Replies: 1 comment
-
AFAIK it's impossible because you need actually to decrypt all the data in order to be (almost) sure that the provided password is valid. You can also just compare the password to the "password verification value" but this won't guarantee that the password is 100% valid, cf. "There is a 1 in 65,536 chance that an incorrect password will yield a matching verification value" here: https://www.winzip.com/en/support/aes-encryption/#pwd-verify. There is a 1 in 256 chance when the content is encrypted with zipcrypto. async function testPasswordVerification(entry, password) {
const abortController = new AbortController();
const { signal } = abortController;
try {
await entry.getData(new WritableStream(), {
password,
signal,
onprogress: () => abortController.abort()
});
} catch (error) {
if (error.message == zip.ERR_INVALID_PASSWORD) {
return false;
} else if (error.name != "AbortError") {
throw error;
}
}
return true;
} Note however that the password is guaranteed to be invalid when the function returns |
Beta Was this translation helpful? Give feedback.
-
I am looking for a function to check if password is valid without calling try/catch over
encryptedEntry.getData(new zip.BlobWriter(), { password: pass });
Is there a better way possible?
Beta Was this translation helpful? Give feedback.
All reactions