Security/Notes and Ideas

Here are some notes and ideas we have in mind...

Different ways of doing encryption and signatures

The current implementations for encryption and digital signatures don't take into account that the zip container itself can be tampered. That could be done with zip comments, changing stream compression, order of streams and probably other things. This is not really an issue, but it might look strange to the user that the signature will not break.