(fwZip): add "encryption" support when reading and writing jsonz archives
Description
Currently, our jsonz and xmlz format are simply plain zip files and we use a undetermined minizip "fork" (minizip is a part of ZLIB), directly put inside Sight to create them. We need to support encryption to be able to protect them against unauthorized access. As a bonus, it would be great if we are able to separate this code from Sight and put it to a standalone conan package
Proposal
We have three options:
-
Use Minizip 1.2 branch from https://github.com/nmoinvaz/minizip: It is a fork, but with all bugs reported on the original minizip corrected, plus, with AES encryption support (compatible with winzip AES). It seems well maintained and followed. It is a drop in replacement, so our code won't change too much (but still a bit).
- PRO: simple and efficient
- CONS: still an alien inside sight body. Zip compression is outdated (would love ZSTD)
-
Use Minizip 2.x branch from https://github.com/nmoinvaz/minizip as a standalone conan package: Same as branch 1.2, but the API and the code has been refactored. A bit more work on our side. Ideally, the encryption and archive signing use openSSL.
- PRO: Standalone package, more updated than 1.2 branch. Support LZMA compression
- CONS: No official Debian package. We must provide it. -> no way for me...
-
Use Libarchive: https://libarchive.org/: The API is completely different, a lot of work is required. For the first impression, I don't think it fits well with our way to read and write archive. The performance may suffer when using random file access.
- PRO: Standalone package, well supported. Support LZMA, ZSTD compression
- CONS: Only ZIP and 7Z format support encryption. Requires many external dependencies. Not designed for random access.