[Python-Dev] Support for Encrypted Zip as python scripts (original) (raw)

Guido van Rossum guido at python.org
Sun Aug 23 23:16:20 CEST 2009

On Aug 23, 2009 2:10 PM, "Guido van Rossum" <guido at python.org> wrote: MvL already asked for a patch so I suppose that means he thinks it's useful. Personally I've never encountered an encrypted zipfile, so I just have questions: is there a standard encryption algorithm? What is encrypted? The entire file or individual members? How are you supposed to give the password? Also, I suppose there could be (US) export problems with the code, so it would have to be optional (and we might not be able to build it into binaries we distribute from python.org).

On Sun, Aug 23, 2009 at 1:24 PM, Brett Cannon<brett at python.org> wrote:

There is a standard for encrypting entire zip files. And I was looking at the zip docs the other day and zipfile can already decrypt but not encrypt (assuming my memory is accurate; doing this from my phone on vacation).

Ah, cool. Then the only issue for the patch presumably is an API to provide the password. Passing it as a command-line flag seems very insecure (though in some cases there may be no choice), so presumably it needs to be prompted and read from stdin. (Though it appears from skimming zipfile.py that it support encrypted individual archive members, not the zipfile as a whole. Also the docs mention that decryption is "extremely slow as it is implemented in native python rather than C.")

Anyway it looks like if someone wants to try this, only the code in runpy.py needs to be touched.

-- --Guido van Rossum (home page: http://www.python.org/~guido/)

More information about the Python-Dev mailing list