What program do you recommend for encrypting a ZIP or other archive?

Discussion in 'privacy technology' started by chileverde, May 12, 2019.

  1. chileverde

    chileverde Registered Member

    Joined:
    Apr 14, 2005
    Posts:
    36
    I would like to encrypt an archive with files containing information which a relative would need to handle my affairs after my demise. Most of the articles I have found mention 7-Zip, WinZip, and/or WinRAR. I don't mind paying for a program. The most important factors to me are that the program is reliable in providing secure encryption and in being able to decrypt the files! I read that one of these programs (7-Zip?) requires decrypting the entire archive to add files: I guess a program that allows one to update or add a file without decrypting the whole archive would be an advantage.

    I will appreciate any advise about these or other programs and about which archive format to use. One article recommended 7-Zip's own format over ZIP. I do understand that with any of these programs I should use AES-256 encryption.

    I think the people who would need to decrypt the archive have Windows computers, but I would like to know if archives encrypted with any of them can be easily decrypted on a Mac.
     
  2. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,539
    Location:
    Italy
    Bandizip.
     
  3. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    19,884
    This will be the case for "solid" RAR/7-zip archives (ZIP-files are always non-solid)

    If you want to creative non-solid RAR-archives you can untick "Create solid archive".
    Non-solid 7-Zip archives - Choose: "Solid Block Size: Non-solid"
     
  4. chileverde

    chileverde Registered Member

    Joined:
    Apr 14, 2005
    Posts:
    36
    Thanks for explaining.
     
  5. chileverde

    chileverde Registered Member

    Joined:
    Apr 14, 2005
    Posts:
    36
    Looks very good. I see there are both Windows and Mac versions. Will check it out further.

    With archives created in Bandizip can file names be read without decrypting? I read they can be seen with one of the other programs.
     
  6. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    19,884
    In general the encryption of filenames is only possible for a few archive formats (for example: .rar, .7z)
    This means if you need encrypted filenames, choose .rar or .7z. for your password-protected archives.
     
  7. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    211
    Location:
    Island of Woman
    bandizip does not encrypt file names, 7zip does, but it seams more vulnerable to various CVEs (EDIT: it does, my bad, need to pick 7Z format first)
    bandizip encryption mechanism seams safer (some security options and it's often updated), it supports 256 too (not that anybody would decrypt your 128AES)
    some of pentesters I found on public Internet (like hackernoon's owner) recommended bandizip and it must be for a reason (or not)
    it is cool idea imo to encrypt stuff when you are in a VM, for instance a usb drive or encrypt then commit/save, so no temp files are left around (used to decrypt zipped files)
    you could use vera crypt (or eset container) but the hidden folder is a pain in the ass and requires veracrypt to run (vera crypt is good for other stuff imo), there is also a free AES cryptor with 128AES option, but these crypto solution are software dependent which sucks.

    generally I'd stick with bandizip or 7zip portable just to encrypt file names 2, then decrypt with whatever you want
     
    Last edited: May 19, 2019
  8. chileverde

    chileverde Registered Member

    Joined:
    Apr 14, 2005
    Posts:
    36
    @lucd,

    Thanks for your recommendations. I have a few questions. (I am not an IT pro.)

    So Bandizip does not encrypt file names even if I am creating a .7z archive? As a test, I created two .7z archives with Bandizip—one encrypted, the other not. In file explorer, when I right-click on the unencrypted archive, several file names are displayed in a preview pane, and if I click anywhere on the pane, a new window opens displaying a list of all the files in the archive; when I right-click on the encrypted archive, in the menu that appears there is an area where the preview pane would be, and it is blank except for the message "Filename is encrypted". Am I missing something?

    Setting up a VM is beyond my capabilities. My plan is to create an encrypted archive on my laptop, which has WDE, then copy the archive to a USB flash drive. So any temp files would be on my computer, hopefully cleaned by CCleaner the next time I run it, but on an encrypted partition in any case. So can I just run Bandizip from Windows rather than using a portable version?
     
  9. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    211
    Location:
    Island of Woman
    I don't see an option to encrypt file names, as I see it in 7zip and right next to encrypt file but maybe there is a way (I'd like to know if s.o. can tell me please)
    you can use partial VM like Shadows Defender or Time Freeze if you rock on one drive
    what's an IT guy? an IT guy will not necessarily know about VM , he can a programmer but suck at networking etc follow the shadow defender instructions its very easy and worth it imo. The GUI is very newbie friendly and intuitive
    I dunno, I prefer that all temp stuff are deleted at reboot thats why VM or ramdisk are ideal, it depends on where you set your temp (tmp) for a program, you can also use HDcleaner its more comprehensive. Alternatively you can set a schtask to clean without programs ie
    cleanmgr /sageset:1
    schtasks /Create /TN "Autoclean" /TR "%windir%\system32\cleanmgr.exe /sagerun:1" /SC Daily /ST 18:00
    params:
    Parameters:
    • /tn TaskName Specifies a name for the task.
    • /tr TaskRun Specifies the program or command that the task runs. Type the fully qualified path and file name of an executable file, script file, or batch file. If you omit the path, Schtasks.exe assumes that the file is in the Systemroot\System32 folder.
    • /sc schedule Specifies the schedule type. Valid values are MINUTE, HOURLY, DAILY, WEEKLY, MONTHLY, ONCE, ONSTART, ONLOGON, ONIDLE.
    • /mo modifier Specifies how frequently the task runs in its schedule type. This parameter is required for a MONTHLY schedule. This parameter is valid, but optional, for a MINUTE, HOURLY, DAILY, or WEEKLY schedule. The default value is 1.
    • /d day Specifies a day of the week or a day of a month. Valid only with a WEEKLY or MONTHLY schedule.
    • /m month[,month...] Specifies a month of the year. Valid values are JAN - DEC and * (every month). The /m parameter is valid only with a MONTHLY schedule. It is required when the LASTDAY modifier is used. Otherwise, it is optional and the default value is * (every month).
    run this at command prompt and tweak accordingly
    best
     
    Last edited: May 19, 2019
  10. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    19,884
    To have encrypted filenames, the archive needs to be password-protected (no password protection = no encrypted filenames)

    Bandizip will always encrypt the filenames if the archive is password-protected (and of course only if the archive format supports encrypted filenames)
    For example for Winrar/7-Zip there is a toggle for it:
    7z.png
     
    Last edited: May 19, 2019
  11. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    211
    Location:
    Island of Woman
    @mood my bandizip is not encrypting file names when they are password protected on several PCs, where's the option or so-called toggle "encrypt file names" in bandizip? I chip in this conversation because I was searching for this option, thanks
     
  12. chileverde

    chileverde Registered Member

    Joined:
    Apr 14, 2005
    Posts:
    36
    I see now that Bandizip allows me to choose temp file location. I could delete its contents after using Bandizip. That would be easier for me than running it from a flash drive.

    Regarding encryption of file names, did you create an encrypted .7z archive and you could see the file names when looking at the archive without giving password?
     
  13. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    211
    Location:
    Island of Woman
    extension options, I pick .zip, then I set a password and toggle "Enter password", then after compression/encryption I can easily read whats inside, maybe there's some hidden option or I didn't see it, its not in the main GUI though


    1.png 2.png
    3.png
     
    Last edited: May 19, 2019
  14. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    19,884
    At least it will be the case for password protected 7-zip archives.
    Try to create a password protected 7-zip archive with Bandizip and you'll see that filenames will be encrypted.

    Remember, only a few archive formats are supporting the encryption of filenames:
     
  15. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    211
    Location:
    Island of Woman
    the options are as in the image, I don't see 7-zip one

    EDIT: ok 7Z is the 7-zip I didn't see that,

    I knew about the format rescriction just didn't realize and see 7Z is 7-zip haha, must have been that
    thanks to both of you
     
    Last edited: May 19, 2019
  16. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,539
    Location:
    Italy
    AES-256 encryption is not enabled by default.
     
  17. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    19,884
    Archive format: 7Z
     
  18. chileverde

    chileverde Registered Member

    Joined:
    Apr 14, 2005
    Posts:
    36
    Not sure whether that applies only to ZIP archives. In any case, I checked the option "Use AES256 encryption when creating Zip files" and my 7Z archives are also encrypted with AES-256.

    In Settings > View check Encryption Method. Then you can open an archive in Bandizip and verify that each file was encrypted with AES-256.
     
  19. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    211
    Location:
    Island of Woman
    @chileverde in 7-zip right click the file go to CRC then choose the hash type and it shows it, not sure you can do that in bandizip, would be great
    when u have hash u can go here quickly https://whitelisting.kaspersky.com/advisor#search/
    as for bandizip unthick the copy zone indentifier to archive, the less ADS the better
     
    Last edited: May 29, 2019
  20. dogbite

    dogbite Registered Member

    Joined:
    Dec 13, 2012
    Posts:
    1,247
    Location:
    EU
    When on Linux I use the embedded archive tool which is basically 7zip. On Windows Peazip is my favorite by far.
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.