Protect Zip File

Jan 12, 2010 at 4:33 PM

Is there any way to prevent the deletion of files contained in a zip? Adding a password doesn't protect the file, nor does changing attributes. 

Jan 12, 2010 at 5:49 PM

Can you provide some additional context as to what you mean by "prevent the deletion"?

In some cases people have zipped a zip, using Encryption at each layer.  That might do what you want, but it obscures the contents of the inner zip, which may or may not be acceptable to you.

Another thing you could do is provide a secure hash of the zip, outside of the zip.  This would provide an integrity check, but wouldn't obscure the files contained in the zip.  This technique is used with many downloadable files to provide assurances to the downloader that the file has not been modified.  You could use md5, or sha1 to generate the hash - either of these is very typical.  It is up to the reader of the zip to validate the hash against the actual zip. 

You could use the "Manifest" idea, and include in the zip file, at the top level, a manifest.txt file (or something) that lists every file in the zip along with the MD5 or sha1 hash of that file. As with the prior option, it is up to the reader of the zip to check the manifest against the actual contents of the zip.

There may be other options.  This ought to provide some ideas to you.

Jan 12, 2010 at 8:02 PM

Using 7-Zip, I am able to open a zip file and delete any file from it without previously providing the password used for extraction. I'd like to be able to prevent the deletion of any file inside of the zip, the problem with your last option is that it is possible to delete the manifest which makes the idea unacceptable. I'd like to be able to use something like the "Encrypt file names" option in 7-zip, is this possible in the zip file format?

Jan 12, 2010 at 8:29 PM

It's supported in the zip format with vendor-specific extensions.  It's not supported in DotNetZip.

Maybe you want to zip the zipfile - my first suggestion.  It will obscure all filenames. 

I'm unsure what you really want.  You said you wanted to prevent deletion of files from the zip.  You also mentioned encrypting the filenames.

So which is it?  The manifest and hashes can provide integrity guarantees, to prevent undetected deletion of entries.   The zip-in-zip provides privacy - people cannot see the filenames in the inner zip, without the password.  Which you use depends on what you really want.



Jan 12, 2010 at 8:54 PM

If I create a 7-zip file I have the option of password protecting the contents so I cannot extract the files, however it is possible to see the file names as well as rename and delete the files without providing the password. DotNetZip created zip files "suffer" from this same behavior in that providing a password is not required to rename or delete but a password is required to extract the file. 7-zip provides the "Encrypt file names" option which prevents you from seeing the contents of the file but more importantly (for me anyway) it prevents someone from deleting the contents of archive. I'm not all that concerned about someone seeing the filenames, however I am concerned about them modifying the file so it no longer contains what I expected it to. I understand your suggestions about creating an external manifest and it will probably be the route we go to do validation. I was just hoping I wouldn't need to.

Jan 12, 2010 at 8:57 PM

ok.   Do you also understand the zip-the-zip option?  

If you zip a zipfile, then a viewer can see that there is an inner zipfile inside the outer zipfile. But, if the inner zipfile is protected with a password, the viewer can neither see nor alter the contents of the inner zip file.


Jan 12, 2010 at 9:01 PM

Yep, but it is still possible to delete the zip in the zip, correct? If so it suffers from the same problem. Thanks for your help.

Jan 12, 2010 at 9:52 PM
Edited Jan 12, 2010 at 9:57 PM

yes, you could delete the inner zip.  Then you'd have a completely empty outer zip.

I still don't understand what you are trying to protect against.  I mentioned integrity and privacy, but you seem to want something different.  It seems theoretical.  Like you're looking for a feature, not looking to solve an actual problem.  

If a person has write access to the zip file, they could just delete the zipfile itself.  Looking for a write-protection capability inside the archive seems a little ... like I said, theoretical, Mr Archrival.