We store measurement results in directories. Each directory has a meta.xml which describes common things about the result file, and several files of data. This result has to be encrypted.

I would dream of a solution like this:

1. We can use ZIP-, TAR- or a similar algorithm for packing the directory into a file
2. [optional] We can extend the archive header with our own MIME type (MIME recognition without file extensions)
3. We can use the encryption algorithm defined in the archive standard (e.g. ZIP) to encrypt/decrypt our result
4. We can extract single files from the archive, without decrypting the whole file (there are 100Mb files, but most of the time I'm only interested in the meta.xml)
5. We can use regular tools (7Zip, WinZip, zip on Unix) to access the encrypted file
6. [optional] We can use more than one key, to encrypt our result file

Is this solution realizable? Are there open-source libraries which do the job? Which encryption algorithm to use?

Best regards!

• encryption
• directory
• compression

The use of AES encryption in zip files is supported by PKZip, WinZip, and 7-Zip and is specified in the PKWare zip appnote and well described here: Encryption Specification AE-1 and AE-2. Unfortunately neither Info-ZIP zip nor unzip currently support it (those are what you find on Unixish systems). 7-Zip is open source. As noted, the original zip "encryption" hardly even deserves the name and so should be avoided at all costs. The standardized AES encryption is strong, usable, and relatively widely supported.

Update:

I just noticed another part of your question. Each zip entry can be separately encrypted with a different password, and in fact you can mix unencrypted entries as well in the same zip file.