'zipfile: Adding files to encrypted zip [duplicate]
I have an encrypted ZIP file and for some reason, any password I feed it doesn't seem to matter as it can add files to the archive regardless. I checked for any ignored exceptions or anything, but nothing seems to be fairly obvious.
I posted the minimalist code below:
import zipfile
z = zipfile.ZipFile('test.zip', 'a') #Set zipfile object
zipPass = str(input("Please enter the zip password: "))
zipPass = bytes(zipPass, encoding='utf-8')
z.setpassword(zipPass) #Set password
z.write("test.txt")
I am not sure what I am missing here, but I was looking around for anything in zipfile that can handle encrypted zipfiles and add files into them using the password, as the only thing I have is the ``z.setpassword()` function that seems to not work here.
TL;DR: z.write()
doesn't throw an exception and neither does z.setpassword()
or anything zipfile
related when fed the incorrect password, and willingly adds files no matter what. I was expecting to get BadPasswordForFile
.
Is there any way to do this?
Solution 1:[1]
After all of the lovely replies, I did find a workaround for this just in case someone needs the answer!
I did first retry the z.testzip()
and it does actually catch the bad passwords, but after seeing that it wasn't reliable (apparently hash collisions that allow for bad passwords to somehow match a small hash), I decided to use the password, extract the first file it sees in the archive, and then extract it. If it works, remove the extracted file, and if it doesn't, no harm done.
Code works as below:
try:
z = zipfile.ZipFile(fileName, 'a') #Set zipfile object
zipPass = bytes(zipPass, encoding='utf-8') #Str to Bytes
z.setpassword(zipPass) #Set password
filesInArray = z.namelist() #Get all files
testfile = filesInArray[0] #First archive in list
z.extract(testfile, pwd=zipPass) #Extract first file
os.remove(testfile) #remove file if successfully extracted
except Exception as e:
print("Exception occurred: ",repr(e))
return None #Return to mainGUI - this exits the function without further processing
Thank you guys for the comments and answers!
Solution 2:[2]
What I found in the documentation for zipfile
is that the library supports decryption only with a password. It cannot encrypt. So you won't be able to add files with a password.
It supports decryption of encrypted files in ZIP archives, but it currently cannot create an encrypted file. https://docs.python.org/3/library/zipfile.html
EDIT: Further, looking into python bugs Issue 34546: Add encryption support to zipfile it appears that in order to not perpetuate a weak password scheme that is used in zip, they opted to not include it.
Something that you could do is utilize subprocess
to add files with a password.
Further, if you wanted to "validate" the entered password first, you could do something like this but you'd have to know the contents of the file because decrypt will happily decrypt any file with any password, the plaintext result will just be not correct.
Issues you'll have to solved:
- Comparing file contents to validate password
- Handling when a file exists already in the zip file
- handling when the zipfile already exists AND when it doesn't.
import subprocess
import zipfile
def zip_file(zipFilename, filename):
zipPass = str(input("Please enter the zip password: "))
zipPass = bytes(zipPass, encoding='utf-8')
#If there is a file that we know the plain-text (or original binary)
#TODO: handle fipFilename not existing.
validPass=False
with zipfile.ZipFile(zipFilename, 'r') as zFile:
zFile.setpassword(zipPass)
with zFile.open('known.txt') as knownFile:
#TODO: compare contents of known.txt with actual
validPass=True
#Next to add file with password cannot use zipfile because password not supported
# Note this is a linux only solution, os dependency will need to be checked
#if compare was ok, then valid password?
if not validPass:
print('Invalid Password')
else:
#TODO: handle zipfile not-exist and existing may have to pass
# different flags.
#TODO: handle filename existing in zipFilename
#WARNING the linux manual page for 'zip' states -P is UNSECURE.
res = subprocess.run(['zip', '-e', '-P', zipPass, zipFilename, filename])
#TODO: Check res for success or failure.
EDIT:
I looked into fixing the whole "exposed password" issue with -P
. Unfortunately, it is non trivial. You cannot simply write zipPass
into the stdin of the subprocess.run
with input=
. I think something like pexpect
might be a solution for this, but I haven't spent the time to make that work. See here for example of how to use pexpect
to accomplish this: Use subprocess to send a password_
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
Solution | Source |
---|---|
Solution 1 | Maybe LB Did It |
Solution 2 |