No problem, I've also been preempted. I want to capture as much information as possible but the documentation is a weird mixture of details and hand-waving. Some is detailed, some is "compatible with the format used by the Microsoft CRYPTOAPI". How is anyone supposed to use that if all they have is the APPNOTE.txt file? Anyway I can demonstrate that the headers are recognized in at least one test case so I'll just remove the debugging code and add a few getters.
I also found documentation on WinZip so I can also capture that information later. It uses a different compression method ID to indicate encryption instead of new extra fields. FWIW my initial impression from what's in the fields is that WinZip is competently implemented but PKWare is a LOT more solid. I can give details if anyone wants to be bored. :-) Bear On Mon, Sep 14, 2015 at 1:34 AM, Stefan Bodewig <bode...@apache.org> wrote: > Hi Bear > > sorry for the late reply. My spare time is currently severly limited > but this should be getting better by the end of the month. > > On 2015-09-05, Bear Giles wrote: > > > I was just reminded of the risks of making assumptions. There's two > > separate implementations of AES strong encryption - WinZip AES and > PKWare. > > I've been focused on the latter but we should recognize both types of > > headers. > > IIRC WinZip AES works rather differently by using a separate > "compression method". I haven't looked into the details so far, though. > It should be fine to start with just one implementation IMHO. > > > I've pushed a bit more code that partially parses the PKWare headers. > It's > > enough to identify the encryption and hash algorithms used but a lot is > > left unparsed. > > Unless we really wanted to implement the crypto part this sounds > like a lot already. > > Thanks > > Stefan > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > For additional commands, e-mail: dev-h...@commons.apache.org > >
