Asked  7 Months ago    Answers:  5   Viewed   26 times

I am searching for a way to encrypt a .txt file into a zip, but in a secure password protected way. My goal is to email this file to me, without anyone being able to read the content of the attachment.

Does anybody know an easy, and above all, secure way to accomplish this ? I can create zip archives, but I do not know how to encrypt them, or, how secure this is.

 Answers

89

Note: this answer recommends a cryptographic method that is known insecure, even with good password. Please see link from comments and the Winzip QA on AES. Support for in-php AES zip encryption arrives with php 7.2 (and libzip 1.2.0), which means this answer will soon be outdated too. Until then see this answer for how to call out to 7z instead of the zip command, which supports winzip's AES encryption.

You can use this:

<?php echo system('zip -P pass file.zip file.txt'); ?>

Where pass is the password, and file.txt will be zipped into file.zip. This should work on Windows and Linux, you just need to get a free version of zip for Windows ( http://www.info-zip.org/Zip.html#Win32 )

This kind of security can be broken by brute force attacks, dictionary attacks and etc. But it's not that easy, specially if you chose a long and hard to guess password.

Wednesday, March 31, 2021
 
Gil
answered 7 Months ago
Gil
54

The problem here is that $zip->addFile is being passed the same two parameters.

According to the documentation:

bool ZipArchive::addFile ( string $filename [, string $localname ] )

filename
The path to the file to add.

localname
local name inside ZIP archive.

This means that the first parameter is the path to the actual file in the filesystem and the second is the path & filename that the file will have in the archive.

When you supply the second parameter, you'll want to strip the path from it when adding it to the zip archive. For example, on Unix-based systems this would look like:

$new_filename = substr($file,strrpos($file,'/') + 1);
$zip->addFile($file,$new_filename);
Wednesday, March 31, 2021
 
zhartaunik
answered 7 Months ago
13

You should check which error code gives open (http://www.php.net/manual/en/ziparchive.open.php), that will give you some help.

Error codes are this:

    ZIPARCHIVE::ER_EXISTS -10
    ZIPARCHIVE::ER_INCONS - 21
    ZIPARCHIVE::ER_INVAL - 18
    ZIPARCHIVE::ER_MEMORY - 14
    ZIPARCHIVE::ER_NOENT - 9
    ZIPARCHIVE::ER_NOZIP - 19
    ZIPARCHIVE::ER_OPEN - 11
    ZIPARCHIVE::ER_READ - 5
    ZIPARCHIVE::ER_SEEK - 4
Wednesday, March 31, 2021
 
MDDY
answered 7 Months ago
27

11 is the constant ZIPARCHIVE::ER_OPEN, which the manual describes with

Can't open file

Note that the manual does not state that stream wrappers may be used.


Please think about using PHP's phar extension - it does what you want, and is well tested.

Saturday, May 29, 2021
 
jakubos
answered 5 Months ago
66

To achieve this, you need to create your own sequence in the database in a similar manner to the way that autoincrement works. Ordinary autoincs always end up with gaps in the sequence, that is inevitable. Now in the UK VAT invoice numbers are by law required to be in an unbroken sequence. This is so that there can be no question of tax fraud. When faced with this challenge I use the following process.

Create a table to hold the last ID issued. Just one field and one row. When you need a new number: LOCK the table for READ and WRITE, make sure that your transaction isolation does not allow other processes to read the table. This depends on the db and table type. Increment the number by 1 in php. Use the new number in your insert into the invoices table. Then update the sequence table with the new number. Then commit the transaction and release the lock. The next process can then do the same.

https://dev.mysql.com/doc/refman/5.0/en/set-transaction.html

Saturday, August 21, 2021
 
keyBeatz
answered 2 Months ago
Only authorized users can answer the question. Please sign in first, or register a free account.
Not the answer you're looking for? Browse other questions tagged :