Utility to open WINZIP with AES encyption

Utility to open WINZIP with AES encyption
Secure Home | Search | About
Login Password
Register Now! Lost Password?

Networking Firewalls - Software and hardware firewalls discussions 

Bookmark this page:  YahooMyWeb Yahoo!  Google Google  Windows Live Favorites Windows Live  del.icio.us del.icio.us  digg digg  Add to Netscape Netscape
Subject Author Date
Utility to open WINZIP with AES encyption One-o 02-20-2007
Posted by One-o on February 20, 2007, 6:31 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Is there a free utility which recipients of a ZIP archive can get to do
no more than extract the files from AES-encrypted ZIPs?

-------

I use Winzip Pro 10.0.6698 and create standard archives with a ZIP file
extension which I send as an email attachment. I do not create self-
extracting EXE files as many company firewalls block EXEs attached to
emails.

For sensitive data, I use either 128-bit AES or 256-bit AES encryption
in Winzip.

When my receipents do not have Winzip they find they can not open the
AES-encrypted zip file. How do I get around this? Is there a free
utility which recipients can obtain in order to only extract files from
my AES-encrypted ZIPs?

Posted by Sebastian Gottschalk on February 20, 2007, 6:59 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
One-o wrote:

> I use Winzip Pro 10.0.6698 and create standard archives with a ZIP file
> extension which I send as an email attachment. I do not create self-
> extracting EXE files as many company firewalls block EXEs attached to
> emails.

Of course, in terms of encryption this would be utterly stupid.

> For sensitive data, I use either 128-bit AES or 256-bit AES encryption
> in Winzip.

Nah, can't be that sensitive.

> When my receipents do not have Winzip they find they can not open the
> AES-encrypted zip file. How do I get around this? Is there a free
> utility which recipients can obtain in order to only extract files from
> my AES-encrypted ZIPs?

7-Zip does so. But please, stop calling the files ZIP files. This name is
commonly reserved for RFC-conformant PKZIP 2.x compatible files.

Posted by one-o on February 21, 2007, 7:43 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
> One-o wrote:
>
>> I use Winzip Pro 10.0.6698 and create standard archives with a ZIP
>> file extension which I send as an email attachment. I do not
>> create self- extracting EXE files as many company firewalls block
>> EXEs attached to emails.

>
> Of course, in terms of encryption this would be utterly stupid.
>

Please explain what you mean.

>> For sensitive data, I use either 128-bit AES or 256-bit AES
>> encryption in Winzip.
>
> Nah, can't be that sensitive.
>

Actually it is.

>> When my receipents do not have Winzip they find they can not open
>> the AES-encrypted zip file. How do I get around this? Is there a
>> free utility which recipients can obtain in order to only extract
>> files from my AES-encrypted ZIPs?
>
> 7-Zip does so. But please, stop calling the files ZIP files. This
> name is commonly reserved for RFC-conformant PKZIP 2.x compatible
> files.
>

7-Zip does not open AES-encrypted files created by Winzip which is
what I am looking for. Try it and see.

Winzip creates its archive files with the ZIP extension and that is
what I am referring to. I don't control what Winzip chooses to use
as an extension. I just refer to it.

It sounds as if you may be bringing here a point about "ZIP" you
could be better off making direct to the authors of Winzip.

Posted by Sebastian Gottschalk on February 21, 2007, 9:50 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
one-o wrote:

>> One-o wrote:
>>
>>> I use Winzip Pro 10.0.6698 and create standard archives with a ZIP
>>> file extension which I send as an email attachment. I do not
>>> create self- extracting EXE files as many company firewalls block
>>> EXEs attached to emails.
>
>>
>> Of course, in terms of encryption this would be utterly stupid.
>>
>
> Please explain what you mean.

Presume an attacker which has the capability to change the file. He
attaches his own payload, which captures the password, unpacks the content
and modifies the target system to report this file without the payload,
then sends ou the captures password.

>>> For sensitive data, I use either 128-bit AES or 256-bit AES
>>> encryption in Winzip.
>>
>> Nah, can't be that sensitive.
>
> Actually it is.

No, it isn't, because the implementation in WinZip is well-known to be
broken. Thus, you might leak some data.

> 7-Zip does not open AES-encrypted files created by Winzip which is
> what I am looking for. Try it and see.

Tried, saw and found it working.

> Winzip creates its archive files with the ZIP extension and that is
> what I am referring to. I don't control what Winzip chooses to use
> as an extension. I just refer to it.

D'Oh! That doesn't make it a ZIP file. Just like renaming a .TXT file to
.AVI doesn't comvert it to an AVI video.

The format, thus the real content that decides whether people can actually
use it is described RFC 1951, 1952 and the PKZIP specification. The WinZip
9.0 AES-encrypted stuff is a proprietary and non-compatible thing, thus you
should even be happy that people tolerate the .ZIP file extension on it and
actually wrote a free implementation for it.

Posted by on February 22, 2007, 1:55 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
> one-o wrote:
> >> One-o wrote:
>
> >>> I use Winzip Pro 10.0.6698 and create standard archives with a ZIP
> >>> file extension which I send as an email attachment. I do not
> >>> create self- extracting EXE files as many company firewalls block
> >>> EXEs attached to emails.
>
>
> >> Of course, in terms of encryption this would be utterly stupid.
>
> > Please explain what you mean.
>
> Presume an attacker which has the capability to change the file. He
> attaches his own payload, which captures the password, unpacks the content
> and modifies the target system to report this file without the payload,
> then sends ou the captures password.
>
> >>> For sensitive data, I use either 128-bit AES or 256-bit AES
> >>> encryption in Winzip.
>
> >> Nah, can't be that sensitive.
>
> > Actually it is.
>
> No, it isn't, because the implementation in WinZip is well-known to be
> broken. Thus, you might leak some data.
>

Actually according to NIST WinZip's AES implementation is FIPS 192
certified:
http://csrc.nist.gov/cryptval/aes/aesval.html


Similar ThreadsPosted
Digital Certificate Expiration Utility August 14, 2004, 7:53 pm
Problems with Intel e1000 on SPLAT and using patch add utility April 26, 2005, 1:36 am
Utility to check for ports the firewall blocks or passes through June 17, 2006, 3:55 pm
Open ports. February 5, 2005, 12:13 pm
LayerOne Pre-Reg Open February 23, 2005, 11:15 am
port 804 open?? July 26, 2005, 5:47 pm
Would like to have open wireless AP January 21, 2006, 7:23 am
Help Me Open Port 81! December 29, 2007, 9:37 pm
Australian Open January 13, 2008, 8:28 pm
Open ports February 10, 2006, 6:14 pm

The site map in XML format XML site map

Contact Us | Privacy Policy