Editing ZIP (file format) (section)

== Design ==
{{mono|.ZIP}} files are archives that store multiple files. ZIP allows contained files to be compressed using many different methods, as well as simply storing a file without compressing it. Each file is stored separately, allowing different files in the same archive to be compressed using different methods. Because the files in a ZIP archive are compressed individually, it is possible to extract them, or add new ones, without applying compression or decompression to the entire archive. This contrasts with the format of compressed [[Tar (file format)|tar]] files, for which such random-access processing is not easily possible.

A directory is placed at the end of a ZIP file. This identifies what files are in the ZIP and identifies where in the ZIP that file is located. This allows ZIP readers to load the list of files without reading the entire ZIP archive. ZIP archives can also include extra data that is not related to the ZIP archive. This allows for a ZIP archive to be made into a self-extracting archive (application that decompresses its contained data), by prepending the program code to a ZIP archive and marking the file as executable. Storing the catalog at the end also makes possible to hide a zipped file by appending it to an innocuous file, such as a GIF image file.

The {{mono|.ZIP}} format uses a [[Cyclic redundancy check#CRC-32 algorithm|32-bit CRC algorithm]] and includes two copies of each entry metadata to provide greater protection against data loss. The CRC-32 algorithm was contributed by David Schwaderer and can be found in his book "C Programmers Guide to NetBIOS" published by Howard W. Sams & Co. Inc.<ref>{{Cite web |last=eZine |date=2023-01-01 |title=The .ZIP File Format |url=https://www.neperos.com/article/rnsyi4f77b5c3ffb |website=Neperos.com |language=en-US}}</ref>

=== Structure ===
[[File:ZIP-64 Internal Layout.svg|thumb|400px|ZIP-64 Internal Layout]]

A ZIP file is correctly identified by the presence of an ''end of central directory record'' which is located at the end of the archive structure in order to allow the easy appending of new files. If the end of central directory record indicates a non-empty archive, the name of each file or directory within the archive should be specified in a ''central directory'' entry, along with other metadata about the entry, and an offset into the ZIP file, pointing to the actual entry data. This allows a file listing of the archive to be performed relatively quickly, as the entire archive does not have to be read to see the list of files. The entries within the ZIP file also include this information, for redundancy, in a ''local file header''. Because ZIP files may be appended to, only files specified in the central directory at the end of the file are valid. Scanning a ZIP file for local file headers is invalid (except in the case of corrupted archives), as the central directory may declare that some files have been deleted and other files have been updated.

For example, we may start with a ZIP file that contains files A, B and C. File B is then deleted and C updated. This may be achieved by just appending a new file C to the end of the original ZIP file and adding a new central directory that only lists file A and the new file C. When ZIP was first designed, transferring files by floppy disk was common, yet writing to disks was very time-consuming. If you had a large zip file, possibly spanning multiple disks, and only needed to update a few files, rather than reading and re-writing all the files, it would be substantially faster to just read the old central directory, append the new files then append an updated central directory.

The order of the file entries in the central directory need not coincide with the order of file entries in the archive.

Each entry stored in a ZIP archive is introduced by a ''local file header'' with information about the file such as the comment, file size and file name, followed by optional "extra" data fields, and then the possibly compressed, possibly encrypted file data. The "Extra" data fields are the key to the extensibility of the ZIP format. "Extra" fields are exploited to support the ZIP64 format, WinZip-compatible AES encryption, file attributes, and higher-resolution NTFS or Unix file timestamps. Other extensions are possible via the "Extra" field. ZIP tools are required by the specification to ignore Extra fields they do not recognize.

The ZIP format uses specific 4-byte "signatures" to denote the various structures in the file. Each file entry is marked by a specific signature. The end of central directory record is indicated with its specific signature, and each entry in the central directory starts with the 4-byte ''central file header signature''.

There is no BOF or EOF marker in the ZIP specification. Conventionally the first thing in a ZIP file is a ZIP entry, which can be identified easily by its ''local file header signature''. However, this is not necessarily the case, as this is not required by the ZIP specification - most notably, a self-extracting archive will begin with an executable file header.

Tools that correctly read ZIP archives must scan for the end of central directory record signature, and then, as appropriate, the other, indicated, central directory records. They must not scan for entries from the top of the ZIP file, because (as previously mentioned in this section) only the central directory specifies where a file chunk starts and that it has not been deleted. Scanning could lead to false positives, as the format does not forbid other data to be between chunks, nor file data streams from containing such signatures. However, tools that attempt to recover data from damaged ZIP  archives will most likely scan the archive for local file header signatures; this is made more difficult by the fact that the compressed size of a file chunk may be stored after the file chunk, making sequential processing difficult.

Most of the signatures end with the short integer 0x4b50, which is stored in [[little-endian]] ordering. Viewed as an [[ASCII]] string this reads "PK", the initials of the inventor Phil Katz. Thus, when a ZIP file is viewed in a text editor the first two bytes of the file are usually "PK". (DOS, OS/2 and Windows self-extracting ZIPs have an [[EXE]] before the ZIP so start with "MZ"; self-extracting ZIPs for other operating systems may similarly be preceded by executable code for extracting the archive's content on that platform.)

The {{mono|.ZIP}} specification also supports spreading archives across multiple file-system files. Originally intended for storage of large ZIP files across multiple [[floppy disk]]s, this feature is now used for sending ZIP archives in parts over email, or over other transports or removable media.

The [[File Allocation Table|FAT filesystem]] of DOS has a timestamp resolution of only two seconds; ZIP file records mimic this. As a result, the built-in timestamp resolution of files in a ZIP archive is only two seconds, though extra fields can be used to store more precise timestamps. The ZIP format has no notion of [[time zone]], so timestamps are only meaningful if it is known what time zone they were created in.

In September 2006, PKWARE released a revision of the ZIP specification providing for the storage of file names using [[UTF-8]], finally adding Unicode compatibility to ZIP.<ref name="zip630"/>

=== File headers ===
All multi-byte values in the header are stored in [[little-endian]] byte order. All length fields count the length in bytes.

==== Local file header ====

{|class="wikitable"
|+ Local file header
|-
! Offset !! Bytes !! Description<ref name="appnote">{{cite web|url=http://www.pkware.com/documents/casestudies/APPNOTE.TXT|format=TXT|title=File : APPNOTE.TXT - .ZIP File Format Specification : Version: 6.3.4|website=Pkware.com|access-date=2017-09-09}}</ref>
|-
|  0 || 4 || Local file header signature = 0x04034b50 (PK♥♦ or "PK\3\4")
|-
|  4 || 2 || Version needed to extract (minimum)
|-
|  6 || 2 || General purpose bit flag
|-
|  8 || 2 || Compression method; e.g. none = 0, DEFLATE = 8 (or "\0x08\0x00")
|-
| 10 || 2 || File last modification time
|-
| 12 || 2 || File last modification date
|-
| 14 || 4 || CRC-32 of uncompressed data
|-
| 18 || 4 || Compressed size (or 0xffffffff for ZIP64)
|-
| 22 || 4 || Uncompressed size (or 0xffffffff for ZIP64)
|-
| 26 || 2 || File name length (''n'')
|-
| 28 || 2 || Extra field length (''m'')
|-
| 30 || ''n'' || File name
|-
| 30+''n'' || ''m'' || Extra field
|}

The extra field contains a variety of optional data such as OS-specific attributes.  It is divided into records, each with at minimum a 16-bit signature and a 16-bit length. A ZIP64 local file extra field record, for example, has the signature 0x0001 and a length of 16 bytes (or more) so that two 64-bit values (the uncompressed and compressed sizes) may follow. Another common local file extension is 0x5455 (or "UT") which contains 32-bit UTC UNIX timestamps.

This is immediately followed by the compressed data.

==== Data descriptor ====

If the bit at offset 3 (0x08) of the general-purpose flags field is set, then the CRC-32 and file sizes are not known when the header is written. If the archive is in Zip64 format, the compressed and uncompressed size fields are 8 bytes long instead of 4 bytes long (see section 4.3.9.2<ref>{{cite web |title=File: APPNOTE.TXT - .ZIP File Format Specification |url=https://pkware.cachefly.net/webdocs/casestudies/APPNOTE.TXT |publisher=PKWARE Inc. |access-date=21 February 2022}}</ref>). The equivalent fields in the local header (or in the Zip64 extended information extra field in the case of archives in Zip64 format) are filled with zero, and the CRC-32 and size are appended in a 12-byte structure (optionally preceded by a 4-byte signature) immediately after the compressed data:

{|class="wikitable"
|+ Data descriptor
|-
! Offset !! Bytes !! Description<ref name="appnote"/>
|-
|  0 || 0 or 4 || ''Optional'' data descriptor signature = 0x08074b50
|-
|  0 or 4 || 4 || CRC-32 of uncompressed data
|-
|  4 or 8 || 4 or 8 || Compressed size
|-
|  8 or 12 or 16|| 4 or 8 || Uncompressed size
|}

==== Central directory file header (CDFH) ====

The central directory file header entry is an expanded form of the local header:
{|class="wikitable"
|+ Central directory file header
|-
! Offset !! Bytes !! Description<ref name="appnote"/>
|-
|  0 || 4 || Central directory file header signature = 0x02014b50
|-
|  4 || 2 || Version made by
|-
|  6 || 2 || Version needed to extract (minimum)
|-
|  8 || 2 || General purpose bit flag
|-
| 10 || 2 || Compression method
|-
| 12 || 2 || File last modification time
|-
| 14 || 2 || File last modification date
|-
| 16 || 4 || CRC-32 of uncompressed data
|-
| 20 || 4 || Compressed size (or 0xffffffff for ZIP64)
|-
| 24 || 4 || Uncompressed size (or 0xffffffff for ZIP64)
|-
| 28 || 2 || File name length (''n'')
|-
| 30 || 2 || Extra field length (''m'')
|-
| 32 || 2 || File comment length (''k'')
|-
| 34 || 2 || Disk number where file starts (or 0xffff for ZIP64)
|-
| 36 || 2 || Internal file attributes
|-
| 38 || 4 || External file attributes
|-
| 42 || 4 || Relative offset of local file header (or 0xffffffff for ZIP64).  This is the number of bytes between the start of the first disk on which the file occurs, and the start of the local file header. This allows software reading the central directory to locate the position of the file inside the ZIP file.
|-
| 46 || ''n'' || File name
|-
| 46+''n'' || ''m'' || Extra field
|-
| 46+''n''+''m'' || ''k'' || File comment
|}

==== End of central directory record (EOCD) ====
After all the central directory entries comes the end of central directory (EOCD) record, which marks the end of the ZIP file:

{|class="wikitable"
|+ End of central directory record (EOCD)
|-
! Offset !! Bytes !! Description<ref name="appnote"/>
|-
|  0 || 4 || End of central directory signature. '''Must be <code>50 4B 05 06</code>'''.
|-
|  4 || 2 || Number of this disk (or 0xffff for ZIP64)
|-
|  6 || 2 || Disk where central directory starts (or 0xffff for ZIP64)
|-
|  8 || 2 || Number of central directory records on this disk (or 0xffff for ZIP64)
|-
| 10 || 2 || Total number of central directory records (or 0xffff for ZIP64)
|-
| 12 || 4 || Size of central directory (bytes) (or 0xffffffff for ZIP64)
|-
| 16 || 4 || Offset of start of central directory, relative to start of archive (or 0xffffffff for ZIP64)
|-
| 20 || 2 || Comment length (''n'')
|-
| 22 || ''n'' || Comment
|}

This ordering allows a ZIP file to be created in one pass, but the central directory is also placed at the end of the file in order to facilitate easy removal of files from multiple-part ''(e.g. "multiple floppy-disk")'' archives, as previously discussed.

=== Compression methods ===
The .ZIP File Format Specification documents the following compression methods: Store (no compression), Shrink ([[LZW]]), Reduce (levels 1–4; LZ77 + probabilistic), Implode, Deflate, Deflate64, [[bzip2]], [[LZMA]], [[Zstandard]], [[WavPack]], [[Prediction by Partial Matching|PPMd]], and a LZ77 variant provided by [[IBM z/OS]] CMPSC instruction.<ref>{{cite web|author=Adler, Mark|title=How are zlib, gzip and zip related? What do they have in common and how are they different?|url=https://stackoverflow.com/a/20765054/233286|access-date=2018-11-27}}</ref><ref name="zip6310"/> The most commonly used compression method is [[DEFLATE]], which is described in IETF {{IETF RFC|1951}}.

Other methods mentioned, but not documented in detail in the specification include: PKWARE DCL Implode (old IBM TERSE), new [[Terse|IBM TERSE]], IBM LZ77 z Architecture (PFS), and a JPEG variant. A "Tokenize" method was reserved for a third party, but support was never added.<ref name="zip635"/>

The word ''Implode'' is overused by PKWARE: the DCL/TERSE Implode is distinct from the old PKZIP Implode, a predecessor to Deflate. The DCL Implode is undocumented partially due to its proprietary nature held by IBM, but [[Mark Adler]] has nevertheless provided a decompressor called "blast" alongside zlib.<ref>{{cite web |title=Frequently Asked Questions about zlib |url=https://www.zlib.net/zlib_faq.html |website=zlib |quote=The PKWare DCL uses a completely different compressed data format than does PKZIP and zlib. However, you can look in zlib's  contrib/blast directory for a possible solution to your problem.}} ([https://github.com/madler/zlib/tree/master/contrib/blast contrib/blast])</ref>

=== Encryption ===
ZIP supports a simple [[password]]-based [[symmetric-key algorithm|symmetric encryption]] system generally known as ZipCrypto. It is documented in the ZIP specification, and known to be seriously flawed. In particular, it is vulnerable to [[known-plaintext attack]]s, which are in some cases made worse by poor implementations of [[random-number generator]]s.<ref name="zipattack">{{cite web|author=Stay, Michael|url=http://math.ucr.edu/~mike/zipattacks.pdf|title=ZIP Attacks with Reduced Known Plaintext|website=Math.ucr.edu|access-date=2017-09-09|archive-url=https://web.archive.org/web/20171028074139/https://www.cs.auckland.ac.nz/~mike/zipattacks.pdf|archive-date=2017-10-28}}</ref> Computers running under native [[Microsoft Windows]] without third-party archivers can open, but not create, ZIP files encrypted with ZipCrypto, but cannot extract the contents of files using different encryption.<ref>{{Cite web |title=How To Password Protect A Zip File |author=Sandeep |website=Tech News Today |date=15 September 2021 |url= https://www.technewstoday.com/password-protect-a-zip-file/}}</ref>

New features including new [[Data compression|compression]] and [[encryption]] (e.g. [[Advanced Encryption Standard|AES]]) methods have been documented in the ZIP File Format Specification since version 5.2. A [[WinZip]]-developed AES-based open standard ("AE-x" in APPNOTE) is used also by [[7-Zip]] and [[Xceed (software company)|Xceed]], but some vendors use other formats.<ref>{{cite web|url=https://www.winzip.com/win/en/aes_info.html |title=AES Encryption Information: Encryption Specification AE-1 and AE-2|website=Winzip.com|access-date=2017-09-09}}</ref> PKWARE SecureZIP (SES, proprietary) also supports RC2, RC4, DES, Triple DES encryption methods, Digital Certificate-based encryption and authentication ([[X.509]]), and archive header encryption. It is, however, patented (see {{section link||Strong encryption controversy}}).<ref name="pkware">{{cite web|url=http://www.pkware.com/support/zip-app-note/|title=APPNOTE - PKZIP/SecureZIP - PKWARE Support Site|website=Pkware.com|access-date=9 September 2017}}</ref>

[[File name]] [[encryption]] is introduced in .ZIP File Format Specification 6.2, which encrypts metadata stored in Central Directory portion of an archive, but Local Header sections remain unencrypted. A compliant archiver can falsify the Local Header data when using Central Directory Encryption. As of version 6.2 of the specification, the Compression Method and Compressed Size fields within Local Header are not yet masked.

=== ZIP64 ===
The original {{mono|.ZIP}} format had a 4&nbsp;GB (2<sup>32</sup> bytes) limit on various things (uncompressed size of a file, compressed size of a file, and total size of the archive), as well as a limit of 65,535 (2<sup>16</sup>-1) entries in a ZIP archive. In version 4.5 of the specification (which is not the same as v4.5 of any particular tool), PKWARE introduced the "ZIP64" format extensions to get around these limitations, increasing the limits to 16&nbsp;[[Exabyte|EB]] (2<sup>64</sup> bytes). In essence, it uses a "normal" central directory entry for a file, followed by an optional "zip64" directory entry, which has the larger fields.<ref>{{cite web|url=https://pkware.cachefly.net/webdocs/casestudies/APPNOTE.TXT|format=TXT|title=File : APPNOTE.TXT - .ZIP File Format Specification : Version: 6.3.4|website=Pkware.cachefly.net|access-date=2017-09-09}}</ref>

The format of the Local file header (LOC) and Central directory file header (CDFH) are the same in ZIP and ZIP64. However, ZIP64 specifies an extra field that may be added to those records at the discretion of the compressor, whose purpose is to store values that do not fit in the classic LOC or CDFH records. To signal that the actual values are stored in ZIP64 extra fields, they are set to 0xFFFF or 0xFFFFFFFF in the corresponding LOC or CDFH record. If one entry does not fit into the classic LOC or CDFH record, only that entry is required to be moved into a ZIP64 extra field. The other entries may stay in the classic record. Therefore, not all entries shown in the following table might be stored in a ZIP64 extra field. However, if they appear, their order must be as shown in the table.
{|class="wikitable"
|+ Zip64 extended information extra field
|-
! Offset !! Bytes !! Description<ref name="appnote"/>
|-
|  0 || 2 || Header ID 0x0001
|-
|  2 || 2 || Size of the extra field chunk (8, 16, 24 or 28)
|-
|  4 || 8 || Original uncompressed file size
|-
|  12 || 8 || Size of compressed data
|-
|  20 || 8 || Offset of local header record
|-
|  28 || 4 || Number of the disk on which this file starts
|}
On the other hand, the format of EOCD for ZIP64 is slightly different from the normal ZIP version.<ref name="appnote"/>
{|class="wikitable"
|+ Zip64 End of central directory record (EOCD64)
|-
! Offset !! Bytes !! Description<ref name="appnote"/>
|-
|  0 || 4 || End of central directory signature = 0x06064b50
|-
|  4 || 8 || Size of the EOCD64 minus 12
|-
| 12 || 2 || Version made by
|-
| 14 || 2 || Version needed to extract (minimum)
|-
| 16 || 4 || Number of this disk
|-
| 20 || 4 || Disk where central directory starts
|-
| 24 || 8 || Number of central directory records on this disk
|-
| 32 || 8 || Total number of central directory records
|-
| 40 || 8 || Size of central directory (bytes)
|-
| 48 || 8 || Offset of start of central directory, relative to start of archive
|-
| 56 || ''n'' || Comment (up to the size of EOCD64)
|}
It is also not necessarily the last record in the file. An End of Central Directory Locator follows (an additional 20 bytes at the end).

The File Explorer in Windows XP does not support ZIP64, but the Explorer in Windows Vista and later do.{{citation needed|date=October 2015}} Likewise, some extension libraries support ZIP64, such as DotNetZip, QuaZIP<ref>{{cite web | url=http://sourceforge.net/p/quazip/code/HEAD/tree/tags/0.6/quazip/NEWS.txt | title=QuaZIP changes | access-date=2014-01-25 | date=22 January 2014 }}</ref> and IO::Compress::Zip in Perl. [[Python (programming language)|Python]]'s built-in zipfile supports it since 2.5 and defaults to it since 3.4.<ref>{{cite web | url=http://bugs.python.org/issue17201 | title=Python enhancement: Use allowZip64=True by default (3.4) | access-date=2014-05-06}}</ref>  [[OpenJDK]]'s built-in java.util.zip supports ZIP64 from version [[Java Dolphin|Java 7]].<ref>{{cite web | url=https://blogs.oracle.com/xuemingshen/entry/zip64_support_for_4g_zipfile | title=ZIP64, The Format for > 4G Zipfile, Is Now Supported | access-date=27 Sep 2010 | last=Shen | first=Xueming | date=17 April 2009 | work=Xueming Shen's Blog | publisher=[[Sun Microsystems]] }}{{Dead link|date=March 2025 |bot=InternetArchiveBot |fix-attempted=yes }}</ref> [[Android (operating system)|Android]] Java API support ZIP64 since Android 6.0.<ref>{{cite web|url=https://code.google.com/p/android/issues/detail?id=68666|title=Sign in - Google Accounts|website=code.google.com|access-date=9 September 2017}}</ref> Mac OS Sierra's Archive Utility notably does not support ZIP64, and can create corrupt archives when ZIP64 would be required.<ref>{{cite web|url=https://github.com/thejoshwolfe/yauzl/issues/69#issuecomment-359188643|title=Error: invalid central directory file header signature when unzipping big files, zipped by mac os · Issue #69 · thejoshwolfe/yauzl|website=GitHub}}</ref>  However, the ditto command shipped with Mac OS will unzip ZIP64 files.<ref>{{cite web | url=https://superuser.com/questions/114011/extract-large-zip-file-50-gb-on-mac-os-x | title=Extract large zip file (50 GB) on Mac OS X | access-date=17 Dec 2018  }}</ref> More recent{{when|date=March 2020}} versions of Mac OS ship with info-zip's zip and unzip command line tools which do support Zip64: to verify run zip -v and look for "ZIP64_SUPPORT".

=== Combination with other file formats ===
The {{mono|.ZIP}} file format allows for a comment containing up to 65,535 (2<sup>16</sup>−1) bytes of data to occur at the end of the file after the central directory.<ref name="appnote"/> Also, because the central directory specifies the offset of each file in the archive with respect to the start, it is possible for the first file entry to start at an offset other than zero, although some tools might not process archive files that do not start with a file entry at offset zero. The program [[gzip]], for example, happens to be able to extract an entry from a .ZIP file if it is at offset zero.

This allows arbitrary data to occur in the file both before and after the ZIP archive data, and for the archive to still be read by a ZIP application. A side-effect of this is that it is possible to author a file that is both a working ZIP archive and another format, provided that the other format tolerates arbitrary data at its end, beginning, or middle. [[Self-extracting archives]] (SFX), of the form supported by WinZip, take advantage of this, in that they are executable ({{mono|.exe}}) files that conform to the PKZIP AppNote.txt specification, and can be read by compliant zip tools or libraries.

This property of the {{mono|.ZIP}} format, and of the [[JAR (file format)|JAR]] format which is a variant of ZIP, can be exploited to hide rogue content (such as harmful Java classes) inside a seemingly harmless file, such as a GIF image uploaded to the web. This so-called [[Polyglot (computing)#GIFAR attack|GIFAR]] exploit has been demonstrated as an effective attack against web applications such as Facebook.<ref>{{cite web|url=http://www.infoworld.com/article/2653025/security/a-photo-that-can-steal-your-online-credentials.html|title=A photo that can steal your online credentials|first=Robert|last=McMillan|website=Infoworld.com|date=August 2008|access-date=9 September 2017}}</ref>

=== Limits ===
The minimum size of a {{mono|.ZIP}} file is 22 bytes. Such an ''empty zip file'' contains only an End of Central Directory Record (EOCD):
<br />{{code|[0x50,0x4B,0x05,0x06,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00]}}

The maximum size for both the archive file and the individual files inside it is 4,294,967,295 bytes (2<sup>32</sup>−1 bytes, or 4&nbsp;GB minus 1 byte) for standard ZIP. For ZIP64, the maximum size is 18,446,744,073,709,551,615 bytes (2<sup>64</sup>−1 bytes, or 16&nbsp;EB minus 1 byte).<ref name="ziplimit">{{cite web|url=http://www.artpol-software.com/ZipArchive/KB/0610051629.aspx|title=ZipArchive: Zip64 Format: Crossing the Limits of File Sizes and Number of Files and Segments|website=Artpol-software.com|access-date=9 September 2017}}</ref>

=== Open extensions ===
==== Seek-optimized (SOZip) profile ====

A Seek-Optimized ZIP file (SOZip) profile<ref>{{cite web|last1=Rouault|first1=Even (OSGeo)|url=https://github.com/sozip/sozip-spec/blob/master/sozip_specification.md|format=markdown|title=Seek-optimized ZIP (SOZip) profile|website=github.com|access-date=2023-01-11}}</ref> has been proposed for the ZIP format. Such file contains one or several Deflate-compressed files that are organized and annotated such that a SOZip-aware reader can perform very fast random access (seek) within a compressed file. SOZip makes it possible to access large compressed files directly from a .zip file without prior decompression. It combines the use of ZLib block flushes issued at regular interval with a hidden index file mapping offsets of the uncompressed file to offsets in the compressed stream. ZIP readers that are not aware of that extension can read a SOZip-enabled file normally and ignore the extended features that support efficient seek capability.

=== Proprietary extensions ===
==== Extra field ====
{{mono|.ZIP}} file format includes an extra field facility within file headers, which can be used to store extra data not defined by existing ZIP specifications, and which allow compliant archivers that do not recognize the fields to safely skip them. Header IDs 0–31 are reserved for use by PKWARE. The remaining IDs can be used by third-party vendors for proprietary usage.

==== Strong encryption controversy ====
When [[WinZip]] 9.0 public beta was released in 2003, WinZip introduced its own [[AES-256]] encryption, using a different file format, along with the documentation for the new specification.<ref>{{cite web|url=http://www.winzip.com/aes_info.htm|title=WinZip – AES Encryption Information|website=Winzip.com|access-date=2017-09-09}}</ref> The encryption standards themselves were not [[Proprietary software|proprietary]], but PKWARE had not updated APPNOTE.TXT to include Strong Encryption Specification (SES) since 2001, which had been used by PKZIP versions 5.0 and 6.0. WinZip technical consultant Kevin Kearney and [[StuffIt]] product manager Mathew Covington accused PKWARE of withholding SES, but PKZIP chief technology officer Jim Peterson claimed that certificate-based encryption was still incomplete.

In another controversial move, PKWare applied for a patent on 16 July 2003 describing a method for combining ZIP and strong encryption to create a secure file.<ref>{{Cite web |url=http://www.infoworld.com/article/03/07/25/HNpkware_1.html |title=PKWare seeks patent for .zip file format |first=Robert |last=McMillan |date=July 25, 2003 |work=InfoWorld.com |access-date=16 June 2008 |archive-url=https://web.archive.org/web/20030810012219/http://www.infoworld.com/article/03/07/25/HNpkware_1.html |archive-date=2003-08-10 |url-status=dead |df=dmy-all }}</ref>

In the end, PKWARE and WinZip agreed to support each other's products. On 21 January 2004, PKWARE announced the support of WinZip-based AES compression format.<ref>{{cite web|url=http://www.news.com/2100-1012_3-5145491.html?tag=fd_nbs_ent|title=Software makers patch Zip tiff|website=News.com|access-date=9 September 2017}}</ref> In a later version of WinZip beta, it was able to support SES-based ZIP files.<ref>{{cite web|url=https://www.theregister.co.uk/2004/01/21/zip_file_encryption_compromise_thrashed/|title=Zip file encryption compromise thrashed out|author=John Leyden|website=Theregister.co.uk|access-date=9 September 2017}}</ref> PKWARE eventually released version 5.2 of the .ZIP File Format Specification to the public, which documented SES.  The [[Free Software]] project [[7-Zip]] also supports AES, but not SES in ZIP files (as does its [[POSIX]] [[Porting|port]] [[p7zip]]).

When using AES encryption under WinZip, the compression method is always set to 99, with the actual compression method stored in an AES extra data field.<ref>{{cite web |url=http://www.winzip.com/win/en/aes_info.htm |title=AES Encryption Information: Encryption Specification AE-1 and AE-2 |website=Winzip.com |access-date=2017-09-09}}</ref> In contrast, Strong Encryption Specification stores the compression method in the basic file header segment of Local Header and Central Directory, unless Central Directory Encryption is used to mask/encrypt metadata.