11

I'm using following code to create password protected zip file, from a file uploaded by user, in my Python34 application using zipFile. But when I open the zip file from windows, it doesn't ask for the password. I will be using the same password to read zip files from python later on. What am I doing wrong?

Here's my code:

pwdZipFilePath = uploadFilePath + "encryptedZipFiles/"
filePath = uploadFilePath

if not os.path.exists(pwdZipFilePath):        
      os.makedirs(pwdZipFilePath)

#save csv file to a path
fd, filePath = tempfile.mkstemp(suffix=source.name, dir=filePath)

with open(filePath, 'wb') as dest:
    shutil.copyfileobj(source, dest)

#convert that csv to zip
fd, pwdZipFilePath = tempfile.mkstemp(suffix=source.name + ".zip", dir=pwdZipFilePath)

with zipfile.ZipFile(pwdZipFilePath, 'w') as myzip:
    myzip.write(filePath)

    myzip.setpassword(b"tipi")
Improve this question
3
  • Can you actually access file files? Or just visualize it? That's a common behavior in zip password protections that you actually can see the files even though it's password protected.
    – user1767754
    Commented Nov 29, 2017 at 7:58
  • @user1767754 Yeah I can access file inside zip too. I even opened it. What's the point of setting the password if its just gonna open it anyway?
    – Tahreem Iqbal
    Commented Nov 29, 2017 at 7:59
  • @Galen I don't think so. I've checked every related question on this site and still having problems.
    – Tahreem Iqbal
    Commented Nov 29, 2017 at 8:00

2 Answers 2

Reset to default
15

The builtin zipfile module does not support writing password-encrypted files (only reading). Either you could use pyminizip:

import pyminizip
pyminizip.compress("dummy.txt", "myzip.zip", "noneshallpass", compression_level)

Or, if you're on Windows/msysgit, and agnostic to the format:

import os
os.system('tar cz dummy.txt | openssl enc -aes-256-cbc -e -k noneshallpass > mypacked.enc')
os.remove('dummy.txt')
os.system('openssl enc -aes-256-cbc -d -k noneshallpass -in mypacked.enc | tar xz')
Improve this answer
5
  • I just read setPassword and realized after a while that this is for setting before writing.
    – user1767754
    Commented Nov 29, 2017 at 8:39
  • @user1767754 you didn't read at all. See answer from Galen.
    – Jonas Byström
    Commented Nov 29, 2017 at 13:58
  • I actually meant the opposite before reading and wanted to emphasize that the first expectation when read is, that you can set the password of zip files, rather then applying a password when reading.
    – user1767754
    Commented Nov 29, 2017 at 17:07
  • can't install pyminizip on windows.: "error: Microsoft Visual C++ 9.0 is required. Get it from aka.ms/vcpython27"
    – Mostafa
    Commented Mar 10, 2019 at 5:16
  • Windows 10 22H2 (or at least my machine) has tar in system32, but not openssl.
    – aaaantoine
    Commented Aug 4, 2023 at 15:53
13

The documentation for zipfile indicates that ZipFile.setpassword sets the "default password to extract encrypted files."

At the very top of the documentation: "It supports decryption of encrypted files in ZIP archives, but it currently cannot create an encrypted file."

Edit: To create a password protected ZIP file, try a package like pyminizip.

Improve this answer
6
  • 1
    Okay then how do I create a password protected zip file in python? I have consulted other solutions but they've been no help.
    – Tahreem Iqbal
    Commented Nov 29, 2017 at 8:17
  • @TahreemIqbal I would look at a package like pyminizip.
    – Galen
    Commented Nov 29, 2017 at 8:23
  • okay I'm gonna look into it. Thanks
    – Tahreem Iqbal
    Commented Nov 29, 2017 at 8:27
  • I've first thought that he is writing the file and then setting the password, but just realized shockingly that setpassword is kind of lame. But in some book references python in a nutshell they are showing how they use setpassword to protect against dictionary attacks.
    – user1767754
    Commented Nov 29, 2017 at 8:31
  • 1
    The documentation for zipfile says: 'It supports decryption of encrypted files in ZIP archives, but it currently cannot create an encrypted file. Decryption is extremely slow as it is implemented in native Python rather than C.' - Is this module fit for purpose?
    – Ron Kalian
    Commented Jan 31, 2019 at 17:28

Not the answer you're looking for? Browse other questions tagged or ask your own question.