Compression with a Dose of Encryption
SecureZIP lets you compress and encrypt e-mails and files on your desktops, laptops and servers.
- By Peter Varhol
Ease of Use
1: Virtually inoperable or nonexistent
5: Average, performs adequately
When hard disks were less than 50MB and the only method of portable data storage
was a floppy disk, PKWare Inc.'s PKZIP was practically ubiquitous. It was a
genuinely useful and high quality utility. The fact that it was shareware and
supported Macintosh and Unix compression was also a plus.
Even after Microsoft added Zip-compatible file compression to Windows, PKZIP
remained a staple for a class of users who needed multi-format (.ZIP, .TAR,
.JAR, deflate, and so on) file compression and decompression. PKZIP had many
more features than Microsoft offered within Windows, so it was still the choice
for those with serious compression needs.
With today's huge hard disks and mobile storage devices, there's arguably less
need for compression. Yet files have also gotten bigger, and most portable storage
is still relatively small compared to fixed hard disks. Besides, there are still
good reasons to compress transportable files.
Exchange tends to take longer to process larger file attachments. Many organizations
limit the size of Outlook attachments to prevent bottlenecks. With such files,
security also becomes a major issue. These files have an annoying tendency to
get lost, misdirected or stolen.
[Click on image for larger view.]
|Figure 1. You
can encrypt any file with this simple pop-up window.
Pack 'em In, Lock 'em Up
In response, PKWare turned its well-known PKZIP product concept into SecureZIP.
In April, PKWare released SecureZIP version 11 (the original PKZIP is still
available). It's no longer shareware, but the desktop edition is currently available
as a free download on the company's Web site. PKWare says it hasn't decided
when it will start charging for the new version.
There are also versions of SecureZIP for server, i5/OS and z/OS for enterprise
use. Its primary use is certainly for compressing e-mail attachment files, but
it's also useful for any other files. It's especially suitable for files you
need to move from one computer to another, or those on a laptop.
On the desktop, SecureZIP gives you an elegantly simple way to compress and
encrypt files. Installation takes only a few seconds, and the user interface
is simple enough to begin the process immediately. For veteran PKZIP users,
the product offers both the "classic" user interface and a wizard-driven
one. The classic interface is more familiar, but novice users might be more
comfortable with the wizard-driven approach.
SecureZIP lets you select the files you want to compress, then also gives you
the option of encrypting those files. You can encrypt the files with a passphrase
or create a key. You can select a local key or a server-based key. Passphrases
protect files using AES or 3DES algorithms, with security using the RSA BSAFE
algorithm. The upshot to that approach is that you can use certificate-based
encryption and digital signatures, and combine that with ZIP compression.
You can load encrypted and compressed files into any installation of SecureZIP.
To unzip and decrypt them, though, you need the appropriate certificate, signature
or passcode. You can share all these within an enterprise (hopefully in a controlled
manner), or pass them along to the intended recipient along with the encrypted
file. There are many ways of making the decryption key available -- as long
as it's sent separately from the encrypting file itself -- including storing
it on a secure Web site.
SecureZIP lets you encrypt the body of an e-mail, along with calendar attachments.
By integrating with Outlook, it ensures that the body of your e-mail, any e-mail
attachments and calendar attachments are protected. It also enables re-encryption.
You can forward encrypted e-mails to new recipients without having to download
and resave your files before re-encrypting.
[Click on image for larger view.]
|Figure 2. Sending
an e-mail opens a window that lets you encrypt the mail message and any
Encryption is deceptively simple and seamless. When you send an e-mail, for
example, you'll see the encryption/compression window pop up. You simply fill
in a passphrase and the outgoing e-mail and any attachments are encrypted. If
you don't want to encrypt, simply check that option and the unlocked e-mail
goes on its way.
As a pure compression tool, SecureZIP isn't as easy to use as the built-in
Windows compression. Windows lets you compress one or more files simply by selecting
files and right-clicking to choose a menu item. Still, if you need multiple
encryption formats, SecureZIP is easy enough to use after a few minutes of study
The server-based SecureZIP lets you archive encryption keys. This essentially
provides a secure backup for decryption. Your individual users can have their
own keys, but you can save those keys in a central location. If your organization
needs access to your files after you leave the company, for example, it can
get at those decryption keys to do so.
The original PKZIP is also still available for multi-format compression if
you don't need the encryption capabilities. Either way, the ZIP products do
a yeoman's job for data compression. SecureZIP adds still more flexibility in
its ability to protect files as they move between systems or physical locations.
With the loss of personal or corporate confidential data through misdirected
e-mails, lost PCs, portable USB memory sticks, active espionage and theft, encryption
seems like a no-brainer. Many users don't bother, though, either because it's
too inconvenient or not seamless enough. SecureZIP solves both those issues.
If you spend money on anti-virus and anti-malware software, then your data
is probably important enough to spend a few bucks on encryption. Doing so can
mean that your company won't get profiled on the 11 o'clock news for losing
a laptop loaded with personal information.
Peter Varhol is the executive editor,
reviews of Redmond magazine and has more than 20 years of experience as a software
developer, software product manager and technology writer. He has graduate degrees
in computer science and mathematics, and has taught both subjects at the university