[Python-Dev] Support for Encrypted Zip as python scripts

[Guido van Rossum]

> On Aug 23, 2009 2:10 PM, "Guido van Rossum" <guido at python.org> wrote:
> MvL already asked for a patch so I suppose that means he thinks it's
> useful. Personally I've never encountered an encrypted zipfile, so I
> just have questions: is there a standard encryption algorithm? What is
> encrypted? The entire file or individual members? How are you supposed
> to give the password? Also, I suppose there could be (US) export
> problems with the code, so it would have to be optional (and we might
> not be able to build it into binaries we distribute from python.org).

On Sun, Aug 23, 2009 at 1:24 PM, Brett Cannon<brett at python.org> wrote:
> There is a standard for encrypting entire zip files. And I was looking at
> the zip docs the other day and zipfile can already decrypt but not encrypt
> (assuming my memory is accurate; doing this from my phone on vacation).

Ah, cool. Then the only issue for the patch presumably is an API to
provide the password. Passing it as a command-line flag seems very
insecure (though in some cases there may be no choice), so presumably
it needs to be prompted and read from stdin. (Though it appears from
skimming zipfile.py that it support encrypted individual archive
members, not the zipfile as a whole. Also the docs mention that
decryption is "extremely slow as it is implemented in native python
rather than C.")

Anyway it looks like if someone wants to try this, only the code in
runpy.py needs to be touched.

-- 
--Guido van Rossum (home page: http://www.python.org/~guido/)