From 5ca6f9962048d69e6102aa2c068df941919c6c51 Mon Sep 17 00:00:00 2001 From: alexmullins Date: Tue, 27 Oct 2015 04:25:11 -0500 Subject: [PATCH] update README.txt --- README.txt | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/README.txt b/README.txt index b12931b..c1e6392 100644 --- a/README.txt +++ b/README.txt @@ -28,11 +28,14 @@ generates a master key broken into the following: 5. Authentication Key is same size as AES key. 6. Authentication with HMAC-SHA1-80 (truncated to 80bits). 7. A new master key is generated for every file. +7.5. CTR IV = 01 and increases for each file. Everything I've read said +it starts at 00 so I need clarification here. See winzipkeygen for example. 8. The file header and directory header compression method will -be 99 (decimal). The actual compression method will be in the -extra's payload at the end of the directory header. +be 99 (decimal) indicating Winzip AES encryption. The actual +compression method will be in the extra's payload at the end +of the headers. 9. A extra field will be added to the file header and directory -header identified by 0x9901 and contains the following info: +header identified by the ID 0x9901 and contains the following info: a. Header ID (2 bytes) b. Data Size (2 bytes) c. Vendor Version (2 bytes) @@ -40,7 +43,7 @@ header identified by 0x9901 and contains the following info: e. AES Strength (1 byte) f. Compression Method (2 bytes) 10. The Data Size is always 7. -11. The Vendor Version can either be 0x0001 (AE-1) or +11. The Vendor Version can be either 0x0001 (AE-1) or 0x0002 (AE-2). 12. Vendor ID is ASCII "AE" 13. AES Strength: @@ -48,7 +51,7 @@ header identified by 0x9901 and contains the following info: b. 0x02 - AES-192 c. 0x03 - AES-256 14. Compression Method is the actual compression method -used that was replaced by the encryption process. +used that was replaced by the encryption process mentioned in #8. 15. AE-1 keeps the CRC and should be verified after decompression. -16. AE-2 removes the CRC and shouldn't be verified after decompression. +AE-2 removes the CRC and shouldn't be verified after decompression. Refer to http://www.winzip.com/aes_info.htm#winzip11 for the reasoning.