Add support for AES encryption zip file #696
Conversation
|
Hi, @Stuk , I think this's pretty good for production, the min.js size only increase 13KB (107KB, gziped: 31KB) from the master branch (94KB, gziped: 27KB). And the speed & memory usage are quite fast & small for most users. |
xqdoo00o
changed the title
|
@xqdoo00o Thanks for your PR. const zip = new JSZip(); const content = await zip.generateAsync({ |
I tested with your code, it's ok. Did you recompile this PR use |
@xqdoo00o Yes, I already recompile it. When i unzip the file with password, the data is empty. I didn't see any thing text such as Hello Word. |
I use chrome. I think i use |
|
|
xqdoo00o
changed the title
|
There is any plan to merge this PR? |
|
I would love to see this merged as well. While I'm no maintainer of this projects, I ask myself if it wouldn't be better to reference sjcl as a dependency in package.json instead of copying the sjcl.js file into the jszip repo? Wouldn't it help with keeping the version up to date? On the other hand, the sjcl was last changed about 2 years ago, maybe it's that stable that it doesn't need updates at all? |
1, The origin sjcl does't have the module system, you have to use global variable to reference it. so I modify some code to fulfill the requirement(module export, pbkdf2 & ctr algorithm etc.) and reduce the code size. |
|
Would love to see it merged, I use it and it works flawlessly for me. |
|
+1 for merge |
|
I tried @xqdoo00o fork but generated files didn't had a password at all |
How do you generate files, show the code. |
jQuery("#blob").on("click", function () {
async function aaa() {
const zip = new JSZip();
zip.file("Hello.txt", "Hello World\n");
const content = await zip.generateAsync({
type: "blob",
password: "12345678",
encryptStrength: 3,
});
console.log(content);
saveAs(content, "example222.zip");
}
aaa();
});I need a code compatible with FF, chrome and IE11 |
It should work. Did you recompile this PR use npm i & npm run test-browser,then use the js dist/jszip.js |
|
I cloned your repo, I didn't use this PR. The browser tests hang there (using firefox) |
Never mind, just terminate the test-browser, and use js dist/jszip.js |
|
No password set. I attach full code: <html>
<head>
<script type="text/javascript" src="vendor/FileSaver.js"></script>
<script type="text/javascript" src="dist/jszip.js"></script>
<!-- <script
type="text/javascript"
src="//stuk.github.io/jszip-utils/dist/jszip-utils.js"
></script> -->
<script type="text/javascript">
var zip = new JSZip();
zip.file("Hello.txt", "Hello World444\n");
// var img = zip.folder("images");
// img.file("smile.gif", imgData, { base64: true });
zip.generateAsync({
type: "blob",
password: "12345678",
encryptStrength: 3,
}).then(function (content) {
// see FileSaver.js
saveAs(content, "example444.zip");
});
</script>
</head>
<body>
Lorem ipsum
</body>
</html>*removed jQuery, and ensured it works on firefox and IE11 (except password part) |
|
After purging the dist files, and recreating them, now it fails: |
|
I cannot create de dist files if I delete them. enboig@:/var/www/html/jszip(master)$ node --version
v14.18.0
enboig@:/var/www/html/jszip(master)$ npm --version
7.22.0
enboig@:/var/www/html/jszip(master)$ npm run test-browser
> jszip@3.7.1 test-browser
> grunt build && grunt test
Running "browserify:all" (browserify) task
>> Error: module not found: "/var/www/html/jszip/lib/index.js" from file /var/www/html/jszip/lib/_fake.js
Warning: Error running grunt-browserify. Use --force to continue.
Aborted due to warnings.I forgot to Now it gets generated and appear to work |
|
Files are missing CRC; is this accidental or adding CRC may lead to less secured files? CompressedObject.createWorkerFrom = function (uncompressedWorker, compression, compressionOptions, encryptOptions) {
if (encryptOptions.password !== null) {
return uncompressedWorker
.pipe(new DataLengthProbe("uncompressedSize"))
.pipe(new Crc32Probe()) // <----missing
.pipe(compression.compressWorker(compressionOptions))
.pipe(aes.EncryptWorker(encryptOptions))
.pipe(new DataLengthProbe("compressedSize"))
.withStreamInfo("compression", compression);
} else {
return uncompressedWorker
.pipe(new Crc32Probe())
.pipe(new DataLengthProbe("uncompressedSize"))
.pipe(compression.compressWorker(compressionOptions))
.pipe(new DataLengthProbe("compressedSize"))
.withStreamInfo("compression", compression);
}
}; |
The CRC is not useful in AE-2 encrypted zip. The document on this PR first line has explained doc. |
|
Sorry, I didn't read de link; I compared a file created with jszip and the same created using ark (KDE utility to create zips), and the second one has CRC. |
|
Hi, I found some weird behaviour. I'm using your pull request to encrypt the zips I generate. I'm adding a self-generated csv file to the zips (using the stringify() module from csvjs.org). I found that this csv gets corrupted when i turn on encryption on the zips. I was using the default STORE compression type (no compression). After i either stopped encrypting or changed to DEFLATE, my csv is valid. Other documents I am adding to the zip do not have this problem. Also, a plain text i added file did not suffer the problem. Anyone interested in this problem? What do you need to analyse? My project is not public, but i could share the piece of code to reproduce. And thanks for this pull request! |
Hi, could you add some minimal reproduce demo? By the way, you don't need to stringify csv file to zip, just add blob or arraybuffer of the csvfile. |
|
+1 for merge |
|
Encryption support would be super convenient built-in the jszip library! |
|
+1 for merge. Are there plans to do so? |
|
+1 for merge, any update on when it will be done ? |
|
I found some zip file still cannot decrypt,like this,how to increase support by it |
The zip file is encypted with legacy |
yes,I know what you mean,but many files are using zipcrypto on market【eg: maczip etc... 】, we should support more type |
Maybe you should use other zip program which support aes on mac, like keka, betterzip etc. |
I mean was if support decryption should support the encryption method account for more than on the market. |
No, I won't support that proved weak and unsafe. If you really want Zipcrypto, maybe you should try or modify this PR. |
|
+1 for merge |
|
Can we have any updates on this PR ? I would really love to have this merge. What is blocking ? Why not merging it ? Thank you in advance :D |
Add wzAES encryption & decryption (doc). min.js size just increase 13KB(from 96KB main dist).
Support different password & encryptStrength and non-encrypt file mixed in single zip(use "password" & "encryptStrength(1|2|3, default 3(AES-256))" in file options or generate options).
Thanks the very efficient crypto library sjcl.