ZipStream-PHP icon indicating copy to clipboard operation
ZipStream-PHP copied to clipboard
verified publisher icon maennchen

Password protection

Open sargitcom opened this issue 7 years ago • 9 comments

Description of the problem

Can you add password protection to this library?

  • ZipStream-PHP version: newest
  • PHP version: 7.x

sargitcom avatar Aug 06 '18 12:08 sargitcom

Hello,

I think the priority here is to make a correctly working version 1.0.0 and then we'll see about adding such features. But thanks for the suggestion!

Cheers, ~Nico

NicolasCARPi avatar Sep 14 '18 15:09 NicolasCARPi

Is there any updated comment?

I want to do this issue.

peter279k avatar Jun 15 '19 07:06 peter279k

I want to do this issue.

Please have a go at it!

NicolasCARPi avatar Jun 15 '19 11:06 NicolasCARPi

Any update on that? I'd really appreciate that feature as well.

I'm trying to use this lib but it did not work well in my case (with Nextcloud). Timeout issues due to memory usage - WIP issue though.

jeanpaze avatar Mar 14 '20 22:03 jeanpaze

@jeanpaze There has been no update on that. Unless someone starts working on it, there won't be any either.

NicolasCARPi avatar Mar 15 '20 00:03 NicolasCARPi

@NicolasCARPi, @jeanpaze, in the past, I tried to use PHP read Zip stream to accomplish this issue.

But it's hard to implement this. I will try to use php-zip extension to accomplish this issue on other PHP Zip packages at my available time :).

peter279k avatar Mar 15 '20 13:03 peter279k

Hi @peter279k, I've seen a couple of messages from you in some other repos. We pretty much want the same feature.

I tried to mess around the code but as you said, it's hard and I don't have enough PHP skills for that, but please let me know if there is something I could help you with.

Cheers!

jeanpaze avatar Mar 16 '20 21:03 jeanpaze

While having a password protection feature in zip would be a good thing for sure, we can also think about alternatives. This is a must read: https://security.stackexchange.com/questions/35818/are-password-protected-zip-files-secure (TL;DR password protection is quite weak).

Maybe encrypting the resulting zip with a proper cipher and a library like https://github.com/defuse/php-encryption would be better. It depends what you want to achieve, is it confidentiality, authenticity or both? Using gpg could also be a solution.

NicolasCARPi avatar Mar 17 '20 13:03 NicolasCARPi

Good point @NicolasCARPi.

For context (in my case), I want to offer confidentiality for people that download files from my cloud server.

That said, I know that just password protection is not enough and should be encrypted as well but this lib automatically encrypts the zip when you set a password, as far as I could understand here (see setPassword function).

Someone mentioned this:

Encryption is done on the files not the container itself, so confidentiality & integrity are still granted for the files inside. The ZIP archive itself isn't password-protected, but the files inside are.

In theory, encrypting files inside a zip means that you'll have to set a password, correct?

jeanpaze avatar Mar 17 '20 19:03 jeanpaze