EldoS | Feel safer!

Software components for data protection, secure storage and transfer

ZIP compression and FIPS compliance

Also by EldoS: MsgConnect
Cross-platform protocol-independent communication framework for building peer-to-peer and client-server applications and middleware components.
#29858
Posted: 06/20/2014 03:04:55
by Paolo Righi (Standard support level)
Joined: 02/15/2008
Posts: 34

Dear support,

I want to enable FIPS compliance overall my applications. I'm using ZIP, FTP, PDF and PKI so I set DefaultCryptoProviderManager.EngineType to cetFIPS.
All is going right but when I create a new AES encrypted ZIP archive I get the error: Unsupported Algorithm.
I analised the case and found out that the cmCTR mode is not supported by the Win32CryptoProvider.
If you read the APPNOTE.TXT document from PKWARE you can find that CBC should be used to encrypt data in ZIP files. I tried to use CBC but I can only create corrupted archives.
Is it possible to solve this?
I still have a SecureBlackBox 7 version, but if the solution is already available in current version I will be interested to upgrade my package.

Thank you for your kind attention.

Paolo Righi.
C. H. Ostfeld.
#29859
Posted: 06/20/2014 03:19:06
by Eugene Mayevski (EldoS Corp.)

Quote
claude ostfeld wrote:
If you read the APPNOTE.TXT document from PKWARE you can find that CBC should be used to encrypt data in ZIP files. I tried to use CBC but I can only create corrupted archives.


Do I understand you right that you got corrupted archives when in FIPS mode? Or you always get corrupted archives when using encryption?

How exactly do you check the archives to find that they are corrupted?

In general it's a good idea to test version 11 (current release version) and see if it works for your needs.


Sincerely yours
Eugene Mayevski
#29860
Posted: 06/20/2014 03:57:15
by Mykola Olshevsky (Basic support level)
Joined: 07/07/2005
Posts: 450

Hi. There are two AES encryption modes in ZIP : WinZIP encryption, which uses AES in CTR mode, and StrongEncryption, which uses CBC mode. You should use the StrongEncryption, and set AES algorithm (ZIP_ENCRYPTION_AES128..256) to ElZipWriter.StrongEncryptionInfo.EncryptionAlgorithm).

Reply

Statistics

Topic viewed 2005 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!