Compression(ZIP) and encryption sequence order

5 posts / 0 new
Last post

Dear matt.garrish

I’m asking about w3c xml encryption specification, especially encryption and compression sequence which I feel somewhat ambiguous.
From my understanding, there are two ways to do zip encryption EPUB files.
First one is do compression first, and then encrypts each compressed entries. After that, replace compressed files with corresponding encrypted files within a zip. In this case, however, size of the encrypted file is bigger than the corresponding compressed file. This result the size of the encrypted zip file is bigger than the original compressed zip file. Therefore, reading EPUB(ZIP) file, one cannot use normal unzip module, but have to use a separate unzip module which supports decompression after decryption.
Second one is do encryption first, and then compresses the file. In this case, there is no need of modification of unzip module and no different of sizes. Compression efficiency, however, is very low since it compresses encrypted file.
My question is which sequence has to be done regarding xml encryption when we apply it to EPUB. Encryption first then compression or compression first then encryption?

Another question relates the first situation is this. Maybe this can be a solution for that. From first situation, when compression begins, each entry created, and then each entry encrypted. Instead of that, how about compress one entry and then encrypt on the memory then place in a zip. Do you think this is what xml encryption specification’s intention for EPUB zip file?

Many thanks in advance.

Hi Jung,

The OCF specification has this passage dealing with this issue:

When stored in a ZIP container, streams of data must be compressed before they are encrypted and Deflate compression must be used. Within the ZIP directory, encrypted files should be stored rather than Deflate-compressed.

So you must compress and then encrypt and then store. If you encrypt first and then compress, a reading system would likely fail as it will try to decrypt the compressed resource.

Your scenario of compressing and encrypting in memory and then storing sounds like the right approach.


Thank you, Matt.
I also asked same question to w3c encryption working group. If they give me any feedback, I'll post it here.

Thanks j9kwon,
really this is a confusion. But the first approach u explained is bit difficult. I have first compressed and then encrypted the whole bundle. That I know is not correct.
please guide me--> 1. how to encrypt selected folder of compressed bundle
--> 2 how to decrypt and decompress the same.

you guidance will be appreciated, thanks

Secondary menu