Helping people with computers... one answer at a time.

Zip files are ubiquitous and a reasonable solution for encryption. I'll walk through using 7-Zip to encrypt and decrypt files.

".zip" is a very popular and very old archive file format that's typically used to bundle multiple files into a single compressed archive. However, zip files also support fairly robust encryption that you can decrypt in Windows without needing 7-zip, or any other zip utility.

In this video excerpt from an Ask Leo! webinar, I'll walk through encrypting and decrypting using 7-Zip.

Download the video: using-zip.mp4 (39M).

View in HD (1280x720)

Transcript

Zip is a very old and very popular and probably the most common archive format; typically it's used to bundle multiple files into a single file. But as it turns out, of late, Zip has fairly robust encryption. That didn't always used to be the case; Zip has a history of having some fairly bad encryption back in the day that was easily broken but today, Zip seems to do a fairly good job of encrypting files. And as a side effect, if they're not already compressed, compressing them while it creates its single archive.

So what we're going to do today is start by installing 7 Zip (let Bing do a search for me). And it's 7-Zip.org. I'm running 32 bit Windows 7 so that's what we're going to run. Sourceforge is an interesting place to get files but you'll notice that they do a lot of advertising here. In reality, you can ignore all of the advertising in the Download button. In reality, by coming here, you've already started the download and you can see down here in IE 9, it's already asking if I want to run or save the download. I'm going to run it for our purposes today. You might want to consider saving it if you're going to do multiple installs or not. In my case, for this demo, I'm going to install it in a non-standard location (you would normally accept the default). And we're done; it's here.

What did that do for us? Well, what we now have is...7 Zip. 7 Zip file manager. So what we're looking at in 7 Zip is its graphical user interface. It can be used as a command line tool as well and I'll be looking at that in a moment. What you'll do to create a Zip file is to navigate to the location where...let's see...Users...Me...Documents...I believe...yep, I put a couple of interesting documents there. So the focus here is on encryption. So what we want here; what we have here in this example is I have two documents that I want to encrypt so that other people can't see them or can't see them accidentally.

With 7 Zip, the way you go about doing that is you start by adding them to an archive. Remember that the Zip file format is fundamentally an archive; by that I mean its primary purpose is to bundle up multiple files into a single file that's referred to as an archive. We often refer to them just as dot zip files. With 7 Zip, you select the files that you want to add. In this case, I've clicked on one and then Shift Clicked on the other and then clicked on 'Add'. Since we aren't already working with an archive, the program is now asking us what we want to create. We're asking to add to an archive but we haven't actually created an archive yet so that means we must want to create one. We're going to give this; the first thing I'm going to do here is I'm going to change this to the Zip file format. I'm going to do that for compatibility. 7 Zip's own file format, the .7Z is actually somewhat more efficient and will result in smaller files but if want compatibility across multiple platforms, including the ability to not use 7 Zip at all to see the contents of your Zip file, what you want is .zip format.

You can see the archive has been given the default name 'Documents.zip' ; we don't care about any of the other options with the exception of the Encryption password. And this is where the magic happens. I'm going to enter in a fairly ineffective password for demonstration sake and we're going to say 'ok'. We've created a Zip file. In fact, you can see it right there; it's called Documents.zip; it's 234K in size (roughly). That file is encrypted. The contents of that file cannot be read without knowing the password that I entered. Now, one of the downsides of using Zip as an archive format is that the original files still exist. In other words, you haven't really protected them. You've created a container that contains encrypted files that you could then presumably share with someone, email to someone or do something else with but you haven't actually haven't done anything on your machine to make them fundamentally secure; you're documents are still there in plain text.

Now, since we've created this, in a sense, we're kinda sorta done with 7 Zip itself. We can now go over to Windows Explorer and go to that, ah, one very quick yet important sidetrack here: you'll notice that this does not display Documents.zip or the file extensions for either of these two 'secret documents'. I just want to remind everybody that it's a very important, in my opinion, setting change to change this 'Hide extensions from known file types' - not to do that. There are various security reasons for that but I just wanted to highlight that today also. So once we do that, you can see that the files that are known file types are Documents.zip and these others are .mht files.

So, we're now in Windows Explorer; we're not using 7 Zip at this point; we simply created a .zip file that contains these two files. It's encrypted, so we can go ahead and delete these. Now, this actually highlights one of the other lesser thought of ideas when it comes to creating zip files. It's tempting to say 'Ok, I've created a zip with those documents in it, the files are encrypted, so it's now safe for me to delete these files; that way nobody will be able to find them.' That's not true. You saw the warning message; the files actually only got moved to the Recycle Bin. So I could, in fact, head here over to the Recycle Bin and recover them. So, of course, the next thinking is 'Well, fine, we should empty the Recycle Bin.' Once we do that, that's great except as we know deleted files and this is what's considered a permanent deletion in Windows terminology. Deleted files can still be recovered with various types of forensic or undelete utilities. The only thing that would actually make this particular scenario, on this particular machine secure is if we then fired up a secure delete utility which now, overwrote all of the free space to ensure that those files that I just deleted could not be somehow recovered.

So for the moment, let's assume somebody's done that. That this file, Documents.zip is the only file on this machine that has the files or even has traces of those two files that I originally encrypted. Let's open it up! Fortunately, Windows includes the ability to open zip files quite nicely. So all I really need to do is double click it. Now, what's up with this? This is the other part of zip files, even encrypted, that people often miss. The contents, the names of the files within an encrypted zip file are clearly not encrypted. In other words, I know, what the files are in this zip file without ever having entered the passwords. And that sometimes can be enough information for people to be concerned that they can see just the names of the documents or the names of the file in the encrypted container like this it may be enough to cause them concern that some information may have leaked out. If that's ok, then, of course, the thing to do is to open the file, double click on it and Windows says 'Hey, that's an encrypted file, we need to know the password.' And I can do that; type in the password, hit 'ok', and as it turns out, the mht file is just a saved web page, in this particular case, nothing particularly secretive about it but I just use it as a convenient example.

So, in a nutshell, those are kind of the pros and cons of what we're doing with any kind of a zip file archiving utility. You're creating a single container file that contains whatever files you want it to. They can be encrypted but realize that the file names that are contained within the zip file are not; they are clearly and conveniently accessible. 7 Zip is a great program to create zip files. You don't need it to view zip files which is one of the reasons they are a very common distribution method these days. You can send it off to just about anybody and have them be able to extract the documents from it even if they are 'passworded' as we did here. We did nothing that Windows doesn't do natively in order to access the contents of the zip file.

Now, I'm actually going to re-extract these files which means we are looking at the Documents.zip file and I'm going to copy them back up to My Documents. That is how you extract files from Documents.zip file. So now you can see I've got the original .zip file which has the encrypted documents in it but then I have the decrypted documents outside of it. Now I'm actually going to delete the zip file and we're back where we started with our two secret documents, completely unencrypted, no password necessary.

Now, I also wanted to show the Command Line version of this very briefly simply because that to me is one of its, one of 7 Zip's strengths. It makes it very useful for batch file processing, command file processing and so forth and scripting. That is one of the reasons that geeks like me tend to use it over something like WinZip. There are definitely other utilities that can do this but 7 Zip is perhaps the most convenient.

So, I'm going to fire up a Windows command prompt and go into My Documents where I have those two documents: Secret Document One and Secret Document Two. The 7 Zip command line (let me make this window just a little bit bigger) is of course '7 Zip' and if you're, or '7Z' and if you just enter that, you'll get a quick command reference how the tool can be used from the command line, but to quickly run through it, 7Z: 'A' is the add the files to archive option, we're going to add a Dash T zip; this is that same selection we made in that graphical user interface that instructs 7 Zip to create a zip file and not its default 7Z file. The name of the file we want to create is...I'm going to call it 'Archive' and you'll see in a moment that that will become archive.zip. And I want to add all mht files to it. And I've neglected to say Dash P which means I want to password what I'm about to do. So, it's creating an archive, archive.zip; enter the password that you want the file you want to be created as '1234', oops, I've told you my password. It has now created a zip file. If we take a look here, you can see archive.zip, once again, that's there and it now contains the two secret documents. In fact, I will go ahead and delete the two secret documents. I will try to delete them. It helps to describe them properly. So now all that we have is archive.zip. We can take a look inside archive.zip with the 'L' command and once again we can see that even though the contents of the files are encrypted, we can still see what the file names are. In order to decrypt the files, we will then use the 7 Zip with the 'X' option...archive.zip and once again says 'Oh, that file is passworded' let's enter the password in order to be able to decrypt it. It will actually try; as it turns out in zip files, different files can actually have different passwords. So it will ask you for one and then it will assume it should try that same password on the next file so you only have to enter it once if all files have the same password. And in this case they do, so there they are again; we've extracted our two files from the archive and we can go ahead and delete the archive again.

That's really about all there is to zip files. They are very easy to create. As you saw from the 'gooey' in 7 Zip there are lots of options you can throw at these things. For the most part, you never, ever need them. As long as you've selected .zip file, if you want it password protected, enter a password, you will basically have a very nice bundle that you can then typically email to other people , or share with other people via uploading or whatever, securely, as long as you select a reasonably secure password. Final reminder on that note is obviously I used a very simple password here for this demonstration (1234) don't use that password, in fact don't use anything close to that password. The weakest link in the security of this encryption is, in fact, the strength of your password. So select something that is long, memorable. I think you saw, in some of the user interface here it actually used the phrase 'passphrase' hinting that you might want to use a multiple word password. That might make be easier to remember but make it almost impossible to crack.

Article C4905 - August 20, 2011 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

4 Comments
Humphrey T. Curmudgeonton
August 21, 2011 2:01 PM

harrumph....bunch of hooey if you ask me. ain't nuthin wrong with my ol' pkzip -s. Works great when I'm uploading files with my unregistered QModem.

Robin Clay
August 23, 2011 9:06 AM

Ermm... just to make you smile, a reminder that:-
"REAL programmers type "copy con myProg.zip"

Glenn P.
August 24, 2011 10:07 PM

Mentioning the exact encryption algorithm used would be reassuring; WinZip uses either AES-128 or AES-256 (user selectable).

I wish we could have a "zip" program that let you choose an algorithm besides  AES, such as Twofish or Serpent, or (even better still) stack multiple algorithms together in a superencryption chain, such as the AES-Twofish-Serpent chain that Trucrypt allows for in its "File Containers". Indeed, inso far as I know, Trucrypt is the only  encryption program available today that supports superencryption at all.

Unfortunately, if all you want to do is to encrypt one -- or a few -- files to send, it is "much too much" for that one purpose (and isn't designed for that anyway)...

Barcillo Barsiniestro
August 24, 2011 11:01 PM

One important thing to remember:
When you open a file from a zip (or rar) archive, it is copied to the temp folder before opening.
And sometimes it remains there after you close the file. Unencrypted, unproctected, and ready for anyone to read it.
And even if it is deleted, it still can be recovered as Leo says.
So be carefull where and how you use zip files to encrypt.
PS: I don't know about 7zip, but in winrar there is an option to encrypt file names

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.