Can we encrypt already zipped file.

May 26, 2010 at 5:47 PM
Edited May 26, 2010 at 7:05 PM

Can we encrypt already zipped file ??  Can this be done using dotnetzip.

May 27, 2010 at 3:35 AM


but you'll have to explain more clearly what you want.


May 27, 2010 at 4:59 PM

Thanks for the response. If we already have a zipped file, just for encryption purpose, can we use the dotnetzip library.

Wondering to find if encryption using dotnetzip, will be better than TripleDESCryptoServiceProvider.

 Any help will be appreciated.





May 28, 2010 at 12:33 AM
Edited May 28, 2010 at 12:37 AM

You can encrypt arbitrary data with the general-purpose CryptoTransform things that are built-in to .NET.    There's plenty of information on how to do that. How you select your encryption approach is not really something I can help with.

The ZIP specification supports encryption.   There are 2 flavors of encryption supported in DotNetZip: 

  1. zip "classic" encryption, which is very weak, and should not really be considered encryption at all,  and...
  2. WinZip AES encryption.  This isn't really part of the PKZIP spec, but is something that WinZip added later, to address the shortcomings of traditional PKZIP encryption.  The makers of WinZip specified their approach publicly, so I've implemented that in DotNetZip.

There are other crypto standards supported in ZIP archives - in particular PKWARE's SecureZip product offers a choice of different algorithms, including RC2, TwoFish, Blowfish, and an alternative AES approach, among others.  DotNetZip doesn't support any of them. 

In all cases, for ZIP encryption, what is encrypted is the content of each entry in the zip file.  Using Zip encryption (either flavor I described above) The zip file itself is not encrypted.  This means anyone can read the list of files in the zip archive.

The advantage of zip encryption is that it's easy to do in DotNetZip.  One disadvantage is that the list of entries is still viewable.  (** SecureZIP also does "central directory encryption", which would prevent the viewing of the list of entries without a password.  But DotNetZip doesn't do that, either.)

On the other hand, you can encrypt the zip file in its entirety, using the .NET classes I mentioned.  That would give you privacy of the entry list in the zip archive.  The disadvantage is, it's not as simple as doing encryption within the zip file, using DotNetZip.

To answer your specific question, if you have an existing zip file that does not use encryption, then DotNetZip can't be used to encrypt it unless:

  • you unzip the file, then re-zip all the files using DotNetZip into a new zipfile, this time with encryption
  • you embed the existing zip file in a second zip file, using encryption through DotNetZip

I hope that clears things up.