Passwd question

Sep 23, 2009 at 10:35 AM
Edited Sep 23, 2009 at 11:44 AM


I created a zip file using the following code:


ZipFile zf = new ZipFile();
            zf.Password = "TestPass";
            zf.Encryption = EncryptionAlgorithm.WinZipAes256;
            zf.CompressionLevel = Ionic.Zlib.CompressionLevel.BestCompression;              
            foreach (FileSystemInfo fsi in fsis)
                    if (fsi is DirectoryInfo)
                catch (Exception xcp)


After this i tried reading this file using this  code:

string zpFileName = @"C:\";
            ZipFile zf = ZipFile.Read(zpFileName);

When i look/inspect in quick watch i am able to inspect everything about this file like Entries and FileNames.

I am wondering if it should require a password at this stage.

In other words is it possible to not allow anyone to read these details at runtime also without passwd.

Please let me know.



Sep 23, 2009 at 3:24 PM

The design of zipfile encryption is such that the "directory" in the zip file is not encrypted.  This is taken from the doc on the "Password" property:

When writing a zip archive, keep this in mind: though the password is set on the ZipFile object, according to the Zip spec, the "directory" of the archive - in other words the list of entries contained in the archive - is not encrypted with the password, or protected in any way. If you set the Password property, the password actually applies to individual entries that are added to the archive, subsequent to the setting of this property. The list of filenames in the archive that is eventually created will appear in clear text, but the contents of the individual files are encrypted. This is how Zip encryption works.

In 2004, PKWare provided a specification for how to encrypt the directory and meta-information.  They called it "Central directory encryption", and using it, readers of the zip file would not be able to learn the list of files contained in the zipfile, without the password.  DotNetZip does not implement that part of the zip specification. It's an open request.  Almost no tools that I know of have adopted this part of the specification.

One way to add privacy to the directory of files contained within a zipfile is to embed a zip within a zip.  If you password-protect the outer zip, then readers will see that the contents of the zip is a single zip file, but readers will not be able to open and read that embedded zip file.  Within the embedded zip, you store your files as normal.



Sep 24, 2009 at 7:29 AM

Thanks Cheeso. Could you provide an example of embedding the zip file.



Sep 24, 2009 at 10:19 AM
using (var zip = new ZipFile())
     zip.AddFile("MyFile.txt", "");
using (var zip1 = new ZipFile())
     zip1.AddFile("", "");

Sep 24, 2009 at 11:12 AM

Thanks Cheeso.