I am looking for a "standard" archiver format (ZIP, 7ZIP, etc.) that is supported by a pure Java library and has strong (AES-128) encryption.
I need a format that people can decrypt using off-the-shelf software for Windows and OsX.
My understanding is that ZIP encryption prior to version PKZIP 9.0 (Zip 2.0) was very weak, and that PKWARE has never published the AES-256 file version.
The format need only support secret-key encryption (public-key is not required or desired).
I can't use BouncyCastle Open-PGP because their JAR files must be signed with their key and we need to also sign with our code-signing key for Java Web Start. Some of our customers are running old builds of Java 6 (< 14) and can't upgrade. Builds of Java 6 prior to 14 did not support signing with multiple keys.
You can try using the Zip4j library:
Key features:
- Create, Add, Extract, Update, Remove files from a Zip file
- Read/Write password protected Zip files
- Supports AES 128/256 Encryption
- Supports Standard Zip Encryption
- Supports Zip64 format
- Supports Store (No Compression) and Deflate compression method
- Create or extract files from Split Zip files (Ex: z01, z02,...zip)
- Supports Unicode file names
- Progress Monitor
License:
- Zip4j is released under Apache License, Version 2.0.