0

I'm looking for advice on how to create and encrypt zip files with AES RSA key. I've read a couple of topics about it yet I don't fully understad what is an Initialization vector, how to create a AES symmetric key encrypted with the System RSA public key and how to encypt a zip file with it.

I found that a .Net library Security.Cryptography or DotNetZip library is needed yet which one is better for a task like this? I need to create a zip file with multiple xml files and encypt it with AES key that is encrypetd with RSA key.

hippietrail
  • 15,848
  • 18
  • 99
  • 158
Tweene
  • 257
  • 4
  • 16
  • 1
    I would think you'll want to use DotNetZip if you want to be able to unzip the file by providing a password to normal ZIP archive software (such as that built into Windows, or WinZip, 7zip, WinRAR, etc.). Otherwise you'll just be encrypting the entire file, which isn't how ZIP archive passwords work. – ProgrammingLlama Apr 20 '22 at 10:14
  • Actually I don't need to unzip it myself. I need to create a archive and send it via API. – Tweene Apr 20 '22 at 10:23
  • So the recipients don't need to unzip it either? – ProgrammingLlama Apr 20 '22 at 10:23
  • I have no knowledge of how it works on the other side. The documentation is very short for this API, they need the data from the archived xml's. The whole todo list for this: I need to get a symmetric AES key, a Initialization vector, a AES symmetric key encrypted with the System RSA public key. Compress files(xml) into a archive, get the SHA-256 hash and encrypt the archive with the AES key. Thats all it says about this step before sending the file with the API. – Tweene Apr 20 '22 at 10:31
  • 1
    OK, in that case it does sound like you want to encrypt the entire file. Look at `CryptoStream`. Something like this: https://stackoverflow.com/questions/40829058/encrypt-and-decrypt-a-file-with-aes-in-c. You can pass the `CryptoStream` to your zip library. And if you use an inner `CryptoStream` too, you should be able to do the hash in one pass too. – ProgrammingLlama Apr 20 '22 at 10:35
  • Thank you. Yet I have some questions about this code. First what does this marker header mean? Does the file stream/ crypto stream accept archives? What about the RSA encrypted AES key? – Tweene Apr 20 '22 at 11:06
  • I missed one thing. They did give me 3 files for RSA. A .info .pem and .der file. In one there is a RSA public key but idk what does the modulus and public exponent value mean. – Tweene Apr 20 '22 at 12:45

0 Answers0