net.java.truevfs.driver.zip.raes

Class SafeZipRaesDriver

java.lang.Object

net.java.truecommons.shed.UniqueObject

net.java.truevfs.kernel.spec.FsDriver

net.java.truevfs.kernel.spec.FsArchiveDriver<E>

net.java.truevfs.comp.zipdriver.AbstractZipDriver<JarDriverEntry>

net.java.truevfs.comp.zipdriver.JarDriver

net.java.truevfs.driver.zip.raes.ZipRaesDriver

net.java.truevfs.driver.zip.raes.SafeZipRaesDriver

All Implemented Interfaces:

ZipCharsetParameters, ZipEntryFactory<JarDriverEntry>, ZipFileParameters<JarDriverEntry>, ZipOutputStreamParameters, ZipParameters, FsController.Factory<FsManager>, FsModel.Factory<FsManager>

@Immutable
public class SafeZipRaesDriver
extends ZipRaesDriver

A safe archive driver for RAES encrypted ZIP files (ZIP.RAES). For input archive files up to 512 KB, the cipher text gets authenticated using the RAES provided Message Authentication Code (MAC) before the archive can be accessed by a client application. For larger input archive files, the MAC is not used, but instead the CRC-32 value of the decrypted and deflated archive entries is checked when the archive entry stream is closed by the client application, resulting in some IOException.

This operation mode is considered to be safe: Although a formal prove is missing, it should be computationally infeasible to modify an archive file so that after decryption of the archive and after inflation (decompression) of an entry's data its CRC-32 value still matches! This should hold true even though CRC-32 is not at all a good cryptographic hash function because of its frequent collisions, its linear sink and small sink size. It's the ZIP inflation algorithm which actually comes to our rescue!

Subclasses must be thread-safe and should be immutable!

Author:

Christian Schlichtherle

See Also:

ParanoidZipRaesDriver

Field Summary

Fields inherited from class net.java.truevfs.comp.zipdriver.JarDriver

JAR_CHARSET

Constructor Summary

Constructors

Constructor and Description
SafeZipRaesDriver()

Method Summary

Modifier and Type	Method and Description
long	getAuthenticationTrigger() Returns the value of the property authenticationTrigger.

Methods inherited from class net.java.truevfs.driver.zip.raes.ZipRaesDriver

check, decorate, getPreambled, newEntry, newOutput, newZipInput, raesParameters, sink

Methods inherited from class net.java.truevfs.comp.zipdriver.JarDriver

getCharset, newEntry, newEntry

Methods inherited from class net.java.truevfs.comp.zipdriver.AbstractZipDriver

fileSystemUri, getKeyManagerMap, getLevel, getMethod, getOverheadSize, getPool, getPostambled, getRedundantContentSupport, getRedundantMetaDataSupport, mountPointUri, newInput, rdc, zipCryptoParameters

Methods inherited from class net.java.truevfs.kernel.spec.FsArchiveDriver

checkEncodable, isArchiveDriver, newController, newEntry, newInput, newOutput, normalize, source, toString

Methods inherited from class net.java.truevfs.kernel.spec.FsDriver

decorate, newModel

Methods inherited from class net.java.truecommons.shed.UniqueObject

equals, hashCode

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Constructor Detail

SafeZipRaesDriver

public SafeZipRaesDriver()

Method Detail

getAuthenticationTrigger

public final long getAuthenticationTrigger()

Description copied from class: ZipRaesDriver

Returns the value of the property authenticationTrigger.

If the cipher text length of an input RAES file is smaller than or equal to this value, then the Hash-based Message Authentication Code (HMAC) for the entire cipher text is computed and verified in order to authenticate the input RAES file.

Otherwise, if the cipher text length of an input RAES file is greater than this value, then initially only the cipher key and the cipher text length getKeyManager authenticated. In addition, whenever an entry is subsequently accessed, then it's CRC-32 value is checked.

Consequently, if the value of this property is set to a negative value, then the entire cipher text gets never authenticated (CRC-32 checking only), and if set to Long.MAX_VALUE, then the entire cipher text gets always authenticated (no CRC-32 checking).

Specified by:

getAuthenticationTrigger in class ZipRaesDriver

Returns:

The value of the property authenticationTrigger.