AES-256 encrypted file password not enforced for zp format archives
A free file archiver for extremely high compression
Brought to you by:
ipavlov
Menu
▾
▴
I am new to 7-Zip. I am attempting to create an archive (in zip format for greatest compatibility) and am noticing some issues with the encryption. If I choose the .7z format, I can create archives that enforce the AES-256 encrypted password (i.e. you are promoted for the password upon accessing one of the files in the archive). However, if I create an archive with the zip format, the archive password is NOT requested/enforced if I choose AES-256 encryption. Zip archives made with ZipCrypto encryption do enforce the password, but not AES-256 (which is of course what I prefer).
Is this a know issue? Is there something else I need to do to make this work successfully with both the zip format and AES-256?
I am using the 64 bit version of 7-Zip on a 64 bit version of Windows 7 with a 2.8 GHz Intel Core i5 CPU and 8GB of RAM.
TIA!
both encryption methods function similar in GUI
see: http://i.imgur.com/MJxMx.png
technical information:
$ 7z l -slt AES256.zip
7-Zip 9.20 Copyright (c) 1999-2010 Igor Pavlov 2010-11-18
Listing archive: AES256.zip
--
Path = AES256.zip
Type = zip
Physical Size = 200
Path = file
Folder = -
Size = 8
Packed Size = 36
Modified = 2013-01-15 23:49:16
Created = 2013-01-15 23:49:14
Accessed = 2013-01-15 23:49:16
Attributes = ....A
Encrypted = +
Comment =
CRC =
Method = AES-256 Store
Host OS = FAT
Version = 51
$ 7z l -slt ZipCrypto.zip
7-Zip 9.20 Copyright (c) 1999-2010 Igor Pavlov 2010-11-18
Listing archive: ZipCrypto.zip
--
Path = ZipCrypto.zip
Type = zip
Physical Size = 162
Path = file
Folder = -
Size = 8
Packed Size = 20
Modified = 2013-01-15 23:49:16
Created = 2013-01-15 23:49:14
Accessed = 2013-01-15 23:49:16
Attributes = ....A
Encrypted = +
Comment =
CRC = 2DE9B62C
Method = ZipCrypto Store
Host OS = FAT
Version = 20
$
Fernando,
Thanks for the reply. However, I think my original post must be confusing. I am not having any issues configuring the UI to create the zip format with AES-256 - that I understand just fine. However, the archive it creates does NOT enforce the configured encyption password. It only enforces the passowrd if I select ZipCrypto with the zip format How can I get more diagnostic information and/or get this to work for AES256 with zip format? When I create an archive with AES256 in zip format, all appears to successd (no error messages or warnings on creation), but when I attempt to access the file, I get an error "Windows cannot complete the extraction. The destination file could not be created." in place of teh password prompt that works just fine if I select ZipCrypto? I get similar errors if I attempt to access/extract the file on a separate PC or on a MAC (with zip compatible programs), which leads me to suspect it is a creation side issue as opposed to an extraction side issue. I'd greatly appreciate your help in getting to the bottom of this and resolving it so that I can make zip compatible archives with AES256 encryption.
Last edit: Todd Gould 2013-01-16
off topic to original post but hope will be helpful those need to encrypt in gui:
in windows file explorer:
select the files to be archived, right click and select add to archive(not to add to xxx...zip not xxx...7z)
in the subsequent pop up window, one can select the parameters for name, aes or zipcrpto, password
how do you create these archives?
try simple command line:
7z a AES256.zip -mem=AES256 -ppass file
7z a ZipCrypto.zip -mem=ZipCrypto -ppass file
I have been creating them with the 'Add To Archive' tool on the right click menu. The only changes I make to defaults are to specifiy the zip format and AES-256 encyption method tih a password.
As you suggested, I have just tried via command line and I get the same resuylting error upon access. "Windows cannot complete the extraction. The destination file could not be created."
I did not give close attention to your reported error message:
"Windows cannot complete the extraction. The destination file could not be created."
You are trying to use the Windows built-in Compressed (zipped) Folders Shell Extension?
If so, the Windows Compressed Folders feature does not support AES encryption method.
Use 7-Zip to extract the contents.
See http://i.imgur.com/MJxMx.png and/or try command line:
7z x AES256.zip -oAES256Out -ppass
7z x ZipCrypto.zip -oZipCryptoOut -ppass
Yes, I was indeed attempting to access the file via Windows built-in extension. I need to share these files with others on different unknown platforms and with different unknown zip tools. So, for maximum compatability with such users, it sounds like I need to choose the zip format and stay with the ZipCrypto algorithm - is that correct? If so, how secure is ZipCrypto really?
Thanks again!
Your assumption regarding maximum compatability is correct.
"The PKZIP stream cipher is very weak. The deflate algorithm
makes it harder to get plaintext, but in most cases we can
reduce the plaintext requirement to the point where one can
guess enough plaintext based on file type and size alone.
The most popular zippers on the internet are also susceptible
to an attack that runs in two hours on a single PC based on
known plaintext provided by the application and independent
of the archived files themselves."[1]
[1] Biham, Eli, and Paul C. Kocher.
"A Known Plaintext Attack on the PKZIP Stream Cipher."
Fast Software Encryption: Second International Workshop.
Leuven, Belgium. December 1994. Conference paper.
This is a crucially important thread, I hope deveopers note there is a demand to use 7-zip for AES-256 encrypted .zip files openable by Windows. I have the same issue.
There are 2 version of aes for zip
1) pkware's aes (Strong Encryption).
2) winzip's aes
7-Zip creates zip with winzip's aes.
Probably Windows doesn't support winzip's aes.
I don't remember now how Windows supports pkware's aes.
Maybe it doesn't support it also.
At least in some versions of Windows.
Quite an old topic but still useful. Thanks to all for your inputs and specially to Igor for his post and for 7-Zip of course.
My purpose was to mirror my local files on my cloud storage (one-way sync). I setup the mirror target with ZIP compression and AES-256 encryption.
Using Windows 10 Pro up-to-date (build 14393.1066), I can confirm that Windows Explorer does not manage AES-256 encryption but 7-Zip Portable Edition version 9.20 does. Version 9.20 was released on Nov. 18, 2010! Maybe I should update :-)