C# | Visual Basic | Visual C++ |
public enum EncryptionAlgorithm
Public Enumeration EncryptionAlgorithm
public enum class EncryptionAlgorithm
Member | Description |
---|---|
None |
No encryption at all.
|
PkzipWeak |
Traditional or Classic pkzip encryption.
|
WinZipAes128 |
WinZip AES encryption (128 key bits).
|
WinZipAes256 |
WinZip AES encryption (256 key bits).
|
Unsupported |
An encryption algorithm that is not supported by DotNetZip.
|
PkzipWeak implies the use of Zip 2.0 encryption, which is known to be weak and subvertible.
A note on interoperability: Values of PkzipWeak and None are specified in PKWARE's zip specification, and are considered to be "standard". Zip archives produced using these options will be interoperable with many other zip tools and libraries, including Windows Explorer.
Values of WinZipAes128 and WinZipAes256 are not part of the Zip specification, but rather imply the use of a vendor-specific extension from WinZip. If you want to produce interoperable Zip archives, do not use these values. For example, if you produce a zip archive using WinZipAes256, you will be able to open it in Windows Explorer on Windows XP and Vista, but you will not be able to extract entries; trying this will lead to an "unspecified error". For this reason, some people have said that a zip archive that uses WinZip's AES encryption is not actually a zip archive at all. A zip archive produced this way will be readable with the WinZip tool (Version 11 and beyond).
There are other third-party tools and libraries, both commercial and otherwise, that support WinZip's AES encryption. These will be able to read AES-encrypted zip archives produced by DotNetZip, and conversely applications that use DotNetZip to read zip archives will be able to read AES-encrypted archives produced by those tools or libraries. Consult the documentation for those other tools and libraries to find out if WinZip's AES encryption is supported.
In case you care: According to the WinZip specification, the actual AES key used is derived from the Password via an algorithm that complies with RFC 2898, using an iteration count of 1000. The algorithm is sometimes referred to as PBKDF2, which stands for "Password Based Key Derivation Function #2".
A word about password strength and length: The AES encryption technology is very good, but any system is only as secure as the weakest link. If you want to secure your data, be sure to use a password that is hard to guess. To make it harder to guess (increase its "entropy"), you should make it longer. If you use normal characters from an ASCII keyboard, a password of length 20 will be strong enough that it will be impossible to guess. For more information on that, I'd encourage you to read this article.
The WinZip AES algorithms are not supported with the version of DotNetZip that runs on the .NET Compact Framework. This is because .NET CF lacks the HMACSHA1 class that is required for producing the archive.