Recommendations on a free library to be used for zipping files

Question

I need to zip and password-protect a file. Is there a good (free) library for this?

This needs to be opened by a third party, so the password protection needs to work with standard tools.

Answer 1

You can try Zip4j, a pure java library to handle zip file. It supports encryption/ decryption of PKWare and AES encryption methods.

Key features:

• Create, Add, Extract, Update, Remove files from a Zip file
• Read/Write password protected Zip files
• Supports AES 128/256 Encryption
• Supports Standard Zip Encryption
• Supports Zip64 format
• Supports Store (No Compression) and Deflate compression method
• Create or extract files from Split Zip files (Ex: z01, z02,...zip)
• Supports Unicode file names
• Progress Monitor

License:

• Zip4j is released under Apache License, Version 2.0.

Answer 2

UPDATE 2020: There are other choices now, notably Zip4J.

---

After much searching, I've found three approaches:

A freely available set of source code, suitable for a single file zip. However, there is no license. Usage is AesZipOutputStream.zipAndEcrypt(...). http://merkert.de/de/info/zipaes/src.zip (https://forums.oracle.com/forums/thread.jspa?threadID=1526137)

UPDATE: This code is now Apache licensed and released at https://github.com/mobsandgeeks/winzipaes (exported from original home at Google code) . It worked for me (one file in the zip), and fills a hole in Java's opens source libraries nicely.

A commercial product ($500 at the time of writing). I can't verify if this works, as their trial license approach is complex. Its also a ported .NET app: http://www.nsoftware.com/ipworks/zip/default.aspx

A commercial product ($290 at the time of writing). Suitable only for Wnidows as it uses a dll: http://www.example-code.com/java/zip.asp

Answer 3

This isn't an answer, but it is a caution to keep in mind when evaluating potential solutions.

One very important thing about zip encryption:

There are several types of zip encryption. The old type (part of the original zip standard) is not at all worth bothering with (it can be cracked in less than 10 minutes with apps easily available online).

If you are doing any sort of encryption of zip files, please, please be sure you use one of the strong encryption standards (I believe that WinZip's 128- and 256-bit AES standard is the best supported). Here are the technical specs - we used this when developing our own Java encrypted zip system (can't provide source - sorry - it's internal use only)

The only thing worse than having no encryption is thinking that you have encryption and being wrong :-)

Answer 4

7-Zip has the option to add a password in its command-line mode. Perhaps you can exec it to get this result (and it has a good compression ration too).

Drawbacks: external process, hard to make portable (even if 7-Zip is portable itself), not sure of distribution license.

Note that InfoZip's Zip utility, highly portable too, also supports password.

Answer 5

You can also try TrueZip. See the following links for features: https://christian-schlichtherle.bitbucket.io/truezip/

The successor of TrueZip can be found here: https://christian-schlichtherle.bitbucket.io/truevfs/

Answer 6

Here's an example using winzipaes 1.0.1. Note this is just a gist, I have not tested this code in exactly this form.

import de.idyl.winzipaes.AesZipFileEncrypter;
import de.idyl.winzipaes.impl.AESEncrypterBC;

File aNewZipFile = new File("/tmp/foo.zip");
File existingUnzippedFile = new File("/tmp/src.txt");

// We use the bouncy castle encrypter, as opposed to the JCA encrypter
AESEncrypterBC encrypter = new AESEncrypterBC();
encrypter.init("my-password", 0);  // The 0 is keySize, it is ignored for AESEncrypterBC

AesZipFileEncrypter zipEncrypter = new AesZipFileEncrypter(aNewZipFile, encrypter);
zipEncrypter.add(existingUnzippedFile, "src.txt", "my-password"); 

// remember to close the zipEncrypter
zipEncrypter.close();

You can them unzip "/tmp/foo.zip" using Winzip (v9+) or 7za (i.e. 7zip) on a Mac, using password "my-password".

Note: it's not clear to me why it is necessary to specify the password twice in the code above. I do not know what would happen if you used different passwords in these two places.

Answer 7

If you give a better usage scenario then there are other alternatives.

1. Do you require the zip to be opened by the standard Zip tools that can handle a zip password?
2. The same question as previous are you going to pass this zip to an external entity that has to open the zip?
3. Is it internal only and you just want to protect the contents of the zip?

For 3 then you can just use java to encrypt the stream contents of the zip as a normal file, probably best to change the file extension to .ezip or somesuch too.

For 1 and 2 then you can use the chillkat solution as mentioned, or an equivalent. However be aware that chillkat is not a pure Java solution, it uses JNI.

Answer 8

Additional info: I googled a bit more and indeed, it is a quite common question, and it appears there is no free solution (yet?).

Now, the standard algorithm of Zip encryption is well defined: See PKWARE's Application Note on the .ZIP file format. It appears to be an encryption done on the encrypted stream. If somebody feels like coding it...

Now, I wonder why Sun didn't include it in its library? Lack of standard? Patent/legal issue? Too weak to be usable?

Answer 9

Is there a good (free) library for this?

java.util.zip will do the zipping, but it won't do the passwords. And no, I don't know of any free ones that will. The cheapest I've seen is $150 for a developer seat.