Medical Nerds Blog Logo
medicalnerds.com

technology, stats and IT for medics

 

How to encrypt ZIP files securely using 7Zip

October 18th, 2008 by James · 29 Comments

Windows has had built in zip file support with encryption since Windows XP, unfortunately the quality of this encryption is poor as evidenced by the number of commercial programmes available to crack it. Winzip, WinRAR are trialware commercial programs that offer secure AES encryption to your compressed files but cost between 23 and 30 Euros per user. 7-Zip is an open-source, free utility that offers AES-256bit encryption. In this how-to I will show you how to install and produce 256-bit encryption of your compressed files.

A short introduction to Encryption

Encryption is a way of scrambling the data within your files to prevent a third party eavesdropping. Encryption can be symmetric, where the same password is used for encrypting and decrypting the data. Asymmetric encryption is the method using the concept of public and private keys eliminating the need to transfer a password between the 2 parties.

Encryption within Windows

Windows supports the use of ZIP or compressed folders, however it is hampered by the use of weak encryption, that can be brute-forced using a myriad of programs in minutes to hours with a modern PC. Winzip, WinRAR, 7-Zip and others offer the more secure AES standard. AES, like any encryption scheme, can be broken given time, but this is likely to run into hundreds if not thousands of years.

Installing 7-Zip

1. Download the most modern non-beta version from here.

2. Install using default options.

Using Z-Zip

As default 7-Zip installs itself to with “explorer extensions” that allow you to right click on items on the desktop or in windows explorer to compress files. Z-Zip has its own file format 7z which is more efficient at compressing files than the standard zip extension, but this will mean the person you are sending the file to will also have to use 7zip. Using the zip format will enable people using other programs to de-compress the file.

1. Right click on the files or folder you wish to compress and encrypt.

2.Firstly change the Archive format to Zip (or use 7z if both you and your intended recipient use 7zip), then change the encryption method to the robust AES-256, thirdly enter your password. Then click OK. The rest of the options can be left as default.

Decryption

Simply right-click on the file, select extract then enter the password when requested.

Important Notes

Your data will still be vulnerable to a “dictionary attack” where an attacker cycles through common passwords such as “Love”, “Password” etc. To protect from this simply make your password a mixture of numbers and letters rather than simply a single English word. One way to protect from this would be to use a random generated password or use asymmetric encryption.

For a comparison of software for compressing files see here.

Tags: Free · Open Source · Software

29 responses so far ↓

  • 1 jonise // Nov 7, 2008 at 12:53 pm

    I am trying to Decrypt a password comppresion files, i lost the password and i cannot remember the password.

    please advice, if you have a software that can help me

    jonise

  • 2 James // Nov 7, 2008 at 8:17 pm

    If you have used AES256 encryption then I suggest you just try all your usual passwords…otherwise err…no.

  • 3 nick // Jan 1, 2009 at 11:48 pm

    i encrypted my drive with TrueCrypt an encryption software. i now want to compress my drive to free up space. Is this possible?

  • 4 James // Jan 2, 2009 at 8:07 pm

    You can compress files that reside in an encrypted volume, which if anything will make the scheme more secure. You can’t compress an encrypted file or volume…if you could it would mean the encrpyption method is flawed.

    Suggest you just 7-zip the files that are contained on the encrypted volume.

  • 5 Jim // Jan 28, 2009 at 7:24 pm

    Is it possible to build a programmitc interface to 7Zip that would allow me to extract data from a database into a CSV file and feed that CSV to 7Zip to produce an encrypted file?

  • 6 James // Jan 28, 2009 at 7:33 pm

    Yes

  • 7 Andrew // Aug 3, 2009 at 6:46 pm

    Is it possible to set the defaults format to zip instead of 7z and default AES 256 encryption when adding to archive or indeed opening the application?

    If possible how would this be done? I suspect in the registry but don’t have a clue which entries!

    Even more complex… can it be set so the user has to use a minimum number of characters in the password before encryption can be completed?

    Thanks 🙂

  • 8 Hi! // Aug 11, 2009 at 12:40 pm

    Were part 2 of 10 killer free apps for the Medical Research Student (Windows) ;)?
    (I can not post coment in that topic)

    You do cool thing… gathering academic soft together 😉

    And try PDF-XChange Reader (FREE version for personal http://www.docu-track.com/home/prod_user/PDF-XChange_Tools/pdfx_viewer) that can add notes, highlite, adding text and more to your pdf-papers (with saving what you do).

    For bibliography you may try Mendeley – it’s like Papers (Mac apps). It have a module to adding reference to MS Word or OO.org (OpenOffice). Or You can try Zotero with same features but it is FireFox extantion.

    For translating try StarDict 😉

    p.s. sorry for my spelling.

  • 9 Daniel // Aug 26, 2009 at 11:38 pm

    Passwords are far easier to crack if file names are not encrypted.

    To make your password-protected file secure you need to select the 7z file format and check the “Encrypt file names” option.

  • 10 Euan // Aug 27, 2009 at 10:22 am

    what characters are not supported with 7zip password?

    I have created a password generator in SQL Server which covers all letters, numbers & characters but had issues with passwords including the ‘>’ character; do others exist which I can remove from the generator?

  • 11 Joe // Jul 19, 2010 at 1:36 pm

    Does 7 zip allow for data at rest encryption? In other words encryption “before” I compress and transmit?

  • 12 Greg // Jan 5, 2011 at 9:24 am

    Is there a way to encrypt from command line?

  • 13 Shezaad Noormohamed // Mar 9, 2011 at 12:08 pm

    Hi, have encrypted a MS word file using 7 zip 9.20. this was done with archive format set as Zip and Encryption as AES-256. when emailed to a colleague they get the error message “windows cannot complete the extraction the destination file could not be created” any help would be hugely appreciated!

  • 14 ThompsonPaul // Mar 14, 2011 at 4:51 am

    @Shezaad

    What the article isn’t clear on is that Windows’ built-in zip application isn’t capable of handling password-protected files with the AES encryption created by 7Zip. The recipient will need to be using 7Zip as well to open the zip file in order to get the password prompt. (Unfortunately, Windows gives a worthless error message when it encounters an AES-encrypted zip archive.)

    This can be a non-starter if the recipient is in a corporate environment that doesn’t allow users to install software. If that’s the case, there is a portable version of 7Zip that doesn’t require installation.
    http://portableapps.com/apps/utilities/7-zip_portable

    Paul

  • 15 Anony Mouse // Mar 16, 2011 at 5:27 pm

    Here’s what blows. If you encrypt a file with 7-zip, it creates a file. Fine. Now drag a file into that 7z/ZIP file. Guess what? That file you just added in is NOT encrypted. It gives you a sense of false security. You need to encrypt from the beginning to make sure you’ve encrypted all the contents inside.

    Bad job, 7-zip. bad job.

  • 16 Poshest // May 30, 2011 at 5:33 pm

    Totally agree with Anony Mouse. Worse, if you select “Encrypt file names” with the original zip, and then add any files to that zip, it takes away the file name encryption, so that the filenames are now in the clear. And there appears no way to re-encrypt them. I LOVE 7-zip, but this bit of it stinks. 😛

  • 17 Robert // Jul 6, 2011 at 8:07 pm

    If you wish to encrypt a group of documents and send them as a zip file, does the user at the destination need to have 7zip if the file is encrpyted?

  • 18 Csknet // Sep 12, 2011 at 12:55 pm

    Is there a mac version available? i dont seem to find one. If not, what is a good equivalent on macs.

    thanks

  • 19 ade // Sep 12, 2011 at 7:10 pm

    i dont think the recipient needs to have 7zip installed if you specify the archive in .zip format instead of .7z format

  • 20 godel // Oct 14, 2011 at 5:34 am

    I believe ZipGenius’s encryption may also be compatible with 7-Zip’s, but I haven’t tried it.

    BTW, Encryption doesn’t appear in 7-Zip’s Help files, look for “password” instead.

  • 21 Steve // Apr 19, 2012 at 10:00 pm

    Good news: Just figured out how to ensure the recipient of the protected file will NOT need 7-Zip. When you archive the file in 7-Zip, select the “zip” archive format, but do NOT select AES-256 for the Encryption method. Instead, select “ZipCrypto”. Though this is likely a less-robust encryption level, Windows built-in zip application recognizes this and responds well. I tested several cases where the password dialog box launched & responed appropriately to the correct PW entry.

  • 22 Jim // May 30, 2012 at 10:26 pm

    Okay, I’ll have to look later, but I want to report my problem installing 7-Zip somewhere for now…
    Everything went fine until the installation tried to put a link to the program in the hidden folder, C:\ProgramData\Microsoft\Windows\Start Menu\Programs, even though my login has Admin privileges. (I guess there is “Admin” and then there is “ADMIN”?) So, I created a “7-Zip” folder there, but it just led to a different error message, so finally I used a utility I have called “Take Ownership” on the folder, and then the install succeeded! At least the installation was clear about what was going wrong, however I know how to put entries in the StartMenu if I want, so perhaps the installation should change to just putting a link on my Desktop, and I can take it from there with less fuss!
    BTW, thank you THANK YOU to the open source community for 7-Zip!!! I really miss XP (but you can’t run the lastest, hot Intel chips without Win7 ;=) Thanks again!

  • 23 Elizabeth // Jun 28, 2012 at 6:38 pm

    Just a note – CHECK THAT THE FILE ENCRYPTED. The first time I encrypted a folder with 7-zip, the password didn’t take. The second time, doing exactly the same thing, it worked just fine.

  • 24 Ryan // Aug 1, 2012 at 2:18 pm

    The only way to ensure that the files are securely encrypted is to use the 7-Zip format. I tried encrypting in a ZIP format using ZipCrypto and you can launch the files right from the archive without needing a password.

    My guess is that the implementations of the ZIP functionality in Windows is different from one OS version to the other. Best to be safe and just use 7-Zip.

  • 25 Markku // Oct 28, 2012 at 9:50 am

    Just as Elizabeth warned 7-zip does not necessarily encrypt the file even though you have selected it to be encrypted.

    I have experienced this phenomenon twice so far and cannot trust the software any more.

  • 26 gelloe // Feb 23, 2013 at 2:45 pm

    doesnt work i followed the EXACT instructions , but whenever i open it , it doesnt ask for a password -.-

  • 27 Tristan // Jul 9, 2013 at 9:00 am

    IT doesn’t seem anymore that when you add files to an encrpyted archive that they won’t be encrypted as has been commented here (in 2011, that is). just to update. I just tested on linux, and I can’t get to the later added file without my password..

  • 28 Bruce Wayne // Sep 4, 2013 at 6:17 am

    Use 7z compression instead of ZIP and it works every time. So looking at the image provided in the article … change ARCHIVE FORMAT from ZIP to 7z and there you go. Oh and make sure you also select the “encrypt file names” option. One last tip, change it from visible password to non-visible. Non-Visible makes you type in the password twice. There was a time that I had it set to Visible but since you only type the password once it was possible to type it wrong. I had that happen a few times! So always good to double check your file afterwards. Decompress it to make sure the password works etc.

  • 29 Pedro // Jun 5, 2015 at 11:22 am

    I use 7 zip and I’m able to encrypt my file.
    The problem is when I update the file within the .zip, the zip file loses its properties and the next time I try to open the .zip file, I’m able to do it without having to insert the password I previousy created.

    How can I keep the file with the same security properties, even after updating the file within?

    Thank you!

Leave a Comment

(Don't forget to fill in the Captcha)