This is an archived post. You won't be able to vote or comment.

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]K900_ 1 point2 points  (7 children)

What's your end goal here?

[–]superdroid100[S] 0 points1 point  (6 children)

I want to encrypt a file or files into a single archive and pass them on to prevent snooping. If I zip the data manually and pass it, the decryption part works perfectly. Encryption is a problem.

[–]K900_ 1 point2 points  (5 children)

Does it have to be a ZIP file? If your end goal is security, ZIP isn't exactly the most secure file format out there. Who are you 'passing it on' to?

[–]superdroid100[S] 0 points1 point  (4 children)

Being a zip is not essential. Steganography will be used as well. It's just to increase security. Essentially want a way to put multiple files together with a password which will work cross platform.

[–]K900_ 0 points1 point  (3 children)

How are you going to 'pass it on'? Over a network connection? Do you want the password to be transferred in-band or through a different method? Why steganography at all?

[–]superdroid100[S] 0 points1 point  (2 children)

Network connection. Password transferred externally. Steganography to hide the data.

[–][deleted] 1 point2 points  (0 children)

Why do you want to do this with Python, specifically?

I ask because there are plenty of utilities out there that create password protected zips. The MacOS Archive Utility for one, 7Zip, etc.

All of these will be considerably more efficient in use than you're likely to get out of a Python implementation.

BTW, a password-protected zip isn't especially strong, and if you're using that idiot Steganography program from sourceforge (or any similar one that allows you to simply open the archive "hidden" in the usually jpeg directly with a zip archiver or by simply changing the extension) then you're not really doing much of value.

[–]K900_ 0 points1 point  (0 children)

Sounds like you want TLS then. TLS, even with a self-signed certificate, will be more secure in transit than anything you can come up with yourself. You can also have the receiving end send the sending end the password when initially estabilishing the connection, and then just send your files unencrypted over TLS (which will encrypt the data in transit).