Using compression to encrypt files

If you’ve been looking for a way to secure files, either during storage or transmission, the use of updated compression software might offer some help.

We recently got a hold of PKWare Inc.’s new PKZIP 5.0 compression software, which gives users the ability to encrypt and authenticate the files they’re compressing. It offers users a great way to secure files they want to send, whether they place the files on a disk or send them over the Internet.

PKWare developed the .ZIP format in 1989, and has been one of the leaders in the compression market. Now, with the addition of strong encryption, it wants to lead file compression in new directions. The new software will come in two versions, basic (PKZIP 5.0 Standard Edition) and advanced (PKZIP 5.0 Professional Edition). The Standard Edition allows for traditional zipping and unzipping and adds basic levels of security by adding password protection for compressed files.

The Professional Edition can support multiple levels of security, up to Triple-DES, 168-bit encryption, with a movement toward the Advanced Encryption Standard. The advanced version also provides for automated compression, digital signing and encryption for Microsoft Outlook users. PKWare says a public-key infrastructure (PKI) is not required to realize the benefits of the product.

The software integrates support for standard X.509 Version 3 digital certificates with PKI to sign and encrypt the compressed files. When you compress a file, the software lets you choose to assign a password and/or digital certificate (if available) to encrypt the files. You also can choose to digitally sign every file within a file archive.

Files created with PKZIP 5.0 (even password-protected ones) can be opened with other compression software, such as WinZIP, so users don’t have to worry about recipients not being able to open the files (as long as they know the password, that is).

Another benefit can be the reduction of file size for encrypted files. When you encrypt a file, it generally increases the file size. Compressing the file with PKZIP before encryption requires less storage space than noncompressed encrypted files. This saves not only on storage space, but also can reduce the amount of bandwidth needed for transmitting the encrypted files.

The user interface should be familiar to users of PKWare’s older versions or WinZIP. It was easy to create file archives, and even self-extracting archives, with this software. The addition of security features did not increase the complexity of using the software. We were impressed with the user interface and how easy we could accomplish the tasks of compressing and decompressing file archives. The software gave us the choice of a “traditional” or wizard-based interface, which offers users different ways of approaching the same task.

PKWare is looking at some vertical markets, such as government and healthcare, that have an increased need for secure file storage and transmission. But the software can benefit regular users looking to provide more security for the files they store or send. Both editions of the PKZIP software are available for Windows 98, ME, NT 4.0, 2000 and XP systems. It also is available for Unix (Linux, HP-UX, SPARC Solaris, IBM-AIX), mainframe, AS/400 and DOS systems. The Professional Edition is available now via PKWare’s Web site ( and will cost about US$50 (a special offer for $40 expires around Aug. 15). The Standard Edition costs $30 (with a special offer of $25 until Aug. 15).

Shaw can be reached at