AES encrypted Zips not matching specification

[remogloor]

Steps to reproduce

1. Create a AES encrypted zip using ZipOutputStream, probably also using ZipFile

Expected behavior

A Zip according to the specification is created
https://www.winzip.com/win/en/aes_info.html#comp-method

The specication states that:

• AE-1: The version supports CRC, The CRC must be set to the actual CRC of the content
• AE-2: This version does not support CRC, CRC value must be 0

The reason behind not using CRC in case of AE-2 is that this is an unnecessary redundant overhead. AES has an Auth code which is even better than a simple CRC. Therefore the computation time for the CRC can be removed to improve perfromance.

Actual behavior

A AE-2 zip is created that has the CRC value set to the actual value

To match the specification:
-> Either change the version to AE-1
-> Or set the CRC to 0

In order to fix this issue it first needs to be decided which version the zip files shall use:
AE-1 or AE-2

Version of SharpZipLib

Obtained from (only keep the relevant lines)

• Compiled from source, commit: b7bc4e0

[Numpsy]

it first needs to be decided which version the zip files shall use

I don't know there - the WinZip docs say different versions use different defaults, and it could potentially be made configurable, but then I don't know how much people actually care about that.

[piksel]

@Numpsy I doubt there is enough interest to warrant dual code paths for this.