Can't open an AES-encrypted Zip archive with password set to empty string. Is this archive nonstandard? #471
Comments
|
Not sure why you'd want to be able to create an archive like that, but the WinZip AES spec doesn't seem to say you can't, so maybe something to handle in a read only fashion? As fas as SharpZipLib goes: The AES decryption machinery itself seems to handle it if you can get the empty string password into it, but the ZipCrypto machinery does require a value (that's the Passing an empty value into GenerateKeys causes it to throw (hence the way the null/empty check works I suppose), but that wouldn't matter for AES decryption as that doesn't use that key, it just uses the password string directly. Related observation: Doesn't the way that setter works mean that if you set the password to some string value, and then set it to null, that the The AES encryption setup @ also checks if the 'key' has been setup but then sets up the decryption using the password string instead of that, which is also maybe not correct...Maybe the Password setter should always set |
|
I think it's a bug that creates them in the first place, but I want to support archives created in the past when the bug was present. |
Steps to reproduce
Expected behavior
The zip file is opened and extracted.
Actual behavior
The code acts as if no password has been set and throws exception "No password available for AES encrypted stream".
I see the setter code doesn't differentiate between null and empty string: https://github.com/icsharpcode/SharpZipLib/blob/master/src/ICSharpCode.SharpZipLib/Zip/ZipFile.cs#L360
7zip and DotNetZip allow these files to be extracted with an empty password, but I can't work out if they are just being more lenient than they need to be.
Version of SharpZipLib
1.2.0
The text was updated successfully, but these errors were encountered: