zip_tricks icon indicating copy to clipboard operation
zip_tricks copied to clipboard
verified publisher icon WeTransfer

Support for creating password protected archives

Open krasnoukhov opened this issue 2 years ago • 2 comments

I was looking into using zip_tricks in order to implement customer data export, and while it seems to work really nice with S3 multipart upload as per this cool article, one thing is missing is password protection support. We use password protected archives just to create a simple security level for our customers exporting their sensitive (PHI/PII) data. I was wondering if this is something that was ever relevant/considered? I lack deep knowledge of zip format but I think maybe rubyzip implementation can be ported? Thanks and cheers in any case

krasnoukhov avatar Jul 07 '23 12:07 krasnoukhov

When we built zip_tricks we haven't considered it because "traditional" ZIP encryption is very weak and is mostly security theater at this point. AES256 would be safer https://superuser.com/a/129504/88118 but we have never considered it. Maybe @grdw could tell more as he is the current de-facto maintainer 😄

julik avatar Sep 15 '23 07:09 julik

@krasnoukhov if that is still relevant feel free to continue the conversation in https://github.com/julik/zip_kit/issues

julik avatar Mar 28 '24 11:03 julik