php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #79634 Could not open password protected zip archive
Submitted: 2020-05-26 06:45 UTC Modified: 2020-05-26 14:00 UTC
From: freshprince dot 2b at gmx dot net Assigned: cmb (profile)
Status: Not a bug Package: Zip Related
PHP Version: 7.4.6 OS: Mac
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: freshprince dot 2b at gmx dot net
New email:
PHP Version: OS:

 

 [2020-05-26 06:45 UTC] freshprince dot 2b at gmx dot net 
Description:
------------
I was creating a zip archive with php 7.4.6 (lib-zip version 1.6.1) without any problems.

Now I try to protect these zip archive with a password. Not just for encrypting with php, but in general. I found this tutorial (https://odan.github.io/2018/02/18/creating-encrypted-zip-files-with-password-in-php.html). It does what it should, but I could not read the files of the zip archive any more. If I doubleclick on the archive, the password prompt opens up, but it does not work with the password from the source code. I also copy and pasted it to prevent any keyboard struggle.

One problem is, that there is no password prompt, if all files are empty.

Same code works for files without line breaks (oneliner), but the error occurs, if the file has multiple lines.

Maybe I'm doing something wrong?

I also posted the question on https://stackoverflow.com/questions/61908181/could-not-open-password-protected-zip-archive maybe there are further information later.

Test script:
---------------
<?php

$zip = new ZipArchive();
$filePath = sprintf('%s/test/', __DIR__);
$fileName = 'test.zip';
$absoluteFilePath = sprintf('%s/%s', __DIR__, $fileName);
$excludeFolderNames = [
  '.',
  '..',
  $fileName,
];

$zipFlag = ZipArchive::CREATE;
if (file_exists($absoluteFilePath)) {
    $zipFlag = ZipArchive::OVERWRITE;
}

$createFile = $zip->open($absoluteFilePath, $zipFlag);
if (true !== $createFile) {
    throw new RuntimeException(sprintf('could not open file in "%s" with: %s', $fileName, $createFile));
}

$iterator = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($filePath));
$password = 'top-secret';
if (!$zip->setPassword($password)) {
    throw new RuntimeException('Set password failed');
}

/** @var SplFileInfo $value */
foreach ($iterator as $key => $value) {
    if (in_array($value->getFilename(), $excludeFolderNames)) {
        continue;
    }

    $cleanFilePath = realpath($key);
    if (!$cleanFilePath) {
        throw new RuntimeException(sprintf('could not create real path from filepath: %s', $key));
    }

    $zipName = str_replace($filePath, '', $cleanFilePath);
    if (!$zip->addFile($cleanFilePath, $zipName)) {
        throw new RuntimeException(sprintf('Add file failed: %s', $cleanFilePath));
    }

    if (!$zip->setEncryptionName($zipName, ZipArchive::EM_AES_256)) {
        throw new RuntimeException(sprintf('Set encryption failed: %s', $zipName));
    }
}

$zip->close();

Expected result:
----------------
A password protected zip archive, which can be unpacked in a operating system.

Actual result:
--------------
On every try to unpack the ziparchive the password prompt comes up again and again.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2020-05-26 07:12 UTC] cmb@php.net
-Status: Open +Status: Feedback -Package: zip +Package: Zip Related -Assigned To: +Assigned To: cmb
 [2020-05-26 07:12 UTC] cmb@php.net 
> 'unsupported compression method 99'

Compression method 99 is AE-x encryption[1], and apparently this
is not properly supported by your Zip tools.  Please try with
7-zip[2].

[1] <https://pkware.cachefly.net/webdocs/casestudies/APPNOTE.TXT> section 4.4.5
[2] <http://www.koozie.org/blog/2014/08/creating-aes256-encrypted-zip-archive-files-mac-command-line/#aes256-encrypted-zip-files>
 [2020-05-26 08:53 UTC] freshprince dot 2b at gmx dot net 
> 'unsupported compression method 99'

Is the output of a working zip archive (without line breaks) and the archive with the infinite password prompt.

A try with the 7-zip[1] was working as expected with all zip archives.

Should not be there a way to create and extract a password protected zip archive, without any additional tools? Or do I understand it wrong?

[1] <http://www.koozie.org/blog/2014/08/creating-aes256-encrypted-zip-archive-files-mac-command-line/#aes256-encrypted-zip-files>
 [2020-05-26 09:05 UTC] cmb@php.net 
I meant, please try to open the archive created by PHP with 7-zip.
 [2020-05-26 11:13 UTC] freshprince dot 2b at gmx dot net 
> I meant, please try to open the archive created by PHP with 7-zip.

I can open archive created by PHP with 7-zip.
 [2020-05-26 11:22 UTC] cmb@php.net
-Status: Feedback +Status: Not a bug
 [2020-05-26 11:22 UTC] cmb@php.net 
Thanks!  That was what I expected.  So this issue doesn't look to
be a problem of PHP, but rather limited Zip support by the other
tools you're using.  Consider to file respective feature requests
to the vendors of these tools, or for best portability don't use
EM_AES_* encryption (but be aware that the classic Zip encryption
is very weak).
 [2020-05-26 13:23 UTC] freshprince dot 2b at gmx dot net 
Ok, then it was my fault :) 

But what would be the correct encryption method to work with default unzip tools? In the documentation I read "The encryption method defined by one of the ZipArchive::EM_ constants." 

With "EM_NONE" there is no password prompt and with "EM_AES_128", "EM_AES_192" and "EM_AES_256" the same situation will occure.
 [2020-05-26 14:00 UTC] cmb@php.net 
Oh, I just learned that classic PKWARE encryption will only be
supported as of libzip 1.7.0[1], so stay tuned!

[1] <https://github.com/nih-at/libzip/pull/153>
 [2020-05-26 14:55 UTC] freshprince dot 2b at gmx dot net 
Thank you!
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Fri Apr 19 06:01:29 2024 UTC