📄 appnote.txt
字号:
header1+data1 + header2+data2 . . .
Each header should consist of:
Header ID - 2 bytes
Data Size - 2 bytes
Note: all fields stored in Intel low-byte/high-byte order.
The Header ID field indicates the type of data that is in
the following data block.
Header ID's of 0 thru 31 are reserved for use by PKWARE.
The remaining ID's can be used by third party vendors for
proprietary usage.
The current Header ID mappings defined by PKWARE are:
0x0007 AV Info
0x0009 OS/2
0x000a NTFS
0x000c OpenVMS
0x000d Unix
0x000f Patch Descriptor
0x0014 PKCS#7 Store for X.509 Certificates
0x0015 X.509 Certificate ID and Signature for
individual file
0x0016 X.509 Certificate ID for Central Directory
Several third party mappings commonly used are:
0x4b46 FWKCS MD5 (see below)
0x07c8 Macintosh
0x4341 Acorn/SparkFS
0x4453 Windows NT security descriptor (binary ACL)
0x4704 VM/CMS
0x470f MVS
0x4c41 OS/2 access control list (text ACL)
0x4d49 Info-ZIP OpenVMS
0x5455 extended timestamp
0x5855 Info-ZIP Unix (original, also OS/2, NT, etc)
0x6542 BeOS/BeBox
0x756e ASi Unix
0x7855 Info-ZIP Unix (new)
0xfd4a SMS/QDOS
The Data Size field indicates the size of the following
data block. Programs can use this value to skip to the
next header block, passing over any data blocks that are
not of interest.
Note: As stated above, the size of the entire .ZIP file
header, including the filename, comment, and extra
field should not exceed 64K in size.
In case two different programs should appropriate the same
Header ID value, it is strongly recommended that each
program place a unique signature of at least two bytes in
size (and preferably 4 bytes or bigger) at the start of
each data area. Every program should verify that its
unique signature is present, in addition to the Header ID
value being correct, before assuming that it is a block of
known type.
-OS/2 Extra Field:
The following is the layout of the OS/2 attributes "extra"
block. (Last Revision 09/05/95)
Note: all fields stored in Intel low-byte/high-byte order.
Value Size Description
----- ---- -----------
(OS/2) 0x0009 2 bytes Tag for this "extra" block type
TSize 2 bytes Size for the following data block
BSize 4 bytes Uncompressed Block Size
CType 2 bytes Compression type
EACRC 4 bytes CRC value for uncompress block
(var) variable Compressed block
The OS/2 extended attribute structure (FEA2LIST) is
compressed and then stored in it's entirety within this
structure. There will only ever be one "block" of data in
VarFields[].
-UNIX Extra Field:
The following is the layout of the Unix "extra" block.
Note: all fields are stored in Intel low-byte/high-byte
order.
Value Size Description
----- ---- -----------
(UNIX) 0x000d 2 bytes Tag for this "extra" block type
TSize 2 bytes Size for the following data block
Atime 4 bytes File last access time
Mtime 4 bytes File last modification time
Uid 2 bytes File user ID
Gid 2 bytes File group ID
(var) variable Variable length data field
The variable length data field will contain file type
specific data. Currently the only values allowed are
the original "linked to" file names for hard or symbolic
links, and the major and minor device node numbers for
character and block device nodes. Since device nodes
cannot be either symbolic or hard links, only one set of
variable length data is stored. Link files will have the
name of the original file stored. This name is NOT NULL
terminated. Its size can be determined by checking TSize -
12. Device entries will have eight bytes stored as two 4
byte entries (in little endian format). The first entry
will be the major device number, and the second the minor
device number.
-OpenVMS Extra Field:
The following is the layout of the OpenVMS attributes
"extra" block.
Note: all fields stored in Intel low-byte/high-byte order.
Value Size Description
----- ---- -----------
(VMS) 0x000c 2 bytes Tag for this "extra" block type
TSize 2 bytes Size of the total "extra" block
CRC 4 bytes 32-bit CRC for remainder of the block
Tag1 2 bytes OpenVMS attribute tag value #1
Size1 2 bytes Size of attribute #1, in bytes
(var.) Size1 Attribute #1 data
.
.
.
TagN 2 bytes OpenVMS attribute tage value #N
SizeN 2 bytes Size of attribute #N, in bytes
(var.) SizeN Attribute #N data
Rules:
1. There will be one or more of attributes present, which
will each be preceded by the above TagX & SizeX values.
These values are identical to the ATR$C_XXXX and
ATR$S_XXXX constants which are defined in ATR.H under
OpenVMS C. Neither of these values will ever be zero.
2. No word alignment or padding is performed.
3. A well-behaved PKZIP/OpenVMS program should never produce
more than one sub-block with the same TagX value. Also,
there will never be more than one "extra" block of type
0x000c in a particular directory record.
-NTFS Extra Field:
The following is the layout of the NTFS attributes
"extra" block. (Note: At this time the Mtime, Atime
and Ctime values may be used on any WIN32 system.)
Note: all fields stored in Intel low-byte/high-byte order.
Value Size Description
----- ---- -----------
(NTFS) 0x000a 2 bytes Tag for this "extra" block type
TSize 2 bytes Size of the total "extra" block
Reserved 4 bytes Reserved for future use
Tag1 2 bytes NTFS attribute tag value #1
Size1 2 bytes Size of attribute #1, in bytes
(var.) Size1 Attribute #1 data
.
.
.
TagN 2 bytes NTFS attribute tage value #N
SizeN 2 bytes Size of attribute #N, in bytes
(var.) SizeN Attribute #N data
For NTFS, values for Tag1 through TagN are as follows:
(currently only one set of attributes is defined for NTFS)
Tag Size Description
----- ---- -----------
0x0001 2 bytes Tag for attribute #1
Size1 2 bytes Size of attribute #1, in bytes
Mtime 8 bytes File last modification time
Atime 8 bytes File last access time
Ctime 8 bytes File creation time
-PATCH Descriptor Extra Field:
The following is the layout of the Patch Descriptor "extra"
block.
Note: all fields stored in Intel low-byte/high-byte order.
Value Size Description
----- ---- -----------
(Patch) 0x000f 2 bytes Tag for this "extra" block type
TSize 2 bytes Size of the total "extra" block
Version 2 bytes Version of the descriptor
Flags 4 bytes Actions and reactions (see below)
OldSize 4 bytes Size of the file about to be patched
OldCRC 4 bytes 32-bit CRC of the file to be patched
NewSize 4 bytes Size of the resulting file
NewCRC 4 bytes 32-bit CRC of the resulting file
Actions and reactions
Bits Description
---- ----------------
0 Use for autodetection
1 Treat as selfpatch
2-3 RESERVED
4-5 Action (see below)
6-7 RESERVED
8-9 Reaction (see below) to absent file
10-11 Reaction (see below) to newer file
12-13 Reaction (see below) to unknown file
14-15 RESERVED
16-31 RESERVED
Actions
Action Value
------ -----
none 0
add 1
delete 2
patch 3
Reactions
Reaction Value
-------- -----
ask 0
skip 1
ignore 2
fail 3
-PKCS#7 Store for X.509 Certificates
This field is contains the information about each
certificate a file is signed with. This field should only
appear in the first central directory record, and will be
ignored in any other record.
Note: all fields stored in Intel low-byte/high-byte order.
Value Size Description
----- ---- -----------
(Store) 0x0014 2 bytes Tag for this "extra" block type
SSize 2 bytes Size of the store data
SData (variable) Data about the store
SData
Value Size Description
----- ---- -----------
Version 2 bytes Version number, 0x0001 for now
StoreD (variable) Actual store data
The StoreD member is suitable for passing as the pbData
member of a CRYPT_DATA_BLOB to the CertOpenStore() function
in Microsoft's CryptoAPI. The SSize member above will be
cbData + 6, where cbData is the cbData member of the same
CRYPT_DATA_BLOB. The encoding type to pass to
CertOpenStore() should be
PKCS_7_ANS_ENCODING | X509_ASN_ENCODING.
-X.509 Certificate ID and Signature for individual file
This field contains the information about which certificate
in the PKCS#7 Store was used to sign the particular file.
It also contains the signature data. This field can appear
multiple times, but can only appear once per certificate.
Note: all fields stored in Intel low-byte/high-byte order.
Value Size Description
----- ---- -----------
(CID) 0x0015 2 bytes Tag for this "extra" block type
CSize 2 bytes Size of Method
Method (variable)
Method
Value Size Description
----- ---- -----------
Version 2 bytes Version number, for now 0x0001
AlgID 2 bytes Algorithm ID used for signing
IDSize 2 bytes Size of Certificate ID data
CertID (variable) Certificate ID data
SigSize 2 bytes Size of Signature data
Sig (variable) Signature data
CertID
Value Size Description
----- ---- -----------
Size1 4 bytes Size of CertID, should be (IDSize - 4)
Size1 4 bytes A bug in version one causes this value
to appear twice.
IssSize 4 bytes Issuer data size
Issuer (variable) Issuer data
SerSize 4 bytes Serial Number size
Serial (variable) Serial Number data
The Issuer and IssSize members are suitable for creating a
CRYPT_DATA_BLOB to be the Issuer member of a CERT_INFO
struct. The Serial and SerSize members would be the
SerialNumber member of the same CERT_INFO struct. This
struct would be used to find the certificate in the store
the file was signed with. Those structures are from the MS
CryptoAPI.
Sig and SigSize are the actual signature data and size
generated by signing the file with the MS CryptoAPI using a
hash created with the given AlgID.
-X.509 Certificate ID and Signature for central directory
This field contains the information about which certificate
in the PKCS#7 Store was used to sign the central directory.
It should only appear with the first central directory
record, along with the store. The data structure is the
same as the CID, except that SigSize will be 0, and there
will be no Sig member.
This field is also kept after the last central directory
record, as the signature data (ID 0x05054b50, it looks like
a central directory record of a different type). This
second copy of the data is the Signature Data member of the
record, and will have a SigSize that is non-zero, and will
have Sig data.
Note: all fields stored in Intel low-byte/high-byte order.
Value Size Description
----- ---- -----------
(CDID) 0x0016 2 bytes Tag for this "extra" block type
CSize 2 bytes Size of Method
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -