Importing Archive::Zip 1.16

[archive-zip.git] / docs / Appnote.txt

File:    APPNOTE.TXT - .ZIP File Format Specification\r
Version: 5.2 - NOTIFICATION OF CHANGE\r
Revised: 07/16/2003\r
Copyright (c) 1989 - 2003 PKWARE Inc., All Rights Reserved.\r
\r
\r
Disclaimer\r
----------\r
\r
Although PKWARE will attempt to supply current and accurate\r
information relating to its file formats, algorithms, and the\r
subject programs, the possibility of error or omission can not \r
be eliminated. PKWARE therefore expressly disclaims any warranty \r
that the information contained in the associated materials relating \r
to the subject programs and/or the format of the files created or\r
accessed by the subject programs and/or the algorithms used by\r
the subject programs, or any other matter, is current, correct or\r
accurate as delivered.  Any risk of damage due to any possible\r
inaccurate information is assumed by the user of the information.\r
Furthermore, the information relating to the subject programs\r
and/or the file formats created or accessed by the subject\r
programs and/or the algorithms used by the subject programs is\r
subject to change without notice.\r
\r
If the version of this file is marked as a NOTIFICATION OF CHANGE,\r
the content defines an Early Feature Specification (EFS) change \r
to the .ZIP file format that may be subject to modification prior \r
to publication of the Final Feature Specification (FFS).  This\r
document may also contain information on Planned Feature \r
Specifications (PFS) defining recognized future extensions.\r
\r
\r
General Format of a .ZIP file\r
-----------------------------\r
\r
  Files stored in arbitrary order.  Large .ZIP files can span multiple\r
  diskette media or be split into user-defined segment sizes.  \r
\r
  Overall .ZIP file format:\r
\r
    [local file header 1]\r
    [file data 1]\r
    [data descriptor 1]\r
    . \r
    .\r
    .\r
    [local file header n]\r
    [file data n]\r
    [data descriptor n]\r
    [central directory]\r
    [zip64 end of central directory record]\r
    [zip64 end of central directory locator] \r
    [end of central directory record]\r
\r
\r
  A.  Local file header:\r
\r
        local file header signature     4 bytes  (0x04034b50)\r
        version needed to extract       2 bytes\r
        general purpose bit flag        2 bytes\r
        compression method              2 bytes\r
        last mod file time              2 bytes\r
        last mod file date              2 bytes\r
        crc-32                          4 bytes\r
        compressed size                 4 bytes\r
        uncompressed size               4 bytes\r
        file name length                2 bytes\r
        extra field length              2 bytes\r
\r
        file name (variable size)\r
        extra field (variable size)\r
\r
  B.  File data\r
\r
      Immediately following the local header for a file\r
      is the compressed or stored data for the file. \r
      The series of [local file header][file data][data\r
      descriptor] repeats for each file in the .ZIP archive. \r
\r
  C.  Data descriptor:\r
\r
        crc-32                          4 bytes\r
        compressed size                 4 bytes\r
        uncompressed size               4 bytes\r
\r
      This descriptor exists only if bit 3 of the general\r
      purpose bit flag is set (see below).  It is byte aligned\r
      and immediately follows the last byte of compressed data.\r
      This descriptor is used only when it was not possible to\r
      seek in the output .ZIP file, e.g., when the output .ZIP file\r
      was standard output or a non seekable device.  For Zip64 format\r
      archives, the compressed and uncompressed sizes are 8 bytes each.\r
\r
  D.  Central directory structure:\r
\r
      [file header 1]\r
      .\r
      .\r
      . \r
      [file header n]\r
      [digital signature] \r
\r
      File header:\r
\r
        central file header signature   4 bytes  (0x02014b50)\r
        version made by                 2 bytes\r
        version needed to extract       2 bytes\r
        general purpose bit flag        2 bytes\r
        compression method              2 bytes\r
        last mod file time              2 bytes\r
        last mod file date              2 bytes\r
        crc-32                          4 bytes\r
        compressed size                 4 bytes\r
        uncompressed size               4 bytes\r
        file name length                2 bytes\r
        extra field length              2 bytes\r
        file comment length             2 bytes\r
        disk number start               2 bytes\r
        internal file attributes        2 bytes\r
        external file attributes        4 bytes\r
        relative offset of local header 4 bytes\r
\r
        file name (variable size)\r
        extra field (variable size)\r
        file comment (variable size)\r
\r
      Digital signature:\r
\r
        header signature                4 bytes  (0x05054b50)\r
        size of data                    2 bytes\r
        signature data (variable size)\r
\r
  E.  Zip64 end of central directory record\r
\r
        zip64 end of central dir \r
        signature                       4 bytes  (0x06064b50)\r
        size of zip64 end of central\r
        directory record                8 bytes\r
        version made by                 2 bytes\r
        version needed to extract       2 bytes\r
        number of this disk             4 bytes\r
        number of the disk with the \r
        start of the central directory  4 bytes\r
        total number of entries in the\r
        central directory on this disk  8 bytes\r
        total number of entries in the\r
        central directory               8 bytes\r
        size of the central directory   8 bytes\r
        offset of start of central\r
        directory with respect to\r
        the starting disk number        8 bytes\r
        zip64 extensible data sector    (variable size)\r
\r
  F.  Zip64 end of central directory locator\r
\r
        zip64 end of central dir locator \r
        signature                       4 bytes  (0x07064b50)\r
        number of the disk with the\r
        start of the zip64 end of \r
        central directory               4 bytes\r
        relative offset of the zip64\r
        end of central directory record 8 bytes\r
        total number of disks           4 bytes\r
        \r
  G.  End of central directory record:\r
\r
        end of central dir signature    4 bytes  (0x06054b50)\r
        number of this disk             2 bytes\r
        number of the disk with the\r
        start of the central directory  2 bytes\r
        total number of entries in the\r
        central directory on this disk  2 bytes\r
        total number of entries in\r
        the central directory           2 bytes\r
        size of the central directory   4 bytes\r
        offset of start of central\r
        directory with respect to\r
        the starting disk number        4 bytes\r
        .ZIP file comment length        2 bytes\r
        .ZIP file comment       (variable size)\r
\r
  H.  Explanation of fields:\r
\r
      version made by (2 bytes)\r
\r
          The upper byte indicates the compatibility of the file\r
          attribute information.  If the external file attributes \r
          are compatible with MS-DOS and can be read by PKZIP for \r
          DOS version 2.04g then this value will be zero.  If these \r
          attributes are not compatible, then this value will \r
          identify the host system on which the attributes are \r
          compatible.  Software can use this information to determine\r
          the line record format for text files etc.  The current\r
          mappings are:\r
\r
          0 - MS-DOS and OS/2 (FAT / VFAT / FAT32 file systems)\r
          1 - Amiga                     2 - OpenVMS\r
          3 - Unix                      4 - VM/CMS\r
          5 - Atari ST                  6 - OS/2 H.P.F.S.\r
          7 - Macintosh                 8 - Z-System\r
          9 - CP/M                     10 - Windows NTFS\r
         11 - MVS (OS/390 - Z/OS)      12 - VSE\r
         13 - Acorn Risc               14 - VFAT\r
         15 - alternate MVS            16 - BeOS\r
         17 - Tandem                   18 - OS/400\r
         19 thru 255 - unused\r
\r
          The lower byte indicates the version number of the\r
          software used to encode the file.  The value/10\r
          indicates the major version number, and the value\r
          mod 10 is the minor version number.\r
\r
      version needed to extract (2 bytes)\r
\r
          The minimum software version needed to extract the\r
          file, mapped as above.  For Zip64 format archives,\r
          this value should not be less than 45.\r
\r
      general purpose bit flag: (2 bytes)\r
\r
          Bit 0: If set, indicates that the file is encrypted.\r
\r
          (For Method 6 - Imploding)\r
          Bit 1: If the compression method used was type 6,\r
                 Imploding, then this bit, if set, indicates\r
                 an 8K sliding dictionary was used.  If clear,\r
                 then a 4K sliding dictionary was used.\r
          Bit 2: If the compression method used was type 6,\r
                 Imploding, then this bit, if set, indicates\r
                 3 Shannon-Fano trees were used to encode the\r
                 sliding dictionary output.  If clear, then 2\r
                 Shannon-Fano trees were used.\r
\r
          (For Methods 8 and 9 - Deflating)\r
          Bit 2  Bit 1\r
            0      0    Normal (-en) compression option was used.\r
            0      1    Maximum (-exx/-ex) compression option was used.\r
            1      0    Fast (-ef) compression option was used.\r
            1      1    Super Fast (-es) compression option was used.\r
\r
          Note:  Bits 1 and 2 are undefined if the compression\r
                 method is any other.\r
\r
          Bit 3: If this bit is set, the fields crc-32, compressed \r
                 size and uncompressed size are set to zero in the \r
                 local header.  The correct values are put in the \r
                 data descriptor immediately following the compressed\r
                 data.  (Note: PKZIP version 2.04g for DOS only \r
                 recognizes this bit for method 8 compression, newer \r
                 versions of PKZIP recognize this bit for any \r
                 compression method.)\r
\r
          Bit 4: Reserved for use with method 8, for enhanced\r
                 deflating. \r
\r
          Bit 5: If this bit is set, this indicates that the file is \r
                 compressed patched data.  (Note: Requires PKZIP \r
                 version 2.70 or greater)\r
\r
          Bit 6: Strong encryption.  If this bit is set, you should\r
                 set the version needed to extract value to at least\r
                 50 and you must also set bit 0.  If AES encryption\r
                 is used, the version needed to extract value must \r
                 be at least 51.\r
\r
          Bit 7: Currently unused.\r
\r
          Bit 8: Currently unused.\r
\r
          Bit 9: Currently unused.\r
\r
          Bit 10: Currently unused.\r
\r
          Bit 11: Currently unused.\r
\r
          Bit 12: Reserved by PKWARE for enhanced compression.\r
\r
          Bit 13: Reserved by PKWARE.\r
\r
          Bit 14: Reserved by PKWARE.\r
\r
          Bit 15: Reserved by PKWARE.\r
\r
      compression method: (2 bytes)\r
\r
          (see accompanying documentation for algorithm\r
          descriptions)\r
\r
          0 - The file is stored (no compression)\r
          1 - The file is Shrunk\r
          2 - The file is Reduced with compression factor 1\r
          3 - The file is Reduced with compression factor 2\r
          4 - The file is Reduced with compression factor 3\r
          5 - The file is Reduced with compression factor 4\r
          6 - The file is Imploded\r
          7 - Reserved for Tokenizing compression algorithm\r
          8 - The file is Deflated\r
          9 - Enhanced Deflating using Deflate64(tm)\r
         10 - PKWARE Data Compression Library Imploding\r
         11 - Reserved by PKWARE\r
         12 - File is compressed using BZIP2 algorithm\r
\r
      date and time fields: (2 bytes each)\r
\r
          The date and time are encoded in standard MS-DOS format.\r
          If input came from standard input, the date and time are\r
          those at which compression was started for this data.\r
\r
      CRC-32: (4 bytes)\r
\r
          The CRC-32 algorithm was generously contributed by\r
          David Schwaderer and can be found in his excellent\r
          book "C Programmers Guide to NetBIOS" published by\r
          Howard W. Sams & Co. Inc.  The 'magic number' for\r
          the CRC is 0xdebb20e3.  The proper CRC pre and post\r
          conditioning is used, meaning that the CRC register\r
          is pre-conditioned with all ones (a starting value\r
          of 0xffffffff) and the value is post-conditioned by\r
          taking the one's complement of the CRC residual.\r
          If bit 3 of the general purpose flag is set, this\r
          field is set to zero in the local header and the correct\r
          value is put in the data descriptor and in the central\r
          directory.\r
\r
      compressed size: (4 bytes)\r
      uncompressed size: (4 bytes)\r
\r
          The size of the file compressed and uncompressed,\r
          respectively.  If bit 3 of the general purpose bit flag\r
          is set, these fields are set to zero in the local header\r
          and the correct values are put in the data descriptor and\r
          in the central directory.  If an archive is in zip64 format\r
          and the value in this field is 0xFFFFFFFF, the size will be\r
          in the corresponding 8 byte zip64 extended information \r
          extra field.\r
\r
      file name length: (2 bytes)\r
      extra field length: (2 bytes)\r
      file comment length: (2 bytes)\r
\r
          The length of the file name, extra field, and comment\r
          fields respectively.  The combined length of any\r
          directory record and these three fields should not\r
          generally exceed 65,535 bytes.  If input came from standard\r
          input, the file name length is set to zero.\r
\r
      disk number start: (2 bytes)\r
\r
          The number of the disk on which this file begins.  If an \r
          archive is in zip64 format and the value in this field is \r
          0xFFFF, the size will be in the corresponding 4 byte zip64 \r
          extended information extra field.\r
\r
      internal file attributes: (2 bytes)\r
\r
          The lowest bit of this field indicates, if set, that\r
          the file is apparently an ASCII or text file.  If not\r
          set, that the file apparently contains binary data.\r
          The remaining bits are unused in version 1.0.\r
\r
          Bits 1 and 2 are reserved for use by PKWARE.\r
\r
      external file attributes: (4 bytes)\r
\r
          The mapping of the external attributes is\r
          host-system dependent (see 'version made by').  For\r
          MS-DOS, the low order byte is the MS-DOS directory\r
          attribute byte.  If input came from standard input, this\r
          field is set to zero.\r
\r
      relative offset of local header: (4 bytes)\r
\r
          This is the offset from the start of the first disk on\r
          which this file appears, to where the local header should\r
          be found.  If an archive is in zip64 format and the value\r
          in this field is 0xFFFFFFFF, the size will be in the \r
          corresponding 8 byte zip64 extended information extra field.\r
\r
      file name: (Variable)\r
\r
          The name of the file, with optional relative path.\r
          The path stored should not contain a drive or\r
          device letter, or a leading slash.  All slashes\r
          should be forward slashes '/' as opposed to\r
          backwards slashes '\' for compatibility with Amiga\r
          and Unix file systems etc.  If input came from standard\r
          input, there is no file name field.\r
\r
      extra field: (Variable)\r
\r
          This is for expansion.  If additional information\r
          needs to be stored for special needs or for specific \r
          platforms, it should be stored here.  Earlier versions \r
          of the software can then safely skip this file, and \r
          find the next file or header.  This field will be 0 \r
          length in version 1.0.\r
\r
          In order to allow different programs and different types\r
          of information to be stored in the 'extra' field in .ZIP\r
          files, the following structure should be used for all\r
          programs storing data in this field:\r
\r
          header1+data1 + header2+data2 . . .\r
\r
          Each header should consist of:\r
\r
            Header ID - 2 bytes\r
            Data Size - 2 bytes\r
\r
          Note: all fields stored in Intel low-byte/high-byte order.\r
\r
          The Header ID field indicates the type of data that is in\r
          the following data block.\r
\r
          Header ID's of 0 thru 31 are reserved for use by PKWARE.\r
          The remaining ID's can be used by third party vendors for\r
          proprietary usage.\r
\r
          The current Header ID mappings defined by PKWARE are:\r
\r
          0x0001        ZIP64 extended information extra field\r
          0x0007        AV Info\r
          0x0008        Reserved for future Unicode file name data (PFS)\r
          0x0009        OS/2\r
          0x000a        NTFS \r
          0x000c        OpenVMS\r
          0x000d        Unix\r
          0x000f        Patch Descriptor\r
          0x0014        PKCS#7 Store for X.509 Certificates\r
          0x0015        X.509 Certificate ID and Signature for \r
                        individual file\r
          0x0016        X.509 Certificate ID for Central Directory\r
          0x0017        Strong Encryption Header\r
          0x0018        Record Management Controls\r
          0x0065        IBM S/390 (Z390), AS/400 (I400) attributes \r
                        - uncompressed\r
          0x0066        IBM S/390 (Z390), AS/400 (I400) attributes \r
                        - compressed\r
\r
          Third party mappings commonly used are:\r
\r
\r
          0x2605        ZipIt Macintosh\r
          0x2705        ZipIt Macintosh 1.3.5+\r
          0x07c8        Macintosh\r
          0x2805        ZipIt Macintosh 1.3.5+\r
          0x334d        Info-ZIP Macintosh\r
          0x4341        Acorn/SparkFS \r
          0x4453        Windows NT security descriptor (binary ACL)\r
          0x4704        VM/CMS\r
          0x470f        MVS\r
          0x4b46        FWKCS MD5 (see below)\r
          0x4c41        OS/2 access control list (text ACL)\r
          0x4d49        Info-ZIP OpenVMS\r
          0x4f4c        Xceed original location extra field\r
          0x5356        AOS/VS (ACL)\r
          0x5455        extended timestamp\r
          0x554e        Xceed unicode extra field\r
          0x5855        Info-ZIP Unix (original, also OS/2, NT, etc)\r
          0x6542        BeOS/BeBox\r
          0x756e        ASi Unix\r
          0x7855        Info-ZIP Unix (new)\r
          0xfd4a        SMS/QDOS\r
\r
          Detailed descriptions of Extra Fields defined by third \r
          party mappings will be documented as information on\r
          these data structures is made available to PKWARE.  \r
          PKWARE does not guarantee the accuracy of any published\r
          third party data.\r
\r
          The Data Size field indicates the size of the following\r
          data block. Programs can use this value to skip to the\r
          next header block, passing over any data blocks that are\r
          not of interest.\r
\r
          Note: As stated above, the size of the entire .ZIP file\r
                header, including the file name, comment, and extra\r
                field should not exceed 64K in size.\r
\r
          In case two different programs should appropriate the same\r
          Header ID value, it is strongly recommended that each\r
          program place a unique signature of at least two bytes in\r
          size (and preferably 4 bytes or bigger) at the start of\r
          each data area.  Every program should verify that its\r
          unique signature is present, in addition to the Header ID\r
          value being correct, before assuming that it is a block of\r
          known type.\r
\r
         -OS/2 Extra Field:\r
\r
          The following is the layout of the OS/2 attributes "extra" \r
          block.  (Last Revision  09/05/95)\r
\r
          Note: all fields stored in Intel low-byte/high-byte order.\r
\r
          Value       Size          Description\r
          -----       ----          -----------\r
  (OS/2)  0x0009      2 bytes       Tag for this "extra" block type\r
          TSize       2 bytes       Size for the following data block\r
          BSize       4 bytes       Uncompressed Block Size\r
          CType       2 bytes       Compression type\r
          EACRC       4 bytes       CRC value for uncompress block\r
          (var)       variable      Compressed block\r
\r
          The OS/2 extended attribute structure (FEA2LIST) is \r
          compressed and then stored in it's entirety within this \r
          structure.  There will only ever be one "block" of data in \r
          VarFields[].\r
\r
         -UNIX Extra Field:\r
\r
          The following is the layout of the Unix "extra" block.\r
          Note: all fields are stored in Intel low-byte/high-byte \r
          order.\r
\r
          Value       Size          Description\r
          -----       ----          -----------\r
  (UNIX)  0x000d      2 bytes       Tag for this "extra" block type\r
          TSize       2 bytes       Size for the following data block\r
          Atime       4 bytes       File last access time\r
          Mtime       4 bytes       File last modification time\r
          Uid         2 bytes       File user ID\r
          Gid         2 bytes       File group ID\r
          (var)       variable      Variable length data field\r
\r
          The variable length data field will contain file type \r
          specific data.  Currently the only values allowed are\r
          the original "linked to" file names for hard or symbolic \r
          links, and the major and minor device node numbers for\r
          character and block device nodes.  Since device nodes\r
          cannot be either symbolic or hard links, only one set of\r
          variable length data is stored.  Link files will have the\r
          name of the original file stored.  This name is NOT NULL\r
          terminated.  Its size can be determined by checking TSize -\r
          12.  Device entries will have eight bytes stored as two 4\r
          byte entries (in little endian format).  The first entry\r
          will be the major device number, and the second the minor\r
          device number.\r
\r
\r
         -OpenVMS Extra Field:\r
\r
          The following is the layout of the OpenVMS attributes \r
          "extra" block.\r
\r
          Note: all fields stored in Intel low-byte/high-byte order.\r
\r
          Value      Size       Description\r
          -----      ----       -----------\r
  (VMS)   0x000c     2 bytes    Tag for this "extra" block type\r
          TSize      2 bytes    Size of the total "extra" block\r
          CRC        4 bytes    32-bit CRC for remainder of the block\r
          Tag1       2 bytes    OpenVMS attribute tag value #1\r
          Size1      2 bytes    Size of attribute #1, in bytes\r
          (var.)     Size1      Attribute #1 data\r
          .\r
          .\r
          .\r
          TagN       2 bytes    OpenVMS attribute tage value #N\r
          SizeN      2 bytes    Size of attribute #N, in bytes\r
          (var.)     SizeN      Attribute #N data\r
\r
          Rules:\r
\r
          1. There will be one or more of attributes present, which \r
             will each be preceded by the above TagX & SizeX values.  \r
             These values are identical to the ATR$C_XXXX and \r
             ATR$S_XXXX constants which are defined in ATR.H under \r
             OpenVMS C.  Neither of these values will ever be zero.\r
\r
          2. No word alignment or padding is performed.\r
\r
          3. A well-behaved PKZIP/OpenVMS program should never produce\r
             more than one sub-block with the same TagX value.  Also,\r
             there will never be more than one "extra" block of type\r
             0x000c in a particular directory record.\r
\r
         -NTFS Extra Field:\r
\r
          The following is the layout of the NTFS attributes \r
          "extra" block. (Note: At this time the Mtime, Atime\r
          and Ctime values may be used on any WIN32 system.)  \r
\r
          Note: all fields stored in Intel low-byte/high-byte order.\r
\r
          Value      Size       Description\r
          -----      ----       -----------\r
  (NTFS)  0x000a     2 bytes    Tag for this "extra" block type\r
          TSize      2 bytes    Size of the total "extra" block\r
          Reserved   4 bytes    Reserved for future use\r
          Tag1       2 bytes    NTFS attribute tag value #1\r
          Size1      2 bytes    Size of attribute #1, in bytes\r
          (var.)     Size1      Attribute #1 data\r
          .\r
          .\r
          .\r
          TagN       2 bytes    NTFS attribute tag value #N\r
          SizeN      2 bytes    Size of attribute #N, in bytes\r
          (var.)     SizeN      Attribute #N data\r
\r
          For NTFS, values for Tag1 through TagN are as follows:\r
          (currently only one set of attributes is defined for NTFS)\r
\r
          Tag        Size       Description\r
          -----      ----       -----------\r
          0x0001     2 bytes    Tag for attribute #1 \r
          Size1      2 bytes    Size of attribute #1, in bytes\r
          Mtime      8 bytes    File last modification time\r
          Atime      8 bytes    File last access time\r
          Ctime      8 bytes    File creation time\r
          \r
         -PATCH Descriptor Extra Field:\r
\r
          The following is the layout of the Patch Descriptor "extra"\r
          block.\r
\r
          Note: all fields stored in Intel low-byte/high-byte order.\r
\r
          Value     Size     Description\r
          -----     ----     -----------\r
  (Patch) 0x000f    2 bytes  Tag for this "extra" block type\r
          TSize     2 bytes  Size of the total "extra" block\r
          Version   2 bytes  Version of the descriptor\r
          Flags     4 bytes  Actions and reactions (see below) \r
          OldSize   4 bytes  Size of the file about to be patched \r
          OldCRC    4 bytes  32-bit CRC of the file to be patched \r
          NewSize   4 bytes  Size of the resulting file \r
          NewCRC    4 bytes  32-bit CRC of the resulting file \r
\r
          Actions and reactions\r
\r
          Bits          Description\r
          ----          ----------------\r
          0             Use for autodetection\r
          1             Treat as selfpatch\r
          2-3           RESERVED\r
          4-5           Action (see below)\r
          6-7           RESERVED\r
          8-9           Reaction (see below) to absent file \r
          10-11         Reaction (see below) to newer file\r
          12-13         Reaction (see below) to unknown file\r
          14-15         RESERVED\r
          16-31         RESERVED\r
\r
          Actions\r
\r
          Action       Value\r
          ------       ----- \r
          none         0\r
          add          1\r
          delete       2\r
          patch        3\r
\r
          Reactions\r
 \r
          Reaction     Value\r
          --------     -----\r
          ask          0\r
          skip         1\r
          ignore       2\r
          fail         3\r
\r
          Patch support is provided by PKPatchMaker(tm) technology and is \r
          covered under U.S. Patents and Patents Pending.\r
\r
         -PKCS#7 Store for X.509 Certificates:\r
\r
          Note: all fields stored in Intel low-byte/high-byte order.\r
\r
          Value     Size     Description\r
          -----     ----     -----------\r
  (Store) 0x0014    2 bytes  Tag for this "extra" block type\r
          TSize     2 bytes  Size of the store data\r
          (var)     TSize    Data about the store\r
\r
\r
         -X.509 Certificate ID and Signature for individual file:\r
\r
          Note: all fields stored in Intel low-byte/high-byte order.\r
\r
          Value     Size     Description\r
          -----     ----     -----------\r
  (CID)   0x0015    2 bytes  Tag for this "extra" block type\r
          TSize     2 bytes  Size of data that follows\r
          (var)     TSize    Data\r
\r
         -X.509 Certificate ID and Signature for central directory:\r
\r
          Note: all fields stored in Intel low-byte/high-byte order.\r
\r
          Value     Size     Description\r
          -----     ----     -----------\r
  (CDID)  0x0016    2 bytes  Tag for this "extra" block type\r
          TSize     2 bytes  Size of data that follows\r
          (var)     TSize    Data\r
\r
         -Strong Encryption Header (EFS):\r
\r
          Value     Size     Description\r
          -----     ----     -----------\r
          0x0017    2 bytes  Tag for this "extra" block type\r
          TSize     2 bytes  Size of data that follows\r
          Format    2 bytes  Format definition for this record\r
          AlgID     2 bytes  Encryption algorithm identifier\r
          Bitlen    2 bytes  Bit length of encryption key\r
          Flags     2 bytes  Processing flags\r
          (var)     TSize    Reserved for future certificate data\r
\r
\r
         -Record Management Controls:\r
\r
          Value     Size     Description\r
          -----     ----     -----------\r
(Rec-CTL) 0x0018    2 bytes  Tag for this "extra" block type\r
          CSize     2 bytes  Size of total extra block data\r
          Tag1      2 bytes  Record control attribute 1\r
          Size1     2 bytes  Size of attribute 1, in bytes\r
          Data      Size1    Attribute 1 data\r
            .\r
            .\r
            .\r
          TagN      2 bytes  Record control attribute N\r
          SizeN     2 bytes  Size of attribute N, in bytes\r
          Data      SizeN    Attribute N data\r
\r
         -MVS Extra Field:\r
\r
          The following is the layout of the MVS "extra" block.\r
          Note: Some fields are stored in Big Endian format.\r
          All text is in EBCDIC format unless otherwise specified.\r
\r
          Value       Size          Description\r
          -----       ----          -----------\r
  (MVS)   0x0065      2 bytes       Tag for this "extra" block type\r
          TSize       2 bytes       Size for the following data block\r
          ID          4 bytes       EBCDIC "Z390" 0xE9F3F9F0 or\r
                                    "T4MV" for TargetFour\r
          (var)       TSize-4       Attribute data\r
\r
\r
         -OS/400 Extra Field:\r
\r
          The following is the layout of the OS/400 "extra" block.\r
          Note: Some fields are stored in Big Endian format.\r
          All text is in EBCDIC format unless otherwise specified.\r
\r
          Value       Size          Description\r
          -----       ----          -----------\r
  (OS400) 0x0065      2 bytes       Tag for this "extra" block type\r
          TSize       2 bytes       Size for the following data block\r
          ID          4 bytes       EBCDIC "I400" 0xC9F4F0F0 or\r
                                    "T4MV" for TargetFour\r
          (var)       TSize-4       Attribute data\r
\r
\r
         -ZipIt Macintosh Extra Field (long):\r
\r
          The following is the layout of the ZipIt extra block \r
          for Macintosh. The local-header and central-header versions \r
          are identical. This block must be present if the file is \r
          stored MacBinary-encoded and it should not be used if the file \r
          is not stored MacBinary-encoded.\r
\r
          Value         Size        Description\r
          -----         ----        -----------\r
  (Mac2)  0x2605        Short       tag for this extra block type\r
          TSize         Short       total data size for this block\r
          "ZPIT"        beLong      extra-field signature\r
          FnLen         Byte        length of FileName\r
          FileName      variable    full Macintosh filename\r
          FileType      Byte[4]     four-byte Mac file type string\r
          Creator       Byte[4]     four-byte Mac creator string\r
\r
\r
         -ZipIt Macintosh Extra Field (short, for files):\r
\r
          The following is the layout of a shortened variant of the\r
          ZipIt extra block for Macintosh (without "full name" entry).\r
          This variant is used by ZipIt 1.3.5 and newer for entries of\r
          files (not directories) that do not have a MacBinary encoded\r
          file. The local-header and central-header versions are identical.\r
\r
          Value         Size        Description\r
          -----         ----        -----------\r
  (Mac2b) 0x2705        Short       tag for this extra block type\r
          TSize         Short       total data size for this block (12)\r
          "ZPIT"        beLong      extra-field signature\r
          FileType      Byte[4]     four-byte Mac file type string\r
          Creator       Byte[4]     four-byte Mac creator string\r
          fdFlags       beShort     attributes from FInfo.frFlags,\r
                                    may be omitted\r
          0x0000        beShort     reserved, may be omitted\r
\r
\r
         -ZipIt Macintosh Extra Field (short, for directories):\r
\r
          The following is the layout of a shortened variant of the\r
          ZipIt extra block for Macintosh used only for directory\r
          entries. This variant is used by ZipIt 1.3.5 and newer to \r
          save some optional Mac-specific information about directories.\r
          The local-header and central-header versions are identical.\r
\r
          Value         Size        Description\r
          -----         ----        -----------\r
  (Mac2c) 0x2805        Short       tag for this extra block type\r
          TSize         Short       total data size for this block (12)\r
          "ZPIT"        beLong      extra-field signature\r
          frFlags       beShort     attributes from DInfo.frFlags, may\r
                                    be omitted\r
          View          beShort     ZipIt view flag, may be omitted\r
\r
\r
          The View field specifies ZipIt-internal settings as follows:\r
\r
          Bits of the Flags:\r
              bit 0           if set, the folder is shown expanded (open)\r
                              when the archive contents are viewed in ZipIt.\r
              bits 1-15       reserved, zero;\r
\r
\r
         -ZIP64 Extended Information Extra Field:\r
\r
          The following is the layout of the ZIP64 extended \r
          information "extra" block. If one of the size or\r
          offset fields in the Local or Central directory\r
          record is too small to hold the required data,\r
          a ZIP64 extended information record is created.\r
          The order of the fields in the ZIP64 extended \r
          information record is fixed, but the fields will\r
          only appear if the corresponding Local or Central\r
          directory record field is set to 0xFFFF or 0xFFFFFFFF.\r
\r
          Note: all fields stored in Intel low-byte/high-byte order.\r
\r
          Value      Size       Description\r
          -----      ----       -----------\r
  (ZIP64) 0x0001     2 bytes    Tag for this "extra" block type\r
          Size       2 bytes    Size of this "extra" block\r
          Original \r
          Size       8 bytes    Original uncompresseed file size\r
          Compressed\r
          Size       8 bytes    Size of compressed data\r
          Relative Header\r
          Offset     8 bytes    Offset of local header record\r
          Disk Start\r
          Number     4 bytes    Number of the disk on which\r
                                this file starts \r
\r
          This entry in the Local header must include BOTH original\r
          and compressed file sizes.\r
\r
         -FWKCS MD5 Extra Field:\r
\r
          The FWKCS Contents_Signature System, used in\r
          automatically identifying files independent of file name,\r
          optionally adds and uses an extra field to support the\r
          rapid creation of an enhanced contents_signature:\r
\r
              Header ID = 0x4b46\r
              Data Size = 0x0013\r
              Preface   = 'M','D','5'\r
              followed by 16 bytes containing the uncompressed file's\r
              128_bit MD5 hash(1), low byte first.\r
\r
          When FWKCS revises a .ZIP file central directory to add\r
          this extra field for a file, it also replaces the\r
          central directory entry for that file's uncompressed\r
          file length with a measured value.\r
\r
          FWKCS provides an option to strip this extra field, if\r
          present, from a .ZIP file central directory. In adding\r
          this extra field, FWKCS preserves .ZIP file Authenticity\r
          Verification; if stripping this extra field, FWKCS\r
          preserves all versions of AV through PKZIP version 2.04g.\r
\r
          FWKCS, and FWKCS Contents_Signature System, are\r
          trademarks of Frederick W. Kantor.\r
\r
          (1) R. Rivest, RFC1321.TXT, MIT Laboratory for Computer\r
              Science and RSA Data Security, Inc., April 1992.\r
              ll.76-77: "The MD5 algorithm is being placed in the\r
              public domain for review and possible adoption as a\r
              standard."\r
\r
      file comment: (Variable)\r
\r
          The comment for this file.\r
\r
      number of this disk: (2 bytes)\r
\r
          The number of this disk, which contains central\r
          directory end record. If an archive is in zip64 format\r
          and the value in this field is 0xFFFF, the size will \r
          be in the corresponding 4 byte zip64 end of central \r
          directory field.\r
\r
\r
      number of the disk with the start of the central\r
      directory: (2 bytes)\r
\r
          The number of the disk on which the central\r
          directory starts. If an archive is in zip64 format\r
          and the value in this field is 0xFFFF, the size will \r
          be in the corresponding 4 byte zip64 end of central \r
          directory field.\r
\r
      total number of entries in the central dir on \r
      this disk: (2 bytes)\r
\r
          The number of central directory entries on this disk.\r
          If an archive is in zip64 format and the value in \r
          this field is 0xFFFF, the size will be in the \r
          corresponding 8 byte zip64 end of central \r
          directory field.\r
\r
      total number of entries in the central dir: (2 bytes)\r
\r
          The total number of files in the .ZIP file. If an \r
          archive is in zip64 format and the value in this field\r
          is 0xFFFF, the size will be in the corresponding 8 byte \r
          zip64 end of central directory field.\r
\r
      size of the central directory: (4 bytes)\r
\r
          The size (in bytes) of the entire central directory.\r
          If an archive is in zip64 format and the value in \r
          this field is 0xFFFFFFFF, the size will be in the \r
          corresponding 8 byte zip64 end of central \r
          directory field.\r
\r
      offset of start of central directory with respect to\r
      the starting disk number:  (4 bytes)\r
\r
          Offset of the start of the central directory on the\r
          disk on which the central directory starts. If an \r
          archive is in zip64 format and the value in this \r
          field is 0xFFFFFFFF, the size will be in the \r
          corresponding 8 byte zip64 end of central \r
          directory field.\r
\r
      .ZIP file comment length: (2 bytes)\r
\r
          The length of the comment for this .ZIP file.\r
\r
      .ZIP file comment: (Variable)\r
\r
          The comment for this .ZIP file.\r
\r
      zip64 extensible data sector    (variable size)\r
\r
          (currently reserved for use by PKWARE)\r
\r
\r
  I.  General notes:\r
\r
      1)  All fields unless otherwise noted are unsigned and stored\r
          in Intel low-byte:high-byte, low-word:high-word order.\r
\r
      2)  String fields are not null terminated, since the\r
          length is given explicitly.\r
\r
      3)  Local headers should not span disk boundaries.  Also, even\r
          though the central directory can span disk boundaries, no\r
          single record in the central directory should be split\r
          across disks.\r
\r
      4)  The entries in the central directory may not necessarily\r
          be in the same order that files appear in the .ZIP file.\r
\r
      5)  Spanned/Split archives created using PKZIP for Windows\r
          (V2.50 or greater), PKZIP Command Line (V2.50 or greater),\r
          or PKZIP Explorer will include a special spanning \r
          signature as the first 4 bytes of the first segment of\r
          the archive.  This signature (0x08074b50) will be \r
          followed immediately by the local header signature for\r
          the first file in the archive.  A special spanning\r
          marker may also appear in spanned/split archives if the\r
          spanning or splitting process starts but only requires\r
          one segement.  In this case the 0x08074b50 signature\r
          will be replaced with the temporary spanning marker\r
          signature of 0x30304b50.  Spanned/split archives\r
          created with this special signature are compatible with\r
          all versions of PKZIP from PKWARE.  Split archives can\r
          only be uncompressed by other versions of PKZIP that\r
          know how to create a split archive.\r
\r
      6)  If one of the fields in the end of central directory\r
          record is too small to hold required data, the field\r
          should be set to -1 (0xFFFF or 0xFFFFFFFF) and the\r
          Zip64 format record should be created.\r
\r
      7)  The end of central directory record and the\r
          Zip64 end of central directory locator record must\r
          reside on the same disk when splitting or spanning\r
          an archive.\r
\r
UnShrinking - Method 1\r
----------------------\r
\r
Shrinking is a Dynamic Ziv-Lempel-Welch compression algorithm\r
with partial clearing.  The initial code size is 9 bits, and\r
the maximum code size is 13 bits.  Shrinking differs from\r
conventional Dynamic Ziv-Lempel-Welch implementations in several\r
respects:\r
\r
1)  The code size is controlled by the compressor, and is not\r
    automatically increased when codes larger than the current\r
    code size are created (but not necessarily used).  When\r
    the decompressor encounters the code sequence 256\r
    (decimal) followed by 1, it should increase the code size\r
    read from the input stream to the next bit size.  No\r
    blocking of the codes is performed, so the next code at\r
    the increased size should be read from the input stream\r
    immediately after where the previous code at the smaller\r
    bit size was read.  Again, the decompressor should not\r
    increase the code size used until the sequence 256,1 is\r
    encountered.\r
\r
2)  When the table becomes full, total clearing is not\r
    performed.  Rather, when the compressor emits the code\r
    sequence 256,2 (decimal), the decompressor should clear\r
    all leaf nodes from the Ziv-Lempel tree, and continue to\r
    use the current code size.  The nodes that are cleared\r
    from the Ziv-Lempel tree are then re-used, with the lowest\r
    code value re-used first, and the highest code value\r
    re-used last.  The compressor can emit the sequence 256,2\r
    at any time.\r
\r
Expanding - Methods 2-5\r
-----------------------\r
\r
The Reducing algorithm is actually a combination of two\r
distinct algorithms.  The first algorithm compresses repeated\r
byte sequences, and the second algorithm takes the compressed\r
stream from the first algorithm and applies a probabilistic\r
compression method.\r
\r
The probabilistic compression stores an array of 'follower\r
sets' S(j), for j=0 to 255, corresponding to each possible\r
ASCII character.  Each set contains between 0 and 32\r
characters, to be denoted as S(j)[0],...,S(j)[m], where m<32.\r
The sets are stored at the beginning of the data area for a\r
Reduced file, in reverse order, with S(255) first, and S(0)\r
last.\r
\r
The sets are encoded as { N(j), S(j)[0],...,S(j)[N(j)-1] },\r
where N(j) is the size of set S(j).  N(j) can be 0, in which\r
case the follower set for S(j) is empty.  Each N(j) value is\r
encoded in 6 bits, followed by N(j) eight bit character values\r
corresponding to S(j)[0] to S(j)[N(j)-1] respectively.  If\r
N(j) is 0, then no values for S(j) are stored, and the value\r
for N(j-1) immediately follows.\r
\r
Immediately after the follower sets, is the compressed data\r
stream.  The compressed data stream can be interpreted for the\r
probabilistic decompression as follows:\r
\r
let Last-Character <- 0.\r
loop until done\r
    if the follower set S(Last-Character) is empty then\r
        read 8 bits from the input stream, and copy this\r
        value to the output stream.\r
    otherwise if the follower set S(Last-Character) is non-empty then\r
        read 1 bit from the input stream.\r
        if this bit is not zero then\r
            read 8 bits from the input stream, and copy this\r
            value to the output stream.\r
        otherwise if this bit is zero then\r
            read B(N(Last-Character)) bits from the input\r
            stream, and assign this value to I.\r
            Copy the value of S(Last-Character)[I] to the\r
            output stream.\r
\r
    assign the last value placed on the output stream to\r
    Last-Character.\r
end loop\r
\r
B(N(j)) is defined as the minimal number of bits required to\r
encode the value N(j)-1.\r
\r
The decompressed stream from above can then be expanded to\r
re-create the original file as follows:\r
\r
let State <- 0.\r
\r
loop until done\r
    read 8 bits from the input stream into C.\r
    case State of\r
        0:  if C is not equal to DLE (144 decimal) then\r
                copy C to the output stream.\r
            otherwise if C is equal to DLE then\r
                let State <- 1.\r
\r
        1:  if C is non-zero then\r
                let V <- C.\r
                let Len <- L(V)\r
                let State <- F(Len).\r
            otherwise if C is zero then\r
                copy the value 144 (decimal) to the output stream.\r
                let State <- 0\r
\r
        2:  let Len <- Len + C\r
            let State <- 3.\r
\r
        3:  move backwards D(V,C) bytes in the output stream\r
            (if this position is before the start of the output\r
            stream, then assume that all the data before the\r
            start of the output stream is filled with zeros).\r
            copy Len+3 bytes from this position to the output stream.\r
            let State <- 0.\r
    end case\r
end loop\r
\r
The functions F,L, and D are dependent on the 'compression\r
factor', 1 through 4, and are defined as follows:\r
\r
For compression factor 1:\r
    L(X) equals the lower 7 bits of X.\r
    F(X) equals 2 if X equals 127 otherwise F(X) equals 3.\r
    D(X,Y) equals the (upper 1 bit of X) * 256 + Y + 1.\r
For compression factor 2:\r
    L(X) equals the lower 6 bits of X.\r
    F(X) equals 2 if X equals 63 otherwise F(X) equals 3.\r
    D(X,Y) equals the (upper 2 bits of X) * 256 + Y + 1.\r
For compression factor 3:\r
    L(X) equals the lower 5 bits of X.\r
    F(X) equals 2 if X equals 31 otherwise F(X) equals 3.\r
    D(X,Y) equals the (upper 3 bits of X) * 256 + Y + 1.\r
For compression factor 4:\r
    L(X) equals the lower 4 bits of X.\r
    F(X) equals 2 if X equals 15 otherwise F(X) equals 3.\r
    D(X,Y) equals the (upper 4 bits of X) * 256 + Y + 1.\r
\r
Imploding - Method 6\r
--------------------\r
\r
The Imploding algorithm is actually a combination of two distinct\r
algorithms.  The first algorithm compresses repeated byte\r
sequences using a sliding dictionary.  The second algorithm is\r
used to compress the encoding of the sliding dictionary output,\r
using multiple Shannon-Fano trees.\r
\r
The Imploding algorithm can use a 4K or 8K sliding dictionary\r
size. The dictionary size used can be determined by bit 1 in the\r
general purpose flag word; a 0 bit indicates a 4K dictionary\r
while a 1 bit indicates an 8K dictionary.\r
\r
The Shannon-Fano trees are stored at the start of the compressed\r
file. The number of trees stored is defined by bit 2 in the\r
general purpose flag word; a 0 bit indicates two trees stored, a\r
1 bit indicates three trees are stored.  If 3 trees are stored,\r
the first Shannon-Fano tree represents the encoding of the\r
Literal characters, the second tree represents the encoding of\r
the Length information, the third represents the encoding of the\r
Distance information.  When 2 Shannon-Fano trees are stored, the\r
Length tree is stored first, followed by the Distance tree.\r
\r
The Literal Shannon-Fano tree, if present is used to represent\r
the entire ASCII character set, and contains 256 values.  This\r
tree is used to compress any data not compressed by the sliding\r
dictionary algorithm.  When this tree is present, the Minimum\r
Match Length for the sliding dictionary is 3.  If this tree is\r
not present, the Minimum Match Length is 2.\r
\r
The Length Shannon-Fano tree is used to compress the Length part\r
of the (length,distance) pairs from the sliding dictionary\r
output.  The Length tree contains 64 values, ranging from the\r
Minimum Match Length, to 63 plus the Minimum Match Length.\r
\r
The Distance Shannon-Fano tree is used to compress the Distance\r
part of the (length,distance) pairs from the sliding dictionary\r
output. The Distance tree contains 64 values, ranging from 0 to\r
63, representing the upper 6 bits of the distance value.  The\r
distance values themselves will be between 0 and the sliding\r
dictionary size, either 4K or 8K.\r
\r
The Shannon-Fano trees themselves are stored in a compressed\r
format. The first byte of the tree data represents the number of\r
bytes of data representing the (compressed) Shannon-Fano tree\r
minus 1.  The remaining bytes represent the Shannon-Fano tree\r
data encoded as:\r
\r
    High 4 bits: Number of values at this bit length + 1. (1 - 16)\r
    Low  4 bits: Bit Length needed to represent value + 1. (1 - 16)\r
\r
The Shannon-Fano codes can be constructed from the bit lengths\r
using the following algorithm:\r
\r
1)  Sort the Bit Lengths in ascending order, while retaining the\r
    order of the original lengths stored in the file.\r
\r
2)  Generate the Shannon-Fano trees:\r
\r
    Code <- 0\r
    CodeIncrement <- 0\r
    LastBitLength <- 0\r
    i <- number of Shannon-Fano codes - 1   (either 255 or 63)\r
\r
    loop while i >= 0\r
        Code = Code + CodeIncrement\r
        if BitLength(i) <> LastBitLength then\r
            LastBitLength=BitLength(i)\r
            CodeIncrement = 1 shifted left (16 - LastBitLength)\r
        ShannonCode(i) = Code\r
        i <- i - 1\r
    end loop\r
\r
3)  Reverse the order of all the bits in the above ShannonCode()\r
    vector, so that the most significant bit becomes the least\r
    significant bit.  For example, the value 0x1234 (hex) would\r
    become 0x2C48 (hex).\r
\r
4)  Restore the order of Shannon-Fano codes as originally stored\r
    within the file.\r
\r
Example:\r
\r
    This example will show the encoding of a Shannon-Fano tree\r
    of size 8.  Notice that the actual Shannon-Fano trees used\r
    for Imploding are either 64 or 256 entries in size.\r
\r
Example:   0x02, 0x42, 0x01, 0x13\r
\r
    The first byte indicates 3 values in this table.  Decoding the\r
    bytes:\r
            0x42 = 5 codes of 3 bits long\r
            0x01 = 1 code  of 2 bits long\r
            0x13 = 2 codes of 4 bits long\r
\r
    This would generate the original bit length array of:\r
    (3, 3, 3, 3, 3, 2, 4, 4)\r
\r
    There are 8 codes in this table for the values 0 thru 7.  Using \r
    the algorithm to obtain the Shannon-Fano codes produces:\r
\r
                                  Reversed     Order     Original\r
Val  Sorted   Constructed Code      Value     Restored    Length\r
---  ------   -----------------   --------    --------    ------\r
0:     2      1100000000000000        11       101          3\r
1:     3      1010000000000000       101       001          3\r
2:     3      1000000000000000       001       110          3\r
3:     3      0110000000000000       110       010          3\r
4:     3      0100000000000000       010       100          3\r
5:     3      0010000000000000       100        11          2\r
6:     4      0001000000000000      1000      1000          4\r
7:     4      0000000000000000      0000      0000          4\r
\r
The values in the Val, Order Restored and Original Length columns\r
now represent the Shannon-Fano encoding tree that can be used for\r
decoding the Shannon-Fano encoded data.  How to parse the\r
variable length Shannon-Fano values from the data stream is beyond\r
the scope of this document.  (See the references listed at the end of\r
this document for more information.)  However, traditional decoding\r
schemes used for Huffman variable length decoding, such as the\r
Greenlaw algorithm, can be successfully applied.\r
\r
The compressed data stream begins immediately after the\r
compressed Shannon-Fano data.  The compressed data stream can be\r
interpreted as follows:\r
\r
loop until done\r
    read 1 bit from input stream.\r
\r
    if this bit is non-zero then       (encoded data is literal data)\r
        if Literal Shannon-Fano tree is present\r
            read and decode character using Literal Shannon-Fano tree.\r
        otherwise\r
            read 8 bits from input stream.\r
        copy character to the output stream.\r
    otherwise              (encoded data is sliding dictionary match)\r
        if 8K dictionary size\r
            read 7 bits for offset Distance (lower 7 bits of offset).\r
        otherwise\r
            read 6 bits for offset Distance (lower 6 bits of offset).\r
\r
        using the Distance Shannon-Fano tree, read and decode the\r
          upper 6 bits of the Distance value.\r
\r
        using the Length Shannon-Fano tree, read and decode\r
          the Length value.\r
\r
        Length <- Length + Minimum Match Length\r
\r
        if Length = 63 + Minimum Match Length\r
            read 8 bits from the input stream,\r
            add this value to Length.\r
\r
        move backwards Distance+1 bytes in the output stream, and\r
        copy Length characters from this position to the output\r
        stream.  (if this position is before the start of the output\r
        stream, then assume that all the data before the start of\r
        the output stream is filled with zeros).\r
end loop\r
\r
Tokenizing - Method 7\r
--------------------\r
\r
This method is not used by PKZIP.\r
\r
Deflating - Method 8\r
--------------------\r
\r
The Deflate algorithm is similar to the Implode algorithm using\r
a sliding dictionary of up to 32K with secondary compression\r
from Huffman/Shannon-Fano codes.\r
\r
The compressed data is stored in blocks with a header describing\r
the block and the Huffman codes used in the data block.  The header\r
format is as follows:\r
\r
   Bit 0: Last Block bit     This bit is set to 1 if this is the last\r
                             compressed block in the data.\r
   Bits 1-2: Block type\r
      00 (0) - Block is stored - All stored data is byte aligned.\r
               Skip bits until next byte, then next word = block \r
               length, followed by the ones compliment of the block\r
               length word. Remaining data in block is the stored \r
               data.\r
\r
      01 (1) - Use fixed Huffman codes for literal and distance codes.\r
               Lit Code    Bits             Dist Code   Bits\r
               ---------   ----             ---------   ----\r
                 0 - 143    8                 0 - 31      5\r
               144 - 255    9\r
               256 - 279    7\r
               280 - 287    8\r
\r
               Literal codes 286-287 and distance codes 30-31 are \r
               never used but participate in the huffman construction.\r
\r
      10 (2) - Dynamic Huffman codes.  (See expanding Huffman codes)\r
\r
      11 (3) - Reserved - Flag a "Error in compressed data" if seen.\r
\r
Expanding Huffman Codes\r
-----------------------\r
If the data block is stored with dynamic Huffman codes, the Huffman\r
codes are sent in the following compressed format:\r
\r
   5 Bits: # of Literal codes sent - 256 (256 - 286)\r
           All other codes are never sent.\r
   5 Bits: # of Dist codes - 1           (1 - 32)\r
   4 Bits: # of Bit Length codes - 3     (3 - 19)\r
\r
The Huffman codes are sent as bit lengths and the codes are built as\r
described in the implode algorithm.  The bit lengths themselves are\r
compressed with Huffman codes.  There are 19 bit length codes:\r
\r
   0 - 15: Represent bit lengths of 0 - 15\r
       16: Copy the previous bit length 3 - 6 times.\r
           The next 2 bits indicate repeat length (0 = 3, ... ,3 = 6)\r
              Example:  Codes 8, 16 (+2 bits 11), 16 (+2 bits 10) will\r
                        expand to 12 bit lengths of 8 (1 + 6 + 5)\r
       17: Repeat a bit length of 0 for 3 - 10 times. (3 bits of length)\r
       18: Repeat a bit length of 0 for 11 - 138 times (7 bits of length)\r
\r
The lengths of the bit length codes are sent packed 3 bits per value\r
(0 - 7) in the following order:\r
\r
   16, 17, 18, 0, 8, 7, 9, 6, 10, 5, 11, 4, 12, 3, 13, 2, 14, 1, 15\r
\r
The Huffman codes should be built as described in the Implode algorithm\r
except codes are assigned starting at the shortest bit length, i.e. the\r
shortest code should be all 0's rather than all 1's.  Also, codes with\r
a bit length of zero do not participate in the tree construction.  The\r
codes are then used to decode the bit lengths for the literal and \r
distance tables.\r
\r
The bit lengths for the literal tables are sent first with the number\r
of entries sent described by the 5 bits sent earlier.  There are up\r
to 286 literal characters; the first 256 represent the respective 8\r
bit character, code 256 represents the End-Of-Block code, the remaining\r
29 codes represent copy lengths of 3 thru 258.  There are up to 30\r
distance codes representing distances from 1 thru 32k as described\r
below.\r
\r
                             Length Codes\r
                             ------------\r
      Extra             Extra              Extra              Extra\r
 Code Bits Length  Code Bits Lengths  Code Bits Lengths  Code Bits Length(s)\r
 ---- ---- ------  ---- ---- -------  ---- ---- -------  ---- ---- ---------\r
  257   0     3     265   1   11,12    273   3   35-42    281   5  131-162\r
  258   0     4     266   1   13,14    274   3   43-50    282   5  163-194\r
  259   0     5     267   1   15,16    275   3   51-58    283   5  195-226\r
  260   0     6     268   1   17,18    276   3   59-66    284   5  227-257\r
  261   0     7     269   2   19-22    277   4   67-82    285   0    258\r
  262   0     8     270   2   23-26    278   4   83-98\r
  263   0     9     271   2   27-30    279   4   99-114\r
  264   0    10     272   2   31-34    280   4  115-130\r
\r
                            Distance Codes\r
                            --------------\r
      Extra           Extra             Extra               Extra\r
 Code Bits Dist  Code Bits  Dist   Code Bits Distance  Code Bits Distance\r
 ---- ---- ----  ---- ---- ------  ---- ---- --------  ---- ---- --------\r
   0   0    1      8   3   17-24    16    7  257-384    24   11  4097-6144\r
   1   0    2      9   3   25-32    17    7  385-512    25   11  6145-8192\r
   2   0    3     10   4   33-48    18    8  513-768    26   12  8193-12288\r
   3   0    4     11   4   49-64    19    8  769-1024   27   12 12289-16384\r
   4   1   5,6    12   5   65-96    20    9 1025-1536   28   13 16385-24576\r
   5   1   7,8    13   5   97-128   21    9 1537-2048   29   13 24577-32768\r
   6   2   9-12   14   6  129-192   22   10 2049-3072\r
   7   2  13-16   15   6  193-256   23   10 3073-4096\r
\r
The compressed data stream begins immediately after the\r
compressed header data.  The compressed data stream can be\r
interpreted as follows:\r
\r
do\r
   read header from input stream.\r
\r
   if stored block\r
      skip bits until byte aligned\r
      read count and 1's compliment of count\r
      copy count bytes data block\r
   otherwise\r
      loop until end of block code sent\r
         decode literal character from input stream\r
         if literal < 256\r
            copy character to the output stream\r
         otherwise\r
            if literal = end of block\r
               break from loop\r
            otherwise\r
               decode distance from input stream\r
\r
               move backwards distance bytes in the output stream, and\r
               copy length characters from this position to the output\r
               stream.\r
      end loop\r
while not last block\r
\r
if data descriptor exists\r
   skip bits until byte aligned\r
   read crc and sizes\r
endif\r
\r
Enhanced Deflating - Method 9\r
-----------------------------\r
\r
The Enhanced Deflating algorithm is similar to Deflate but\r
uses a sliding dictionary of up to 64K. Deflate64(tm) is supported\r
by the Deflate extractor. \r
\r
BZIP2 - Method 12\r
-----------------------------\r
\r
BZIP2 is an open-source data compression algorithm developed by \r
Julian Seward.  Information and source code for this algorithm\r
can be found on the internet.\r
\r
Traditional PKWARE Encryption\r
-----------------------------\r
\r
The following information discusses the decryption steps\r
required to support traditional PKWARE encryption.  This\r
form of encryption is considered weak by todays standards\r
and its use is recommended only for situations with\r
low security needs or for compatiblity with older .ZIP \r
applications.\r
\r
Decryption\r
----------\r
\r
The encryption used in PKZIP was generously supplied by Roger\r
Schlafly.  PKWARE is grateful to Mr. Schlafly for his expert\r
help and advice in the field of data encryption.\r
\r
PKZIP encrypts the compressed data stream.  Encrypted files must\r
be decrypted before they can be extracted.\r
\r
Each encrypted file has an extra 12 bytes stored at the start of\r
the data area defining the encryption header for that file.  The\r
encryption header is originally set to random values, and then\r
itself encrypted, using three, 32-bit keys.  The key values are\r
initialized using the supplied encryption password.  After each byte\r
is encrypted, the keys are then updated using pseudo-random number\r
generation techniques in combination with the same CRC-32 algorithm\r
used in PKZIP and described elsewhere in this document.\r
\r
The following is the basic steps required to decrypt a file:\r
\r
1) Initialize the three 32-bit keys with the password.\r
2) Read and decrypt the 12-byte encryption header, further\r
   initializing the encryption keys.\r
3) Read and decrypt the compressed data stream using the\r
   encryption keys.\r
\r
Step 1 - Initializing the encryption keys\r
-----------------------------------------\r
\r
Key(0) <- 305419896\r
Key(1) <- 591751049\r
Key(2) <- 878082192\r
\r
loop for i <- 0 to length(password)-1\r
    update_keys(password(i))\r
end loop\r
\r
Where update_keys() is defined as:\r
\r
update_keys(char):\r
  Key(0) <- crc32(key(0),char)\r
  Key(1) <- Key(1) + (Key(0) & 000000ffH)\r
  Key(1) <- Key(1) * 134775813 + 1\r
  Key(2) <- crc32(key(2),key(1) >> 24)\r
end update_keys\r
\r
Where crc32(old_crc,char) is a routine that given a CRC value and a\r
character, returns an updated CRC value after applying the CRC-32\r
algorithm described elsewhere in this document.\r
\r
Step 2 - Decrypting the encryption header\r
-----------------------------------------\r
\r
The purpose of this step is to further initialize the encryption\r
keys, based on random data, to render a plaintext attack on the\r
data ineffective.\r
\r
Read the 12-byte encryption header into Buffer, in locations\r
Buffer(0) thru Buffer(11).\r
\r
loop for i <- 0 to 11\r
    C <- buffer(i) ^ decrypt_byte()\r
    update_keys(C)\r
    buffer(i) <- C\r
end loop\r
\r
Where decrypt_byte() is defined as:\r
\r
unsigned char decrypt_byte()\r
    local unsigned short temp\r
    temp <- Key(2) | 2\r
    decrypt_byte <- (temp * (temp ^ 1)) >> 8\r
end decrypt_byte\r
\r
After the header is decrypted,  the last 1 or 2 bytes in Buffer\r
should be the high-order word/byte of the CRC for the file being\r
decrypted, stored in Intel low-byte/high-byte order.  Versions of\r
PKZIP prior to 2.0 used a 2 byte CRC check; a 1 byte CRC check is\r
used on versions after 2.0.  This can be used to test if the password\r
supplied is correct or not.\r
\r
Step 3 - Decrypting the compressed data stream\r
----------------------------------------------\r
\r
The compressed data stream can be decrypted as follows:\r
\r
loop until done\r
    read a character into C\r
    Temp <- C ^ decrypt_byte()\r
    update_keys(temp)\r
    output Temp\r
end loop\r
\r
\r
Strong Encryption (EFS)\r
-----------------------\r
\r
Version 5.x of this specification includes support for strong \r
encryption algorithms.  These algorithms can be used with either \r
a password or an X.509v3 digital certificate to encrypt each file. \r
This format specification supports either password or certificate \r
based encryption to meet the security needs of today, to enable \r
interoperability between users within both PKI and non-PKI \r
environments, and to ensure interoperability between different \r
computing platforms that are running a ZIP program.  \r
\r
Password based encryption is the most common form of encryption \r
people are familiar with.  However, inherent weaknesses with \r
passwords (e.g. susceptibility to dictionary/brute force attack) \r
as well as password management and support issues make certificate \r
based encryption a more secure and scalable option.  Industry \r
efforts and support are defining and moving towards more advanced \r
security solutions built around X.509v3 digital certificates and \r
Public Key Infrastructures(PKI) because of the greater scalability, \r
administrative options, and more robust security over traditional \r
password-based encryption. \r
\r
Most standard encryption algorithms are supported with this\r
specification. Reference implementations for many of these \r
algorithms are available from either commercial or open source \r
distributors.  Readily available cryptographic toolkits make\r
implementation of the encryption features straight-forward.\r
\r
The algorithms introduced in Version 5.0 of this specificaion \r
include:\r
\r
    RC2 40 bit, 64 bit, and 128 bit\r
    RC4 40 bit, 64 bit, and 128 bit\r
    DES\r
    3DES 112 bit and 168 bit\r
  \r
Version 5.1 adds support for the following:\r
\r
    AES 128 bit, 192 bit, and 256 bit\r
\r
The details of the strong encryption specification for\r
certificates remain under development as design and testing \r
issues are worked out for the range of algorithms, encryption \r
methods, certificate processing and cross-platform support \r
necessary to meet the advanced security needs of .ZIP file \r
users today and in the future. \r
\r
This feature specification is intended to support basic \r
encryption needs of today, such as password support.  However\r
this specification is also designed to lay the foundation for \r
future advanced security needs.\r
\r
Password-based encryption using strong encryption algorithms\r
operates similarly to the traditional PKWARE encryption defined \r
in this format.  Additional data structures are added to \r
support the processing needs of the strong algorithms.\r
\r
The Strong Encryption data structures are:\r
\r
1. Bits 0 and 6 of the General Purpose bit flag in both local\r
and central header records.  Both bits set indicates strong \r
encryption.\r
\r
\r
2. Extra Field 0x0017 in central header only.\r
\r
     Fields to consider in this record are:\r
\r
     Format - the data format identifier for this record.  The only\r
     value allowed at this time is the integer value 2.\r
\r
     AlgId - integer identifier of the encryption algorithm from the\r
     following range\r
\r
         0x6601 - DES\r
         0x6602 - RC2 (version needed to extract < 5.2)\r
         0x6603 - 3DES 168\r
         0x6609 - 3DES 112\r
         0x660E - AES 128 \r
         0x660F - AES 192 \r
         0x6610 - AES 256 \r
         0x6702 - RC2 (version needed to extract >= 5.2)\r
         0x6801 - RC4\r
         0xFFFF - Unknown algorithm\r
\r
     Bitlen - Explicit bit length of key\r
\r
          40\r
          64\r
         112\r
         128\r
         192\r
         256\r
   \r
     Flags - Processing flags needed for decryption\r
\r
         0x0001 - Password is required to decrypt\r
         0x0002 - reserved for certificates only\r
         0x0003 - Password or certificate required to decrypt\r
\r
         Values > 0x0003 reserved for certificate processing\r
\r
\r
3. Decryption header record preceeding compressed file data.\r
\r
         -Decryption Header:\r
\r
          Value     Size     Description\r
          -----     ----     -----------\r
          IVSize    2 bytes  Size of initialization vector (IV)\r
          IVData    IVSize   Initialization vector for this file\r
          Size      4 bytes  Size of remaining decryption header data\r
          Format    2 bytes  Format definition for this record\r
          AlgID     2 bytes  Encryption algorithm identifier\r
          Bitlen    2 bytes  Bit length of encryption key\r
          Flags     2 bytes  Processing flags\r
          ErdSize   2 bytes  Size of Encrypted Random Data\r
          ErdData   ErdSize  Encrypted Random Data\r
          Reserved1 4 bytes  Reserved certificate data\r
          Reserved2 (var)    Reserved for certificate data\r
          VSize     2 bytes  Size of password validation data\r
          VData     VSize-4  Password validation data\r
          VCRC32    4 bytes  CRC32 of password validation data\r
\r
     IVData - The size of the IV should match the algorithm block size.\r
              The IVData can be completely random data.  If the size of\r
              the randomly generated data does not match the block size\r
              it should be complemented with zero's.  If IVSize is 0, \r
              then IV = CRC32 + 64-bit File Size.\r
\r
     Format - the data format identifier for this record.  The only\r
     value allowed at this time is the integer value 3.\r
\r
     AlgId - integer identifier of the encryption algorithm from the\r
     following range\r
\r
         0x6601 - DES\r
         0x6602 - RC2 (version needed to extract < 5.2)\r
         0x6603 - 3DES 168\r
         0x6609 - 3DES 112\r
         0x660E - AES 128 \r
         0x660F - AES 192 \r
         0x6610 - AES 256 \r
         0x6702 - RC2 (version needed to extract >= 5.2)\r
         0x6801 - RC4\r
         0xFFFF - Unknown algorithm\r
\r
     Bitlen - Explicit bit length of key\r
\r
          40\r
          64\r
         112\r
         128\r
         192\r
         256\r
   \r
     Flags - Processing flags needed for decryption\r
\r
         0x0001 - Password is required to decrypt\r
         0x0002 - reserved for certificates only\r
         0x0003 - Password or certificate required to decrypt\r
\r
         Values > 0x0003 reserved for certificate processing\r
\r
     ErdData - Encrypted random data is used to generate a file\r
               session key for encrypting each file.  SHA1 is \r
               used to calculate hash data used to derive keys.\r
               File session keys are deived from a master session\r
               key generated from the user-supplied password.\r
\r
     Reserved1 - Reserved for certificate processing, if value is\r
               zero, then Reserved2 data is absent.\r
\r
     VSize - This size value will always include the 4 bytes of the\r
             VCRC32 data and will be greater than 4 bytes.\r
\r
     VData - Random data for password validation.  This data is VSize\r
             in length and VSize must be a multiple of the encryption\r
             block size.  VCRC32 is a checksum value of VData.  VSize,\r
             VData, and VCRC32 are stored encrypted and start the\r
             stream of encrypted data for a file.\r
\r
Strong Encryption is always applied to a file after compression. The\r
block oriented algorithms all operate in Cypher Block Chaining (CBC) \r
mode.  The block size used for AES encryption is 16.  All other block\r
algorithms use a block size of 8.  Two ID's are defined for RC2 to \r
account for a discrepancy found in the implementation of the RC2\r
algorithm in the cryptographic library on Windows XP SP1 and all \r
earlier versions of Windows.\r
\r
A pseudo-code representation of the encryption process is as follows:\r
\r
Password = GetUserPassword()\r
RD  = Random()\r
ERD = Encrypt(RD,DeriveKey(SHA1(Password)))\r
For Each File\r
    IV = Random()\r
    VData = Random()\r
    FileSessionKey = DeriveKey(SHA1(RD, IV))\r
    Encrypt(VData + FileData,FileSessionKey)\r
Done\r
\r
The function names and parameter requirements will depend on\r
the choice of the cryptographic toolkit selected.  Almost any\r
toolkit supporting the reference implementations for each\r
algorithm can be used.  The RSA BSAFE(r), OpenSSL, and Microsoft's\r
CryptoAPI libraries are all known to work well.  \r
\r
The features set forth in the Strong Encryption (EFS) specification are\r
covered by a pending patent application.\r
\r
\r
Change Process\r
--------------\r
\r
In order for the .ZIP file format to remain a viable definition, this\r
specification should be considered as open for periodic review and\r
revision.  Although this format was originally designed with a \r
certain level of extensibility, not all changes in technology\r
(present or future) were or will be necessarily considered in its\r
design.  If your application requires new definitions to the\r
extensible sections in this format, or if you would like to \r
submit new data structures, please forward your request to\r
zipformat@pkware.com.  All submissions will be reviewed by the\r
ZIP File Specification Committee for possible inclusion into\r
future versions of this specification.  Periodic revisions\r
to this specification will be published to ensure interoperability.\r
\r
Acknowledgements\r
----------------\r
\r
In addition to the above mentioned contributors to PKZIP and PKUNZIP,\r
I would like to extend special thanks to Robert Mahoney for suggesting\r
the extension .ZIP for this software.\r
\r
References:\r
\r
    Fiala, Edward R., and Greene, Daniel H., "Data compression with\r
       finite windows",  Communications of the ACM, Volume 32, Number 4,\r
       April 1989, pages 490-505.\r
\r
    Held, Gilbert, "Data Compression, Techniques and Applications,\r
       Hardware and Software Considerations", John Wiley & Sons, 1987.\r
\r
    Huffman, D.A., "A method for the construction of minimum-redundancy\r
       codes", Proceedings of the IRE, Volume 40, Number 9, September 1952,\r
       pages 1098-1101.\r
\r
    Nelson, Mark, "LZW Data Compression", Dr. Dobbs Journal, Volume 14,\r
       Number 10, October 1989, pages 29-37.\r
\r
    Nelson, Mark, "The Data Compression Book",  M&T Books, 1991.\r
\r
    Storer, James A., "Data Compression, Methods and Theory",\r
       Computer Science Press, 1988\r
\r
    Welch, Terry, "A Technique for High-Performance Data Compression",\r
       IEEE Computer, Volume 17, Number 6, June 1984, pages 8-19.\r
\r
    Ziv, J. and Lempel, A., "A universal algorithm for sequential data\r
       compression", Communications of the ACM, Volume 30, Number 6,\r
       June 1987, pages 520-540.\r
\r
    Ziv, J. and Lempel, A., "Compression of individual sequences via\r
       variable-rate coding", IEEE Transactions on Information Theory,\r
       Volume 24, Number 5, September 1978, pages 530-536.\r