@Immutable public class SafeZipRaesDriver extends ZipRaesDriver
IOException.
This operation mode is considered to be safe: Although a formal prove is missing, it should be computationally infeasible to modify an archive file so that after decryption of the archive and after inflation (decompression) of an entry's data its CRC-32 value still matches! This should hold true even though CRC-32 is not at all a good cryptographic hash function because of its frequent collisions, its linear output and small output size. It's the ZIP inflation algorithm which actually comes to our rescue!
ParanoidZipRaesDriverZipRaesDriver.KeyProviderSyncStrategy| Modifier and Type | Field and Description |
|---|---|
private static long |
AUTHENTICATION_TRIGGER
The default trigger for authentication in bytes (524288L).
|
JAR_CHARSET| Constructor and Description |
|---|
SafeZipRaesDriver(IOPoolProvider ioPoolProvider,
KeyManagerProvider keyManagerProvider) |
| Modifier and Type | Method and Description |
|---|---|
long |
getAuthenticationTrigger()
Constructs a new abstract ZIP.RAES driver which
uses the given byte
size to trigger verification of the Message Authentication Code (MAC).
|
protected ZipInputShop |
newZipInputShop(FsModel model,
ReadOnlyFile rof)
If the net file length of the archive is larger than the authentication
trigger, then a
CheckedZipInputShop for CRC-32
authentication is returned, otherwise a plain ZipInputShop
which doesn't do any authentication. |
getKeyManager, getKeyProviderSyncStrategy, getRaesParameters, newController, newEntry, newInputShop, newOutputShop, toMountPointResourcegetLevel, getMethod, getOutputSocket, getPool, getPostambled, getPreambled, newZipOutputShopassertEncodable, getCharset, toString, toZipOrTarEntryNamegetClosedIcon, getInputSocket, getOpenIcon, isFederated, newEntry, newInputStream, newOutputStream, newReadOnlyFilegetPriorityprivate static final long AUTHENTICATION_TRIGGER
public SafeZipRaesDriver(IOPoolProvider ioPoolProvider, KeyManagerProvider keyManagerProvider)
public final long getAuthenticationTrigger()
ZipRaesDriverauthenticationTrigger.
If the size of an input file is smaller than or equal to this value,
the Message Authentication Code (MAC) for the entire
cipher text is computed and verified in order to authenticate
the file.
Otherwise, only the cipher key and the file length
get authenticated.
Consequently, if the value of this property is set to a negative value,
the cipher text gets never verified, and if set to
Long.MAX_VALUE, the cipher text gets always
authenticated.
getAuthenticationTrigger in class ZipRaesDriverauthenticationTrigger.protected final ZipInputShop newZipInputShop(FsModel model, ReadOnlyFile rof) throws IOException
If the net file length of the archive is larger than the authentication
trigger, then a CheckedZipInputShop for CRC-32
authentication is returned, otherwise a plain ZipInputShop
which doesn't do any authentication.
This complements the behaviour of the
ZipRaesDriver.newInputShop(de.schlichtherle.truezip.fs.FsModel, de.schlichtherle.truezip.socket.InputSocket<?>) method in the super
class, which authenticates the cipher text using the MAC iff the gross
file length is smaller than or equal to the authentication trigger.
Note that this leaves a small window for gross file lengths of about
getAuthenticationTrigger() bytes where the archive is both MAC
and CRC-32 authenticated.
newZipInputShop in class ZipDriverIOExceptionCopyright © 2005-2011 Schlichtherle IT Services. All Rights Reserved.