|
|
Post by ZipZap on Jan 24, 2008 7:11:02 GMT -5
I was updating my application to support Encryption. My test was two small text files and AES256 encryption. The resulting Zip file is fine Winzip 11 shows no error and can decrypt both files with out errors. VCLZip's CheckArchive function returns false for the archive. The check is failing in the compare of the AES Authentication field at then end of the encrypted file. Any Idea's on where to start looking for problems? Do I need to destroy and create the VCLZip object between Zip and Check phases?
Here is a short demo that does not work either.
Drop a memo box and a VCLZip component on the form and put this code in the FormShow event handler. I is an integer and T is a TextFile.
AssignFile(T,'TESTDATAFILE.TXT');
Rewrite(T);
for I := 1 to 10 do
writeln(T,IntToHex(I,8));
CloseFile(T);
VCLZip1.ZipName := 'TESTDATAFILE.ZIP';
VCLZip1.EncryptStrength := esAES256;
VCLZip1.Password := 'why or why not';
VCLZip1.FilesList.add('TESTDATAFILE.TXT');
Memo1.lines.add('Total Files Zipped '+IntToStr(VCLZip1.Zip));
if VCLZip1.CheckArchive then
Memo1.Lines.Add('Zip OK')
else
Memo1.Lines.Add('Zip BAD');
|
|
|
|
Post by ZipZap on Jan 24, 2008 7:21:12 GMT -5
Just to answer the obvious questions:
Yes is work fine with standard PKZip encryption
No it doesn't work with AES128
|
|
|
|
Post by Kevin on Jan 24, 2008 7:55:28 GMT -5
I will check into that. In the meantime, yes, try creating a separate instance of VCLZip to do the CheckArchive and see if that works. This fixed a similar problem that cropped up for someone intermittently. I'm not sure if that will work around your problem but it is worth a try. Let me know.
Thanks!
Kevin
|
|
|
|
Post by Kevin on Jan 24, 2008 8:02:54 GMT -5
Nevermind that, I just tested it and I see there is something not quite right in VCLZip's integrity checking for AES encrypted files. The files unzip ok, and WinZip's integrity check says OK. The file is fine, it's something to do with the CheckArchive method specifically. I will look into it.
Thanks!
Kevin
|
|
|
|
Post by Kevin on Jan 24, 2008 13:02:14 GMT -5
OK, nevermind what I just said again. I thought I had re-created the problem but, it is actually working for me, I was just confused because I was using the zip utility example to test and did not have the OnBadPassword event turned on. This does not mean that you have to have OnBadPassword turned on, but if you don't you do have to set the Password property correctly before calling CheckArchive.
So I am not sure yet, given the information why you are having this problem
So I would suggest possibly again that you go ahead and create a new instance of VCLZip to do the checkArchive and see what that does. Even with the same instance it is working here, but I have had someone else who, for some unknown reason, had a similar problem and creating a new instance helped.
Kevin
|
|
|
|
Post by ZipZap on Jan 24, 2008 20:20:10 GMT -5
Kevin,
In the demo code I posted creating a second tvclzip object to do the checkarchive worked. Seems to point to a problem with the encryption initialization code. Since the encryption is only initialized in TVCLZip.CryptHead, is that function being called before a checkarchive is being done? Creating a new instance is a fine work around but there still is a problem in the code somewhere.
|
|
|
|
Post by ZipZap on Jan 24, 2008 20:36:55 GMT -5
Kevin,
Even more confusing, I just recompiled the app that was failing and now it works, no code changes. Looks like something in the encryption might not be getting initialized/re-initialized correctly?
John
|
|
|
|
Post by ZipZap on Jan 24, 2008 21:07:03 GMT -5
Ok, never mind, turns out that I had turned the encryption off in a previous test. This is broken. I put an OnBadPasswordEvent in and stuffing the password in there doesn't change anything. The event is being called. It is the AESAuthentication that fails and the CRC is coming up wrong too.
|
|
|
|
Post by Kevin on Jan 24, 2008 21:07:30 GMT -5
Unfortunately, I have not been able to re-create this, and its been quite rare.
Just curious, did you make any changes to the compiler settings or vclzip properties, or anything like that from the previous time you had compiled it?
|
|
|
|
Post by Kevin on Jan 24, 2008 21:09:35 GMT -5
Sorry, your previous post wasn't there yet when I wrote that last one.
I'll do a little more testing and see what if I can recreate it.
|
|
|
|
Post by Kevin on Jan 24, 2008 21:12:00 GMT -5
Ok, never mind, turns out that I had turned the encryption off in a previous test. This is broken. I put an OnBadPasswordEvent in and stuffing the password in there doesn't change anything. The event is being called. It is the AESAuthentication that fails and the CRC is coming up wrong too. But if you open up the file again and test it, or create a new instance it works, right? Just want to be sure. |
|
|
|
Post by Kevin on Jan 24, 2008 21:54:03 GMT -5
OK, I might be on to something, I actually did finally re-create the problem. I'll get back to you.
|
|
|
|
Post by ZipZap on Jan 25, 2008 6:27:12 GMT -5
Kevin,
I found the cause of the problem,
In Do_UnZip (kpUnzipp)
at
case file_info.compression_method of
the compression_method is equal to 99 and not the actual compression method so the file is never actually uncompressed and therefor the CRC and AESAuthentication are never correct.
Now as to why and where this needs to be fixed I am not sure. I put a test patch in DecrypteAESHeader where the actual compressed size in file_info is updated to fix the compression method too. But it requires exposing a function in the TZipHeaderInfo object to get the compression method out of the AES_Extra field.
Hope this helps.
|
|
|
|
Post by Kevin on Jan 25, 2008 7:39:47 GMT -5
Yes, that helps greatly! That tells me pretty much exactly where the trouble lies and it does make sense. I should get a chance to fix that today.
THANKS!
Kevin
|
|
|
|
Post by Kevin on Jan 25, 2008 20:08:36 GMT -5
|
|
