I am reading the zip file specification and there is no explanation as to how the encryption header for a file in the archive is structured. The header order is like this:
[local file header 1] [encryption header 1] [file data 1] [data descriptor 1]
After the local file header the specification says the following while skipping the encryption header part:
Immediately following the local header for a file SHOULD be placed the compressed or stored data for the file. If the file is encrypted, the encryption header for the file SHOULD be placed after the local header and before the file data. The series of [local file header][encryption header] [file data][data descriptor] repeats for each file in the .ZIP archive.
I am searching for how this encryption header is structured because this specification does not explain it. Does anyone know how this works?
6.1 Traditional PKWARE Decryption
...
6.1.3 Each encrypted file has an extra 12 bytes stored at the start of the data area defining the encryption header for that file. The encryption header is originally set to random values, and then itself encrypted, using three, 32-bit keys. The key values are initialized using the supplied encryption password. After each byte is encrypted, the keys are then updated using pseudo-random number generation techniques in combination with the same CRC-32 algorithm used in PKZIP and described elsewhere in this document.
...
The specification for the decryption header depends on the encryption algorithm used. There is an Traditional PKWARE Encryption (standard) but this is out of date and therefore a custom encryption/decryption should be used.