby?

Da4866904cd77478452d472640a40054?d=identicon&s=25 Dave Aronson (Guest)
on 2014-06-19 17:05
(Received via mailing list)
For a client project, I am trying to create an AES-256 encrypted zip
file in Ruby, and having trouble finding applicable tools (mainly
gems).  I have looked at these:

- RubyZip, we are currently using for other purposes.  However, this
does not support encryption at all.

- jphastings' fork of RubyZip might do it, I see mention of AES in
some pull requests, but the docs haven't been updated to reflect any
crypto support, and I haven't slogged through the code to see how
complete (let alone correct and robust) the AES support is.

- Archive::Zip looked plausible, if we write a custom encryption
codec.  Maybe someone's already done one that supports AES-256?  Not
that I could find.  Anyway, the project is dormant, and only claims
v0.0.0 so it doesn't seem mature and reliable.

- ZipRuby claims to do crypto, but only "legacy" crypto, the kind most
compression utilities have had built in for ages, which is much weaker
than AES.  Also, it apparently doesn't even do that, according to a
fairly old unaddressed bug.  No hint, at a quick glance, of being able
to plug in alternate crypto.

- Chilkat's library seems suitable at a quick glance, but we'd much
prefer something free and open source.  Not so much for the cost, but
just the sheer hassles, especially since Chilkat's license is tied to
specific named developers... and I'm a contractor.

Other details:

- I *think* it needs to be openable by 7zip, which means it should
either use the same mode and initialization vector, or let me set
them.  (I *think* I can find out what those are set to.)

- I *think* the deployment will be on Linux, but development and a lot
of the testers are on Macs, so if one of the standard command-line
utilities common to both environments will do it, I will happily just
use a system call.  However, Mac's standard zip only supports the weak
"password protect" crypto.

- If someone is thinking "why not just use RubyZip to compress and
OpenSSL to encrypt": no, an "encrypted zip file" doesn't mean "take a
zip file and encrypt it", it has to be in standard zip format so an
unzipper knows how to extract entries, which are what is encrypted.

- I'm open to other approaches, if anybody's got suggestions!  I have
reached out to the folks consuming the file to see if maybe they don't
really need an AES-256 encrypted zip file specifically openable by
7zip -- the files are probably small to begin with, so maybe we can
skip compression....

Thanks,
Dave
C5e056d4888f81842e966ff308c03416?d=identicon&s=25 Jeremy Bopp (Guest)
on 2014-06-19 17:15
(Received via mailing list)
On 06/19/2014 10:04 AM, Dave Aronson wrote:
> For a client project, I am trying to create an AES-256 encrypted zip
> file in Ruby, and having trouble finding applicable tools (mainly
> gems).  I have looked at these:
...
> - Archive::Zip looked plausible, if we write a custom encryption
> codec.  Maybe someone's already done one that supports AES-256?  Not
> that I could find.  Anyway, the project is dormant, and only claims
> v0.0.0 so it doesn't seem mature and reliable.
I'm the author of Archive::Zip, and while the project is pretty dormant,
that version string is a development detail.  I leave that string in
place on the tip of the master branch after every release so that people
don't mistakenly assume that they have version X when they really have
installed from the tip of the master branch which may contain version X
+ additional, unreleased changes.  Check rubygems to see the actual
released versions.

All that said, a custom codec would be necessary, and I haven't heard of
anyone doing this for Archive::Zip yet.  If such a codec were created
though, I would be open to including it into the Archive::Zip project
after a little time in the wild to shake out any major issues.

-Jeremy
44ca9d43f036568dc061c9168c68d297?d=identicon&s=25 Andrew Kelley (andrewcpkelley)
on 2014-06-19 18:49
(Received via mailing list)
please unsubscribe me

Andrew CP Kelley

Founder & CEO | CallRed

(t) 401.300.0034

www.CallRed.com


On Thu, Jun 19, 2014 at 8:04 AM, Dave Aronson <
620676bac4e81aae46ba1f252dbc76ce?d=identicon&s=25 Rylee Fowler (rylee)
on 2014-06-19 23:36
(Received via mailing list)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hello! It seems like you've tried to unsubscribe from the mailing list
you're on (Ruby-Talk). There's two simple ways to accomplish this task:

1. Point your web browser at
https://www.ruby-lang.org/en/community/mailing-lists/ and unsubscribe
via the simple web form at the bottom of the page (change the action
to "unsubscribe"), or

2. Send an e-mail to the *controller address* for this mailing list
(Ruby-Talk), which is located at ruby-talk-request@ruby-lang.org. The
email should have the subject "unsubscribe" and the body "unsubscribe"
(no quotes). Please be sure to send this as a plain-text e-mail, as
HTML e-mails have known issues with interacting with controller e-mails.

Instructions sourced from
https://www.ruby-lang.org/en/community/mailing-lis...
and https://www.ruby-lang.org/en/community/mailing-lists/.

On 6/19/2014 12:48, Andrew Kelley wrote:
>
> this does not support encryption at all.
>
> contractor.
> will happily just use a system call.  However, Mac's standard zip
> they don't really need an AES-256 encrypted zip file specifically
>
>

- --
Rylee Fowler
rylee@rylee.me
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBCgAGBQJTo1eWAAoJEAWmNCH2N+MzF7cH/ilCGDtpgKR5+RftpbFbShw/
fo3z4ApSgROUKPul7Svm/xlrhdtEkn5wTJdBG6X7NS8N+BjjxP6SDeHefzbtdIet
QSu0LneP4d2Cm0RnfUAYTSqeA1prLWY22rdQ5OXYjXI/SHOgbvUbKaZqPboo/vYI
GpJSasKJSsrz3Qtm1mKshAExiKjnzNjNnkH7z3iyBOztZq4CalX/6nnyIzu2C0FT
YzqwngMfNc1SHcWklgEL0T1uSeZVSIDgYHeaZ3cgVF/NgNFAFIxkMndzaZ3jPLNj
Av+xvEVkibXHB5MniW43K20G+lRvz7gfLEhB1tos6nN/5Fgo68frBsLR7W+rVro=
=xuLW
-----END PGP SIGNATURE-----
844c900811ca41c1a193664cda15e813?d=identicon&s=25 Johnny S. (johnny_s)
on 2015-01-17 11:42
FYI we've added traditional encryption support to RubyZip on master,
with a structure that should make it easy to implement AES as well. (AES
is still available via jphastings' fork and if anyone wants to pickup
the task)
Please log in before posting. Registration is free and takes only a minute.
Existing account

NEW: Do you have a Google/GoogleMail, Yahoo or Facebook account? No registration required!
Log in with Google account | Log in with Yahoo account | Log in with Facebook account
No account? Register here.