• Create and Extract OpenPGP files. Some organizations use encryption tools based on the OpenPGP standard, rather than X.509. SecureZIP extracts and decrypts files that comply with the OpenPGP standard, RFC 4880. SecureZIP can also create and sign OpenPGP-compliant files. You can also use OpenPGP keys to encrypt and decrypt data within ZIP archives.
• Message Digest Display. Display the hash value (also called a "message digest") and CRC checksum for a file using the messagedigest command. This feature will help meet ONC Meaningful Use requirements.
• Digital Time Stamping for signed archives. When you need to establish not only who is responsible for a file or set of files, but also when it was created, digital time stamping is a critical service. With SecureZIP’s support for digital time-stamping, you can add a timestamp to any signed archive. SecureZIP will also verify existing time stamps.
• FastAES. Support for Intel® processors that implement AES-NI. Other processors may also gain from using a more optimized Advanced Encryption Standard algorithm. FastAES is not available when using FIPS 140 mode.
• Extract 7-Zip files and CD/DVD Data Image files. SecureZIP now extracts 7-Zip and three types of files typically associated with CD and DVD data images: CDR, ISO, and IMG.
• Preserving Zone Identifier information in downloaded files. When you download a file from any other computer with Microsoft Internet Explorer, the browser attaches “security zone” information about the computer hosting the file in an alternate data stream. By default, SecureZIP now preserves this information.

Yes, a problem was detected in the operation of this option setting in versions prior to V12.0. Content of ZIP files created using this option setting was similar to that of either the "-dir" or "-dir=current" options with leading folder information retained that would not be expected if the "specify" sub-option was used. This issue was resolved in V12 and "-dir=specify" now operates correctly.

PKZIP/SecureZIP is supported on Solaris (UltraSPARC and x86), HP-UX (Itanium-only), and IBM AIX. Support for HP-UX on PA-RISC is discontinued beginning with V14.10.0011.

PKZIP/SecureZIP is supported on x86 processors running Ubuntu, RedHat Enterprise Linux and SUSE Linux Enterprise. The Linux version is also available for Linux on System z.

PKZIP/SecureZIP Server is supported on Windows Server 2012, Windows Server 2008 R2, Windows Server 2003 R2, and Windows Server 2003. It is not formally supported, but is known to run without issues on Windows Vista and Windows 7/8.

ZIP (including files with the .zipx extension), TAR, RAR, Gzip, Bzip2, JAR (Java Archive), UUencode, XXencode, BinHex, ARJ, Z, and LHA/LZH. On Windows, CAB files can also be extracted. PKZIP/SecureZIP provides the same interface for extracting from all of these archive types.

ZIP, TAR, Gzip, Bzip2, UUencode, and XXencode.

PKZIP/SecureZIP tries to change the settings of your terminal. When it runs in the background, PKZIP is not able to change the settings, and waits until it can. Using the -silent option will change that behavior, as well as suppress all output. Please read Appendix E of the User’s Manual, for more hints and tips on running PKZIP/SecureZIP in the background or from a script.

PKZIP/SecureZIP returns a value to the shell to indicate error status. On UNIX or Linux, one normally checks this by checking the value of $? immediately after running the command. If $? is 0, then everything was all right. On Windows, one checks the “errorlevel”. If the errorlevel is set to 0, then everything was all right. Please read Appendix B of the User’s Manual for more information.

There are several operations for which PKZIP/SecureZIP creates temporary files:

• Updating an archive: When you update an archive, PKZIP/SecureZIP first creates and updates a temporary copy of the archive. When the update is completed, the original archive is replaced with the updated copy. Data in the temporary file is encrypted if it was encrypted in the archive you are updating. Similarly with new or updated files for the archive: they are encrypted in the temporary file if they are to be encrypted in the updated archive.

• Creating a spanned archive: A temporary file is created to span an archive in segments across multiple discs or other media. Data in the temporary file is encrypted if it is to be encrypted in the final archive.

• Extracting an embedded archive: An archive can be embedded in another archive. For example, a ZIP file can contain another ZIP file, or a GZIP archive can contain a TAR archive. The embedded option can be used to extract the files in an embedded archive file directly instead of first extracting the embedded archive itself. In this case, the embedded archive is extracted into a temporary file before its files are extracted. The data in the temporary file is encrypted only if the archive is encrypted. Example1: if outside.zip contains inside.zip, the data in the temporary file is encrypted only if it was encrypted in inside.zip. Example2: if outside.zip contains inside.tar, the data in the temp file is NOT encrypted, as TAR doesn't allow for encryption.

• Creating streamed archives: When you write an archive to a data stream—for example, to STDOUT (see chapter 3 of the Users Manual for the Server or Command Line products—PKZIP compresses and (if encryption is specified) encrypts the data before writing it to the temporary file. The temporary file is needed to get size information for local headers, which are written out before file data. But the data is already compressed and encrypted when it’s placed in the temporary file; it never appears on disk unencrypted.

This option appears in V14 help screens when using the -help option. This option is not operational in the software at this time. Please watch for future versions that will enable this capability.

When the -shred option is selected in V14 and higher, PKZIP/SecureZIP will first rename the file to be shredded to a temporary name. The name reported during a shred operation will be the renamed temporary file name.

There is a documented issue with using certificates signed using SHA2 if you are using Microsoft Windows 2003 R2 or a 64-bit version of Windows XP. You will need to obtain and apply a Hotfix from Microsoft to resolve this problem. Additional information on this issue is available directly from Microsoft using the following URL, http://support.microsoft.com/default.aspx?scid=kb;EN-US;938397. PartnerLink customers providing new Software Distribution Packages (SDP) to their partners should inform them to obtain and apply this Hotfix from Microsoft if they will be using SHA2-signed certificates on the affected platforms.

Your files are only as secure as your password, but that can be a problem sometimes. It is important to make your passphrase easy for you to remember, but hard for anyone else to guess. PKZIP/SecureZIP does not store an archive's passphrase anywhere but inside the file. PKWARE has no special means for “getting around” the encryption and is not able to assist in the recovery of an encrypted file.

There are several reasons you may be asked to enter a password even though you are using a digital certificate. One reason is that your digital certificate may be protected with “two-factor” authentication. One form of “two-factor” authentication uses a password you define to control use of your certificate. This means that in order to use your certificates private key for signing or decrypting, software applications such as PKZIP/SecureZIP can only use it if you grant access to your private key. Providing your password when prompted grants PKZIP/SecureZIP access to use your private key. If you are using a password to protect the private key for your digital certificate, make sure you remember this password just as you would if you were using a password to encrypt a .zip file without a digital certificate.

Another reason you may be asked for a password is that your private key is not available. To open a .zip file using your digital certificate, your private key must be available on the machine where you are working.

Your digital certificate resides on the computer where you use it to encrypt and decrypt your .zip files. To ensure you are able to use your certificate after replacing or repairing your computer, you must make sure you have a protected backup of your digital certificate, including your certificate’s private key. On UNIX and Linux make sure you include your “certificates.db” files with your routine system backup steps. You can also use the PKCertTool utility to export your certificate in UNIX/Linux. See "The PKCertTool export Command" in Chapter 6 of the User Manual for more information. On Windows, use the Certificate Export Wizard in Windows Internet Options to export your digital certificate. Be sure to export your private key.

No. Both the certificate and private key must be installed to your local system.

Only SecureZIP Enterprise supports using LDAP digital certificates to encrypt archives. See "Accessing Recipients in an LDAP Directory" in Chapter 3 of the Users Manual for more information.

No, the format for the files used to store encryption group data is inconsistent across vendors and in many cases is not documented by those vendors. Groups used with other OpenPGP products can be easily configured using SecureZIP.

When using the –recipient option in V14.0 to specify an encryption key(s), the prompt to enter a passphrase may appear unexpectedly when no password/passphrase was required for the operation. Use the --passphrase setting on the command line to suppress this prompt. Alternatively, this setting can be set within the configured options using:

pkzipc –config –archivetype=pgp --passphrase

PKZIP and SecureZIP support adding file and archive comments for .ZIP files. The OpenPGP format does not natively provide the same capabilities. Using the -header or -comment options when creating an OpenPGP file will not place a comment into the resulting file as they would for a .ZIP file. Including either of these options on your command line when creating an OpenPGP file will not be reported as an error condition and your OpenPGP file will be created, however comment entries will be silently ignored.

Microsoft Crypto API (CAPI) provides storage for X.509 digital certificates which are not required for use with OpenPGP encryption. However, CAPI also provides access to cryptographic algorithms used by PKZIP/SecureZIP regardless of the type of key used. Users of PKZIP/SecureZIP must have appropriate access to Crytopgraphic Server Providers available through CAPI.

PKZIP/SecureZIP Windows Server Standard Edition is no longer offered by PKWARE. We recommend that you use PKZIP/SecureZIP Windows Server Enterprise Edition. If you were using Standard Edition on Windows Desktop, and need command line capabilities, you may also try PKZIP/SecureZIP Command Line Interface.