Password protected archives are exposed once they become empty #191
Description
- Creating a password protected archive with
-mhe=onand-p:
$ touch test
$ 7z a -mhe=on -p protected.7z test
# 7-Zip 26.00 (x64) : Copyright (c) 1999-2026 Igor Pavlov : 2026-02-12
# 64-bit locale=en_GB.UTF-8 Threads:4 OPEN_MAX:1024, ASM
#
# Scanning the drive:
# 1 file, 0 bytes
#
# Creating archive: protected.7z
#
# Add new data to archive: 1 file, 0 bytes
#
#
# Enter password:password
#
#
# Files read from disk: 0
# Archive size: 142 bytes (1 KiB)
# Everything is Ok- Demonstrating that listing the contents will prompt for a password, and when entered incorrectly, will return an error.
$ 7z l protected.7z
# 7-Zip 26.00 (x64) : Copyright (c) 1999-2026 Igor Pavlov : 2026-02-12
# 64-bit locale=en_GB.UTF-8 Threads:4 OPEN_MAX:1024, ASM
#
# Scanning the drive for archives:
# 1 file, 142 bytes (1 KiB)
#
# Listing archive: protected.7z
#
#
# Enter password:wrongpassword
#
#
# ERROR: protected.7z : Cannot open encrypted archive. Wrong password?
#
# ERRORS:
# Headers Error
#
#
# Errors: 1- Deleting the last file in the archive.
$ 7z d protected.7z test
# 7-Zip 26.00 (x64) : Copyright (c) 1999-2026 Igor Pavlov : 2026-02-12
# 64-bit locale=en_GB.UTF-8 Threads:4 OPEN_MAX:1024, ASM
#
# Open archive: protected.7z
#
# Enter password:password
#
# --
# Path = protected.7z
# Type = 7z
# Physical Size = 142
# Headers Size = 142
# Solid = -
# Blocks = 0
#
# Updating archive: protected.7z
#
#
# Delete data from archive: 1 file, 0 bytes
# Add new data to archive: 0 files, 0 bytes
#
#
# Files read from disk: 0
# Archive size: 32 bytes (1 KiB)
# Everything is Ok- Adding a new file to the archive which no longer prompts for a password.
$ touch example
$ 7z a protected.7z example
# 7-Zip 26.00 (x64) : Copyright (c) 1999-2026 Igor Pavlov : 2026-02-12
# 64-bit locale=en_GB.UTF-8 Threads:4 OPEN_MAX:1024, ASM
#
# Open archive: protected.7z
# --
# Path = protected.7z
# Type = 7z
# Physical Size = 32
# Headers Size = 32
# Solid = -
# Blocks = 0
#
# Scanning the drive:
# 1 file, 0 bytes
#
# Updating archive: protected.7z
#
# Add new data to archive: 1 file, 0 bytes
#
#
# Files read from disk: 0
# Archive size: 90 bytes (1 KiB)
# Everything is Ok- Demonstrating that the archive is now open and does not require a password to interact with it anymore.
$ 7z l protected.7z
# 7-Zip 26.00 (x64) : Copyright (c) 1999-2026 Igor Pavlov : 2026-02-12
# 64-bit locale=en_GB.UTF-8 Threads:4 OPEN_MAX:1024, ASM
#
# Scanning the drive for archives:
# 1 file, 90 bytes (1 KiB)
#
# Listing archive: protected.7z
#
# --
# Path = protected.7z
# Type = 7z
# Physical Size = 90
# Headers Size = 90
# Solid = -
# Blocks = 0
#
# Date Time Attr Size Compressed Name
# ------------------- ----- ------------ ------------ ------------------------
# 2026-02-16 22:15:42 ....A 0 0 example
# ------------------- ----- ------------ ------------ ------------------------
# 2026-02-16 22:15:42 0 0 1 filesI think that there should be some kind of warning at least if the last file is removed from a password protected archive or to somehow correct the situation so that the archive, even empty, remains password protected.
Currently I attempt to detect this situation and preemptively remove the archive but it is not an atomic operation.