RFR: JDK-4347142: Need method to set Password protection toZip entries

Bernd Eckenfels ecki at zusammenkunft.net
Tue Mar 29 16:40:07 UTC 2016

Actually I think most use the AE1 (2003) and AE2 (2004) of „recent“ ZIP Archivers, not the legazy PKZip Version. 

It would be an Option to only Support those (however given the unclear Standardisation in this area i Can understand it does not Show up in sdk Code, there are quite good alternative implementations which Support more compression and encryption Options compatible with newer ZIP archivers.)

>From Win 10 Mobile

Von: Stephen Colebourne
Gesendet: Dienstag, 29. März 2016 13:40
An: core-libs-dev
Betreff: Re: PING: RFR: JDK-4347142: Need method to set Password protection toZip entries

On 28 March 2016 at 22:41, Xueming Shen <xueming.shen at oracle.com> wrote:
> It's a tricky call. To be honest, as I said at the very beginning, I'm not
> sure whether
> or not it's a good idea and worth the efffort to push this into the j.u.zip
> package to
> support the "traditional PKWare encryption", which is known to be "seriously
> flawed,
> and in particular is vulnerable to known-plaintext attacks" (from wiki),
> while I fully
> understood it is not a concern in your "problem-free" use scenario. Just
> wonder
> if there is anyone else on the list that has/had the need for such
> encryption feature
> in the past. It would be preferred to have more input (agree, disagree) to
> make the
> final decision.

I had a need for password protected zip files once. I managed to find
a library to do the job, but it would have been useful to be in the
JDK. I think you would have to have warnings about the strength of the
protection, but I suspect despite that it is relatively widely used by
non-technical users.


More information about the core-libs-dev mailing list