Problem:
I read and write large multipage tiffs. During my test I have seen plain tiffs on disk. I know I can disable writing to disk with
ImageIO.setUseCache(false)
but then all data is in memory, what may lead to OutOfMemoryException.
Is there any way to encrypt the cache/temp file created by ImageIO.createImageInputStream() and ImageIO.createImageOutputStream()?
My current variants, what I can/will try
Registering a custom ImageInputStream/ImageOutputStream(Spi)for encrypted files similar to "javax.imageio.stream.FileImageInputStream". Is there any documentation/tutorial how to do that?
Extends RandomAccessFile to write encrypted and read decrypted to/from file due to existing "javax.imageio.stream.FileImageInputStream" already accepts RandomAccessFile. Is there already a solution for that?
last hope is to secure/encrypt the temp folder outside of my java app, but that would be error prone.
PS: I would use AES128/256 encryption with temp. key/IV (save that in memory) !
Related
I'm wondering if I can store a file in cache (or somewhere else), not on the hard drive using JAVA. I got a file as input, copy it to my hard drive now to an another path, modify the copied one and return with it. But what if a user does not have rights to write on hard disk, so the application which uses the file also don't have? Thats why I'm trying to store the copy somewhere else, for example in the cache, is it possible? If yes, is it also possible without any library?
Thanks in advance!
If this is string file, and small enough to fit into memory you can just use:
IOUtils.toString(inputStream, encoding);
for binary file you need to reserve byte array big enough to fit the file content into...
I want to hide my pdf file, I tried encrypting file but I got out of memory error because file is too big.I try add "." front of file name like that ".pdfs/" but it doesn't work.
is there any solution this case?
I use download manager library here, It is prevent to download internal storage, I have to use external storage
I tried encrypting file but I got out of memory error because file is too big
Then instead of reading whole file and encrypting such huge block of data, read it in smaller portions, encrypt these portions, save it and then read another portion for encryption. Repeat until done.
I use download manager library, It is prevent to download internel storage, I have to use external storage
But you do not have to use Download Manager so once you fetch the file yourself, you can store it whenever you want incl. your own private storage of your choice.
Using TrueZIP, is there a way to open and modify an existing ZIP file from a stream (it may of course be outputted using another stream)?
I have code for modifying a ZIP that works perfectly as long as I work on an existing real ZIP file on the file system but I have a requirement that all temporary files need to be encrypted while stored on disk. In most part of our application this is easy to achieve (using CipherOutputStream and CipherInputStream) but I have one function that uses TrueZIP to update an existing ZIP file. This part obviously fails if the file is encrypted.
The ZIP files will be consumed by proprietary applications that do not support encryption so using the encryption that is part of the ZIP specification isn't possible.
The reason we are using TrueZIP is that we need the support for Zip64 (which I know is included in Java 7 but we cannot switch right now).
No, an archive file must be stored in accessible file system to use it with TrueZIP. But you have a number of other options:
TrueZIP uses instances of the IOPoolService interface to manage temporary files. You could provide your own implementation which encrypts all temporary files or maybe even just stores them on the heap (if they are small). Have a look at the TrueZIP Driver FILE to see the reference implementation.
You could use the ParanoidZipRaesDriver to use RAES encrypted ZIP files. This driver ensures that no unencrypted temporary files are used by limiting the number of concurrent threads for writing an archive file to one.
You could use the standard ZIP drivers with FsOutputOption.ENCRYPT to switch on WinZip AES encryption. To ensure that no unencrypted temporary files are used, you could then override the ZipDriver.newOutputSocket method just like the ParanoidZipRaesDriver does.
I have an encrypted ODT (Open Document Text) file and I need to unzip it. ODT is a ZIP file. An encrypted ODT is a normal ZIP file, just some files inside the ZIP are encrypted.
Using ZipFile works okay in a test, but I cannot use ZipFile really because I have a stream in memory, I don't want to work with a file.
Therefore I use ZipInputStream. But using ZipInputStream.getNextEntry() throws the dreadful
only DEFLATED entries can have EXT descriptor
exception.
From what I can understand, it throws on the first encrypted file inside the ZIP package, for example on content.xml. Because OpenOffice has encrypted the xml file, it was probably no point compressing it and it was stored inside the ZIP package uncompressed.
But ZipInputStream seems to have a problem with it and I don't see a way around.
And yes, the encrypted ODT file was created by OpenOffice Writer 3.2.1. And yes, the stock ZipInputStream cannot even enumerate through entries in it.
Anything you can suggest?
You can have a look if it's possible with ODF Toolkit library
The problem has nothing to do with encryption, but with the fact that ZipInputStream does not expect (and does not know how to handle) an EXT descriptor when the associated data was not DEFLATED (i.e. was stored uncompressed, as-is). This may well be a deficiency ("bug") in ZipInputStream, but I am not familiar enough with the zip specs to know one way or another.
An inelegant, even downright ugly workaround is to persist the stream to a temporary file, and then process it as a ZipFile.
(I am the author of ODFind and the "Decrypting ODF Files" document mentioned above.)
Have you stumbled upon what Ringlord did in ODFind to read encrypted ODF files? This ODF document (viewable as HTML here courtesy Google) claims there is simply no way to rely solely on the Java libraries to decrypt OpenOffice.org documents. However, the author explains how one can decrypt the content.xml payload of an ODF file with knowledge of the ODF Manifest, RFC 2989, the PBKDF2Engine in JBoss3 and some original discovery by the author.
Best wishes.
DISCLAIMER: I have no affiliation whatsoever with Ringlord despite every link above points to Ringlord content.
I just read about zip bombs, i.e. zip files that contain very large amount of highly compressible data (00000000000000000...).
When opened they fill the server's disk.
How can I detect a zip file is a zip bomb before unzipping it?
UPDATE Can you tell me how is this done in Python or Java?
Try this in Python:
import zipfile
with zipfile.ZipFile('a_file.zip') as z
print(f'total files size={sum(e.file_size for e in z.infolist())}')
Zip is, erm, an "interesting" format. A robust solution is to stream the data out, and stop when you have had enough. In Java, use ZipInputStream rather than ZipFile. The latter also requires you to store the data in a temporary file, which is also not the greatest of ideas.
Reading over the description on Wikipedia -
Deny any compressed files that contain compressed files.
Use ZipFile.entries() to retrieve a list of files, then ZipEntry.getName() to find the file extension.
Deny any compressed files that contain files over a set size, or the size can not be determined at startup.
While iterating over the files use ZipEntry.getSize() to retrieve the file size.
Don't allow the upload process to write enough data to fill up the disk, ie solve the problem, not just one possible cause of the problem.
Check a zip header first :)
If the ZIP decompressor you use can provide the data on original and compressed size you can use that data. Otherwise start unzipping and monitor the output size - if it grows too much cut it loose.
Make sure you are not using your system drive for temp storage. I am not sure if a virusscanner will check it if it encounters it.
Also you can look at the information inside the zip file and retrieve a list of the content. How to do this depends on the utility used to extract the file, so you need to provide more information here