[Python-Dev] Support for Encrypted Zip as python scripts

"Martin v. Löwis" martin at v.loewis.de
Sun Aug 23 23:24:11 CEST 2009

>> No doubt this is a useful functionality to have but it would be great to
>> have some comments on whether
>> this can be(or even should be) feasibly added as an inbuilt support.
> MvL already asked for a patch so I suppose that means he thinks it's
> useful.

I am actual skeptical that it is implementable in a reasonable way;
if implemented, I'd say: why not?

> Personally I've never encountered an encrypted zipfile, so I
> just have questions: is there a standard encryption algorithm?

In principle, yes. There are several aspects of encryption described in


There are several encryption algorithms defined, such as
"traditional PKWARE", DES, 3DES, "original RC2", RC4, AES,
"corrected RC2", "corrected RC2-64", blowfish, twofish.	

In the file header general purpose bits , bit 0 indicates "file is
encrypted" (which means "traditional PKWARE"), bit 6 indicates "strong
encryption" (an additional header then giving details).

> What is encrypted? The entire file or individual members?

Traditionally, only individual files. With strong encryption (only?),
the central directory can also be encrypted.

> How are you supposed to give the password?

In pkzip: interactively. In the import support: this remains to be seen
in the patch. I assume people requesting that feature have a plan.

> Also, I suppose there could be (US) export
> problems with the code, so it would have to be optional (and we might
> not be able to build it into binaries we distribute from python.org).

The zipfile module already supports decryption. I forgot whether we
determined that support for decryption only doesn't fall under the
export restrictions, or whether we reported the module to the BXA as


More information about the Python-Dev mailing list