For a client project, I am trying to create an AES-256 encrypted zip
file in Ruby, and having trouble finding applicable tools (mainly
gems). I have looked at these:
- RubyZip, we are currently using for other purposes. However, this
does not support encryption at all.
- jphastings' fork of RubyZip might do it, I see mention of AES in
some pull requests, but the docs haven't been updated to reflect any
crypto support, and I haven't slogged through the code to see how
complete (let alone correct and robust) the AES support is.
- Archive::Zip looked plausible, if we write a custom encryption
codec. Maybe someone's already done one that supports AES-256? Not
that I could find. Anyway, the project is dormant, and only claims
v0.0.0 so it doesn't seem mature and reliable.
- ZipRuby claims to do crypto, but only "legacy" crypto, the kind most
compression utilities have had built in for ages, which is much weaker
than AES. Also, it apparently doesn't even do that, according to a
fairly old unaddressed bug. No hint, at a quick glance, of being able
to plug in alternate crypto.
- Chilkat's library seems suitable at a quick glance, but we'd much
prefer something free and open source. Not so much for the cost, but
just the sheer hassles, especially since Chilkat's license is tied to
specific named developers... and I'm a contractor.
Other details:
- I *think* it needs to be openable by 7zip, which means it should
either use the same mode and initialization vector, or let me set
them. (I *think* I can find out what those are set to.)
- I *think* the deployment will be on Linux, but development and a lot
of the testers are on Macs, so if one of the standard command-line
utilities common to both environments will do it, I will happily just
use a system call. However, Mac's standard zip only supports the weak
"password protect" crypto.
- If someone is thinking "why not just use RubyZip to compress and
OpenSSL to encrypt": no, an "encrypted zip file" doesn't mean "take a
zip file and encrypt it", it has to be in standard zip format so an
unzipper knows how to extract entries, which are what is encrypted.
- I'm open to other approaches, if anybody's got suggestions! I have
reached out to the folks consuming the file to see if maybe they don't
really need an AES-256 encrypted zip file specifically openable by
7zip -- the files are probably small to begin with, so maybe we can
skip compression....
Thanks,
Dave
···
--
Dave Aronson, freelance software developer (details @ www.Codosaur.us);
see also www.PullRequestRoulette.com, Blog.Codosaur.us, www.Dare2XL.com