Bug 424513

Summary: .zip archive Central directory encryption / Header encryption
Product: [Applications] ark Reporter: Daniel Fichtner <danje1>
Component: generalAssignee: Elvis Angelaccio <elvis.angelaccio>
Status: RESOLVED UPSTREAM    
Severity: normal CC: rthomsen6
Priority: NOR    
Version: 20.04.3   
Target Milestone: ---   
Platform: Arch Linux   
OS: Linux   
See Also: https://bugs.kde.org/show_bug.cgi?id=253694
Latest Commit: Version Fixed In:
Sentry Crash Report:

Description Daniel Fichtner 2020-07-21 17:28:29 UTC 
After creating a .zip archive


STEPS TO REPRODUCE
1. open ark
2. create new archive of type .zip
3. drag an drop file into it
4. close ark
5. double click .zip archive
6. try to extract file

OBSERVED RESULT
Ark opens archive, FILE NAMES ARE VISIBLE.
Trying to extract a file triggers password dialog.

EXPECTED RESULT
After double click, open password dialog.
DON'T SHOW FILES!

SOFTWARE/OS VERSIONS
Linux/KDE Plasma:
Distro: Arch Linux
Kernel: 5.7.9-arch1-1
KDE Plasma Version: 5.19.3
KDE Frameworks Version: 5.72.0
Qt Version: 5.15.0

ADDITIONAL INFORMATION

I like try to fix it myself if it's a Junior Job.
Just starting out to develop for the KDE Community.
Would be my first project.
Comment 1 2wxsy58236r3 2020-07-22 11:01:24 UTC 
This bug's original title is not really accurate because if the ZIP file's header (central directory) is not encrypted, then Ark will and should open the archive to display the file list. The user will be prompted to enter the password when an encrypted file is extracted.

For more details on ZIP's header encryption, I think you can read Section 7.1.8 in the APPNOTE.txt by PKWARE.

Ark uses external programs through plugins to create archives, and apparently no ZIP plugin supports header encryption - see Bug 253694 Comment 11.

If you would like to have header encryption in ZIP, I think you have to add such support in upstream programs, such as libzip.