About Encryption

The encryption facility provided by this version of WinZip® Courier is identical to the AES encryption provided by WinZip 10.0 or later. The following information describes the facility. WinZip Courier provides decryption for the instances when an email message itself is sent to you encrypted and will allow use of the Previewer on encrypted files. The remaining information regarding decryption applies to WinZip only.

About encryption and encryption methods

WinZip Courier's encryption facility gives you a way to protect sensitive documents contained in your zipped documents and attachments from unauthorized viewing. The contents of the files that you want to protect are encrypted by WinZip Courier based on a password that you specify. In order for WinZip to later extract the original contents of the encrypted files, the correct password must again be supplied.

This section gives a general overview of WinZip Courier's encryption facilities. Once you are familiar with this information, you can read about the specifics of using encryption.

Additional or updated information about WinZip encryption may also be available on the WinZip web site.

WinZip Courier provides two encryption methods for Zip files:

• AES encryption: AES is the Advanced Encryption Standard, which is the result of a three-year competition sponsored by the U.S. Government's National Institute of Standards (NIST). This encryption method, also known as Rijndael, has been adopted by NIST as a Federal Information Processing Standard.
  WinZip Courier supports AES encryption in two different strengths: 128-bit AES and 256-bit AES. These numbers refer to the size of the encryption keys that are used to encrypt the data. 256-bit AES is stronger than 128-bit AES, but both of them can provide significantly greater security than the standard Zip 2.0 method described below. An advantage of 128-bit AES is that it is slightly faster than 256-bit AES, that is, it takes less time to encrypt or decrypt a file.
  The security of your data depends not only on the strength of the encryption method but also on the strength of your password, including factors such as length and composition of the password, and the measures you take to ensure that your password is not disclosed to unauthorized third parties. Please read about encryption passwords.
  Note that the Zip file format extension used by WinZip Courier to store AES-encrypted files is not supported by versions of WinZip prior to 9.0 and is not yet supported by some other Zip file utilities. Because the technical specification for WinZip Courier's AES format extension is available on the WinZip web site, we anticipate that other Zip file utilities will add support for this format extension.
• Legacy (Zip 2.0) encryption: this older encryption technique provides a measure of protection against casual users who do not have the password and are trying to determine the contents of the files. However, the Zip 2.0 encryption format is known to be relatively weak and cannot be expected to provide protection from individuals with access to specialized password recovery tools.
  You should not rely on Zip 2.0 encryption to provide strong security for your data. If you have important security requirements for your data, you should instead consider using WinZip's AES encryption, described above.

The only advantage of Zip 2.0 encryption over the more secure AES encryption is that it is supported by most Zip file utilities, including earlier versions of WinZip. Files that you encrypt using this technique can be extracted by anyone who knows the correct password and has access to almost any Zip file utility. Additionally, Zip 2.0 encryption is supported by WinZip Self-Extractor 2.2 and later and by WinZip Self-Extractor Personal Edition (included in WinZip 9.0 and later); the AES encryption method described above is only supported by WinZip Self-Extractor 3.0 and later."

Limitations to be aware of

WinZip Courier's AES encryption facility represents a significant advance on the previous Zip 2.0 encryption, and it can help meet the need that many WinZip Courier users have for preventing their confidential information from being viewed by unauthorized individuals. There are, however, some limitations that you should be aware of:

• Encryption applies only to the contents of files stored within a Zip file. Information about an encrypted file, such as its name, date, size, attributes, and compression ratio, is stored in unencrypted form in the Zip file's directory and can be viewed, without a password, by anyone who has access to the Zip file.
• WinZip Courier's encryption method is not the same thing as an authentication method for the Zip file. WinZip Courier's encryption is intended to prevent someone who doesn't know the correct password from finding out the contents of your encrypted data. The password is not needed for actions that do not involve decryption of the encrypted contents of data stored within a Zip file. In particular, encrypted files can be deleted from a Zip file, or can be renamed within a Zip file, and new, unencrypted, files can be added to a Zip file, without a password.
• WinZip Courier uses password-based encryption, and even a strong encryption algorithm like AES is of little or no benefit if the passwords you use are weak, or you do not keep track of them in a secure manner.

Notes on encryption safety

Encryption provides a measure of safety for your sensitive documents, but even encrypted documents can be compromised (regardless of whether they were encrypted by WinZip Courier or by other encryption software). Here are some of the ways this can occur. This is by no means an exhaustive list of potential risks; it is intended only to give you an idea of some of the safety issues involved with sensitive documents.

• If a keystroke monitor or other malicious code (such as a virus) is running on your computer, your password may be recorded when you type it. Be sure to check frequently for viruses and follow other recommended computer safety procedures.
• If you extract an encrypted file and then delete the file, it may be possible for someone to later "undelete" the file using file recovery software or the Recycle Bin.
• When you open or view a file from an archive (e.g., by double clicking it), WinZip must extract the file to a temporary location so that the associated program can open it. If you subsequently close WinZip without first closing the program that is using the file, WinZip may not be able to delete the temporary copy of the file, thereby leaving it on disk in unencrypted form. The associated program may also make one or more backup copies of the decrypted file, and WinZip will not be able to delete these. In addition, as described above, it may be possible for someone to later recover deleted files using file recovery software or the Recycle Bin.
• When you "move" files to a Zip file by choosing the Move action in the Add dialog, WinZip moves the files into the Zip file by compressing them and then deleting the original files from the disk. It may be possible to recover the original, unencrypted files from the disk.
• After adding or extracting encrypted files, some or all of the unencrypted file contents may remain in your computer's memory or the page swap files on disk. A malicious user may be able to retrieve this unencrypted information.
• WinZip Courier does not encrypt Zip file comments or, as described above, information about encrypted files such as their names, dates, etc. Any user with access to the Zip file can view this information without a password. You may be able to eliminate some of these exposures using specialized software such as virus scanners, disk erasers, etc.

Technical information on AES key generation

When you use AES encryption with WinZip Courier, the passwords that you enter are converted into keys of the appropriate length (128 bits or 256 bits, depending on the AES key length that you specify). This is done through the PBKDF2 algorithm defined in RFC 2898 (also available as Public Key Cryptography Standard #5) with an iteration count of 1000. 8-byte salt values are used with 128-bit AES encryption and 16-byte salt values are used with 256-bit encryption.

As part of the process outlined in RFC 2898 a pseudorandom function must be called; WinZip Courier uses the HMAC-SHA-1 function for this purpose, since it is a well-respected algorithm that has been in wide use for this purpose for several years. The PBKDF2 function repeatedly calls HMAC-SHA-1, which produces a 160-bit hash value as a result, mixing the outputs in a fairly complicated way, eventually yielding a 128- or 256-bit encryption key as a result.

Note that, if you are using 256-bit AES encryption, the fact that HMAC-SHA-1 produces a 160-bit result means that regardless of the password that you specify, the search space for the encryption key is unlikely to reach the theoretical 256-bit maximum, and cannot be guaranteed to exceed 160 bits. This is discussed in section B.1.1 of the RFC 2898 document.

Information for software developers

Zip file utility developers who wish to provide WinZip Courier-compatible AES encryption support in their own products can find complete technical information on the WinZip web site.

See also

• Using Encryption
• Encryption Passwords

WinZip Courier Help Navigation

Table of Contents