This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Title: Add encryption support to zipfile
Type: enhancement Stage: resolved
Components: Library (Lib) Versions:
Status: closed Resolution: rejected
Dependencies: Superseder:
Assigned To: Nosy List: alanmcintyre, christian.heimes, serhiy.storchaka, twouters, 大野隆弘
Priority: normal Keywords: patch

Created on 2018-08-30 08:40 by 大野隆弘, last changed 2022-04-11 14:59 by admin. This issue is now closed.

Pull Requests
URL Status Linked Edit
PR 9060 closed python-dev, 2018-09-04 13:50
Messages (6)
msg324372 - (view) Author: 大野隆弘 (大野隆弘) * Date: 2018-08-30 08:40

I would like to use zipfile encryption as python standard library.

Below document says "currently" cannot.
"but it currently cannot create an encrypted file."

Current pythonians like me have to use 3rd party like below, but I believe it is worth to include.
msg324452 - (view) Author: Serhiy Storchaka (serhiy.storchaka) * (Python committer) Date: 2018-08-31 22:54
From the official ZIP files specification:

    This form of encryption is considered weak by today's standards
    and its use is recommended only for situations with
    low security needs or for compatibility with older .ZIP

I think that the support of encrypting ZIP files using the traditional PKWARE encryption was intentionally omitted in the zipfile module, because we don't want to encourage using such weak encryption method. If you need to add encrypted data in the ZIP file, use third-party tools for encrypting it before adding to the ZIP file or encrypting the whole ZIP file after creating.

I'm -1 for adding support of weak encrypting.

Of course, adding support for the strong (AES) encryption in ZIP files would be nice. But this task is much more difficult.
msg324454 - (view) Author: 大野隆弘 (大野隆弘) * Date: 2018-09-01 00:33
Agree, we should not enhance weak encryption to the world.
But unfortunately, MS Windows supports only this type of encryption as far as I researched.

That is the my first motivation of Traditional PKWARE encryption(a.k.a  ZipCrypto/Standard Zip 2.0 encryption) support.
If this big platform supports AES, we don't have any reason to support. But unfortunately not.

On the other hand, encryption algorithm compromising happens forever.
I believe python developers must have ability to make decision of suitable algorithm because "We are all (consenting) adults here".(I love this phrase)

Also implementing other algo (including AES) support must affect to decryption of zipfile module. 
As we can imagine it should be big task and should be divided.

These are the background of my suggestion.

In summary, 
 1. We don't have to support "weak" encryption like DES/RC2 although they are on the document.
 2. But Traditional PKWare Encryption is special enough to support because of the circumstances.
 3. Other algo support in both decrypt/encrypt should be implemented sooner or later.

Any feedback is welcome.

FYI  : All candidate of Zip encryption
(Traditional PKWARE encryption)
0x6601 - DES
0x6602 - RC2 (version needed to extract < 5.2)
0x6603 - 3DES 168
0x6609 - 3DES 112
0x660E - AES 128 
0x660F - AES 192 
0x6610 - AES 256 
0x6702 - RC2 (version needed to extract >= 5.2)
0x6720 - Blowfish
0x6721 - Twofish
0x6801 - RC4 AlgId


FYI 2. Other languages/tools support

Perl : "Support Encryption" is in TODO

Go : Both (AES/Traditional) encryption is going to be integrated( discussion was suspended?)

Ruby : Supports as experimental

WinZip : Supports but not recommended.
msg324781 - (view) Author: Serhiy Storchaka (serhiy.storchaka) * (Python committer) Date: 2018-09-07 18:33
What is the reason of using such weak encryption? It looks to me that creating a non-encrypted ZIP file and encrypting it with third-party tools is the right way if you need an encryption.
msg324787 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2018-09-07 19:14
-1 from me, too.

Serhiy already made a valid point and suggested a better alternative.
msg324845 - (view) Author: 大野隆弘 (大野隆弘) * Date: 2018-09-08 15:55
My original reason of this is supporting Windows Explore decryption.
That doesn't support AES but support only this traditional PKWARE
In my work, some recipients who received the zip file cannot install 3rd
party tools on their Windows

But as Christian explained for me in below thread, I understand we should
use 3rd party module for this purpose

Thanks and Regards,
Takahiro Ono

2018年9月8日(土) 6:34 Serhiy Storchaka <>:

> Change by Serhiy Storchaka <>:
> ----------
> resolution:  -> rejected
> stage: patch review -> resolved
> status: open -> closed
> _______________________________________
> Python tracker <>
> <>
> _______________________________________
Date User Action Args
2022-04-11 14:59:05adminsetgithub: 78727
2018-09-08 15:55:00大野隆弘setmessages: + msg324845
2018-09-07 21:34:17serhiy.storchakasetstatus: open -> closed
resolution: rejected
stage: patch review -> resolved
2018-09-07 19:14:37christian.heimessetmessages: + msg324787
2018-09-07 18:33:02serhiy.storchakasetnosy: + christian.heimes
messages: + msg324781
2018-09-04 13:50:55python-devsetkeywords: + patch
stage: patch review
pull_requests: + pull_request8520
2018-09-01 00:33:49大野隆弘setmessages: + msg324454
2018-08-31 22:54:38serhiy.storchakasetnosy: + twouters, alanmcintyre, serhiy.storchaka
messages: + msg324452
2018-08-31 21:59:55brett.cannonsettitle: Zipfile encryption function -> Add encryption support to zipfile
2018-08-30 08:40:25大野隆弘create