SecureZIP - 08 Oct 2008
October 7, 2008
The .zip file format is arguably the de facto standard for compression utilities used for the personal computer. Phil Katz created the PKZIP utilities in 1989 and his company, PKWARE, continues to provide these ubiquitous tools, adding support for Windows, encryption, and larger files and volumes. Let's dive deeper into PKWARE SecureZIP, which touts security and a more robust digital-certificate–based encryption scheme, plus integration with Microsoft Office applications. Even if you're a veteran user of compression utilities, I think you’ll be pleasantly surprised with what SecureZIP can do.
Getting Started with PKWARE SecureZIP
What's notable about the latest version of SecureZIP is that for a limited time PKWARE is offering free full individual, perpetual licenses of SecureZIP—called SecureZIP Express—for non-commercial use. Visit http://www.pkware.com/software-data-security/free to complete a short registration, and PKWARE will email you a link from which you can download the latest version as well as a certificate code which you use to validate your newly created digital certificate.
Installing and obtaining a digital certificate is one of the coolest features of SecureZIP. It’s very easy and abstracts you from the often confusing process of requesting and installing digital certificates. Installation of the application is straightforward, but if you want to take advantage of the digital-certificate encrypting capabilities you’ll need a few minutes more walking through the digital-certificate wizard to create your certificate.
After the program finishes installing, you can launch it from Start, Programs. The first time you run the program it takes a few minutes to complete the setup of your digital certificate, and it even automatically uploads your public key to the SecureZIP global directory, an Internet-hosted repository of public keys. This service makes it easy for SecureZIP users to upload their certificates to the SecureZIP directory. Before you can send an encrypted message or data to someone else, you must get their public key and send them your public key. This global directory makes it easier to exchange public keys. The more people that register their certificate in the directory, the easier it is for others to obtain recipient public keys, which makes the program easier to use and more valuable. Without this directory you must manually exchange keys before you can encrypt the data. Certificates provide a much higher level of security than passwords since you must specify a list of recipients who can decrypt your message. You can still use passwords, however, if you don’t feel you need the added protection certificates afford, or if your recipient doesn’t have a certificate.
After you install SecureZIP, but before you encrypt any data, it's very important that you make a backup of your new digital certificate, both the public and private keys. PKWARE doesn't escrow, or keep a secure copy, of your keys so it’s up to you to make a backup by following the instructions on the PKWARE web site: http://www.pkware.com/documents/howto/How_To_Backup_Your_Private_Key_v3.pdf.
Backing up your key to a portable drive, recordable CD-ROM, or other protected location takes just a few minutes. If you lose your key, your encrypted data will be unrecoverable so definitely take a few minutes to back up your key to a different computer in case your hard drive crashes or your key otherwise is lost on the computer where you installed SecureZIP. (The Enterprise version of SecureZIP does support a “contingency key,” which works like a master key, allowing access to all encrypted data by that organization. This method helps ensure data is recoverable even if the user’s private key is lost.)
If you've ever used a file compression program before, you’ll find SecureZIP very intuitive. Typically, I first create a file, such as a Microsoft Word document, and save it to my computer. Then, using Windows Explorer, I navigate to the file, right-click it, select SecureZIP, and select the option I want: Add to New Archive, Add to Existing Archive, Make Self Extractor, or ZIP and email the document. As an alternative, you can create the .zip file first and then add content. To do this, right-click in a folder and select New, PKZIP file to automatically create a new .zip file. Then double-click to open and add new files, or simply drag and drop files you wish to compress into that new archive. You can have both encrypted and unencrypted files in an archive.
If you’re not familiar with file compression programs, the Help documentation in SecureZIP is terrific. It clearly shows you how to use the tool and in many cases actually explains the nuances of why the tool behaves a particular way.
Encryption and Digital-Signing Features
PKWARE has done a good job weaving the new encryption and digital signing features into the product. For example, when you want to encrypt a file, you can choose to secure the file with a passphrase, recipient list, or both. The recipient list is where you select who will be able to decrypt your file. If you don’t have the certificate of your recipient, you can type the recipient's email address into a search dialog box to find out if the certificate is registered with the SecureZIP global catalog. You must have a certificate for every recipient who will receive the file, including yourself. For example, if you don’t want to share the file with anyone, just select your own certificate and then click OK to encrypt the file. You’ll see a padlock icon next to the file that’s encrypted. Note too that you will be able to see the filename of the encrypted file. You can hide this data by encrypting all of the files in the archive or by specifying in the SecureZIP options to encrypt filenames; however, this will prevent users of other ZIP programs from accessing the archive even if it contains unencrypted files.
In addition to encrypting files, SecureZIP also lets you digitally sign files using your own key, so that anyone with access to your public key can confirm that it was indeed you (and your private key) that signed the file. It also supports self-extracting archives (PKSFX) files, which create an executable that extracts automatically when a user runs the file. I expect that use of this feature has declined over the past few years as Windows now includes the ability to decompress .zip files within Windows Explorer. Additionally, users are learning to avoid emailing or running unknown executables as fear of unknown executables has increased.
Integration With Microsoft Office
SecureZIP also integrates into Microsoft Office products. When you choose Save As for a document in Word you can select whether to encrypt it (or compress it) using SecureZIP within Word. Along the same lines, when creating or replying with a new message in Microsoft Outlook, you can select the SecureZIP tab and specify whether to encrypt attachments for the recipient. The Outlook SecureZIP plug-in tries to automatically download the public keys of your mail recipients to encrypt the attachments. If it can't find the key, SecureZIP will notify you and ask if you wish to use a passphrase instead. The entire process is as pain free as I’ve ever seen using public key infrastructure (PKI).
Zip It Up
Asking someone to “zip up and send over a file” is perhaps one of the most recognizable phrases in computer slang that’s persisted over the past two decades. Even reluctant users will find SecureZIP is not only easy to use—its encryption and digital-signing features can offer them peace of mind.
About the Author
You May Also Like