PeaZip is a free file archiver especially focused on security, which
supports reading and writing (encryption and decryption) of many strong
encryption standards,
optionally using 2FA two factor
authentication (password and keyfile) for increased security
against means like social engineering
or dictionary based attacks (that
can considerably reduce the effort of brute-forcing a textual password
or passphrase).
Purposes of file
encryption
Use of end-to-end
cryptography, in which sender and recipient are in
charge of encrypting and decrypting the encoded data, is strongly
recommended
each time sensitive data is sent to (or through) external servers, even
if the
service is advertised implementing cryptography measures.
In example, creating encrypted mail
attachments (and to encrypt uploads to cloud services) preserve
data secrecy against any unauthorized access to user's private
information and data even in case the service is
compromised, either by successful attack, insider breach, or plain
change of policies granting access to unwanted subjects: to open and extract the encrypted file
will always require the encryption password to be known.
Encryption algorithms supported by PeaZip
Cryptographic
protocols supported by PeaZip free encryption utility for writing
(creating password protected archives) are:
- 7Z
-
7-Zip / p7zip
AES256-based encryption
- ZIP / ZIPX
-
WinZip AE (Advanced
Encryption), AES256-based
- ZipCrypto, for
legacy compatibility purpose only as the algorithm is considered weak
under today's standards, not recommended to protect sensitive data
- ARC
- FreeARC ARC format implementing
encryption scheme that supports AES256, AES contest finalists
Twofish256 and Serpent256 algorithms, and classic Blowfish algorithm
- PEA
- PeaZip's native .pea file format,
supporting AES, Serpent and Twofish (128 and 256 bit) EAX-mode
authenticated encryption, enforcing
cryptographically strong data secrecy and verifiable autenticity. Also,
PEA format can use cascaded AES, Serpent and Twofish - all the data
will be encrypted and authenticated by all the trhree cyphers.
- RAR, if WinRar is installed in the system
- RAR4 AES128-based encryption
- RAR5 AES256-based encryption
- ZPAQ
- ZPAQ AES256-based encryption
PeaZip free encryption utility supports (read-only) decryption of ACE
archives.
Read more about data encryption: NIST
Information Technology Portal, IACR Cryptology archive, Wikipedia
entry for encryption,
view description of Advanced Encryption Standard finalists: Rijndael/AES, Twofish, and Serpent ciphers.
Read about how quantum computing would likely affect symmetric key
encryption algorithms employed in PeaZip, under current understandings
of quantum computing technology, on Post-quantum computing
cryptography analysis page.
Create a new encrypted
archive
To create an encrpted
file archive (password protect
files within archives), chose an archive type
supporting encryption, as ZIP, 7Z, ARC, PEA, and ZPAQ, add files to the
archive being created as explained in the FAQ page, then click on the
padlock icon to
set a password and optionally
a keyfile for the archive -
the icon is in the status bar in the file/archive browser, and under
the output file name in the archive creation interface.
|
Please note the password will be
applied to the objects that will be added to the archive in the current
operation - 7Z,
ARC, ZIP, and ZIPX archives support file
level encryption (supports mutiple encryption passwords),
so
each file
in an archive could have, if desired by the archive creator, a
different password - so applying a password to an existing
archive will not affect it (will not apply password protection to
already archived files). |
Encrypt an already
existing archive
To password-protect an already existing archive you need to extract and
rebuild it, applying the desired password.
Archive conversion
interface can help
automating the task.
|
PeaZip
provides an integrated utility to create
random keyfiles and
passwords sampling entropy from the system and from user's
interaction, Crtl+F9 or main applications' menu Tools > Create
random password / keyfile
|
|
Manage encryption
passwords
PeaZip's password manager is
available from main menu, Tools > Password manager.
The password list file is saved in private user's path, allowing each
user to maintain a personal password manager containing different
passwords or passphrases not accessible to other standard users of the
same system.
Optionally, the user can decide to encrypt the password list with a
master password, making the passwor manager private even to
administrative accounts of the same machine, being the data file
unreadable until the correct password is provided.
|
Some
archive types, like 7Z and ARC, support encrypting
files names
of items
added to the archive: in this case it will not even be
possible to see the list of archive's content, file and directory
names (in
case the very names expose sensitive information), without knowing the
password. This option is available in
Password dialog - PEA and ZPAQ formats will always encrypt name of
files inside
an encrypted archive. |
Encrypt files with two
factor authentication (password and keyfile)
PeaZip free encryption
software
supports optional two factor
authentication (2FA) for any
write-supported archive format (7Z, ARC, PEA, RAR, ZIP) using both a
password (the element you know) and a keyfile (the element you have) to
encrypt the content - it only needs to enter a keyfile in password
dialog when creating the archive.
If a keyfile is set for any
other format than PEA (which has its own way to use keyfile) the SHA256
hash of the file encoded in Base64 (RFC 4648) is prepended to the
password used to build the archive, using standard archive format
encryption mechanism.
This simple password / keyfile combination scheme allows to retain read
compatibility with any other file archiver, even ones not supporting
keyfile parsing (or with different two factor authentication
implementation), simply
passing the Base64-encoded SHA256 hash of the keyfile as the first part
of the password.
|
KNOWN LIMITATION: two
factor authentication (2FA) is not available for self-extracting archives
(which can be built with 7Z or ARC compression), because usage of
keyfile is not supported by available SFX modules - otherwise resulting
executables would be unable to exctract themselves. When a
self-extracting archive is created, only the password (if provided)
will be used for encrypting it, and only the password will be needed to
extract & decrypt it.
|
Chose the encryption
algorithm
In "Advanced" tab
of archive creation interface users can chose
encryption method to apply to the archive: by default the recommended
method will be displayed.
For
increased security, PeaZip file manager supports secure
file deletion to erase tracks of
unwanted data.
Read more about how to create
encrypted 7Z archives, encrypt
PEA archives with AES, Twofish, or Serpent, create password protected RAR files
with PeaZip if WinZip in featured on the same machine, encrypt ZIP files, create encypted ZPAQ archives.
Synopsis: How to
encrypt 7Z PEA RAR ZIP files. Use PeaZip free file encryption utility
to create encrypted archives, apply AES Twofish Serpent strrong
cyphers. What is strong file encryption meaning. How to
set password protection to archive files.
Topics: what is strong
encryption, how to encrypt files, create encrypted archives with PeaZip
PeaZip > FAQ
> Free encryption software, encrypt 7Z PEA RAR ZIP files
|