Closed gianlucabertani closed 7 years ago
This value is used when zipping with a password using Traditional PKWARE Encryption. The CRC is supplied so that it "can be used to test if the password supplied is correct or not" during decryption.
So it's actually a fundamental parameter, if you pass it wrong you can't decrypt the zip even if the password is correct.
Why don't you compute it autonomously while encrypting? It would be safer to compute it with the same function, instead of relying on a user-supplied CRC.
The answer on this StackOverflow question might provide more insight: http://stackoverflow.com/questions/30876659/zip-file-encryption-readable-by-some-zip-clients-not-others
Thanks Nathan, that clears up the question.
It looks like InfoZIP added a modification to the ZIP format that makes it so that the crc_for_crypting is not necessary. See issue #123 for more info.
It appears that the crc_for_crypting parameter is ignored in the mz_compat.c sources. The calls end up in zipOpenNewFileInZip5, which doesn't make use of the parameter. How to interpret that? And yes, I want to password-protect files in my .zip and data is arriving as a stream. My attempts so far resulted in the files that cannot be extracted, with the 'password is invalid' message.
Hello Nathan.
When creating a zip file protected with password, MiniZip APIs (e.g.
zipOpenNewFileInZip3_64
) require this perplexingcrc_for_crypting
parameter. Thezip.h
file just says: "needed for crypting". Following its use in the code provides no particular clues, beside that it's being actively used during encryption.Could you explain:
As you are aware of, MiniZip is used extensively in Objective-Zip, and I would like to provide a better explanation for this parameter than a simple "needed for crypting".
Thanks in advance. Keep up the great job!