Using 7-Zip to Encrypt Sensitive Files
File encryption is considered as the best means of protecting sensitive and/or confidential documents whether or not they are to be shared or simply stored. This document provides guidance on installing and using two encryption tools for use on Windows and MacOs computers: 7-zip for windows and Keka for MacOS.
When sharing encrypted documents with others via email, do not give out the encryption password within the same email from which you are sending the encrypted file.
Send the password to the recipient either by calling them with the password or by sending an SMS text to their trusted mobile number.
Use a different medium for the password.
IMPORTANT: Once a .7z encrypted file is created and shared, the recipient must have the 7-Zip software to be able to decrypt the file.
Unless a self-extracting file is created during the encryption process, see ‘ALTERNATE METHOD TO SHARING ENCRYPTED FILES’ below.
The IT HelpDesk can assist with installation and use of these encryption tools however it is important to note that they cannot restore access to files should you forget the password.
Installing 7-zip (windows)
- Most CU owned PCs and laptops will already have 7-Zip installed on them.
However, if you are installing onto your own private machine, 7-zip is completely free software, just follow from step 2.
- Go to the url http://www.7-zip.org/download.html
- Select the appropriate version for the laptop or computer you are using, most modern Windows devices are 64-bit:
- Open the downloaded .exe file and follow the instructions, it’s a simple install.
Using 7-zip to encrypt a file or files (windows)
- To select a file to encrypt, use ‘My Computer’ or ‘Windows Explorer’ to bring up the folder / file and select by clicking the required file/folder:
- Right-click on the selected files and choose “7-zip” -> “Add to archive”:
Choose a name for the encrypted file and select the following recommended options:
- Archive format = 7z (Do not choose ZIP, this uses a much less secure encryption method)
- Enter a strong password that meets CU requirements (please do not use “concord” or “12345” or other weak password)
- Encryption method = AES-256 (the strongest and most secure encryption method)
- Encrypt the filenames = Enabled (check it) (this encrypts and hides the names of your files making it much more difficult to crack)
Click “OK” and an encrypted 7-zip archive file should appear in the same folder as your original files.
You can now securely email the .7z file to anyone (assuming the file size does not exceed 150Mb internal or 25Mb external).
The recipient can extract the encrypted file by simply double-clicking the .7z file, which will start the 7-Zip software and begin the extraction, or by right-clicking the .7z file -> “7-ZIP” -> “EXTRACT HERE”. They enter the password you provided to them to extract it, it cannot be extracted without it.
Alternate method to sharing encrypted files
If the recipient does not have the 7-Zip software installed, you can point them to the url shown above (windows only)
or you can use the following method, which creates a self-extracting (.exe) file that can simply be double-clicked and extracted using the supplied password, 7-Zip does not need to be installed by the recipient:
Make sure ‘Create SFX archive’ is enabled (checked) to create the self-extracting file:
The encrypted self-extracting .exe archive file should appear in the same folder as your original files.
Here’s the Catch: most email providers, including Office 365, do not allow the emailing of .exe attachments.
To get around this, CU users can utilize OneDrive to upload the encrypted .exe file and then share it with the intended recipient.
The recipient can then download it using the shared link and double-click to extract.
(Sometimes renaming the .exe extension can also work, but Office 365 usually detects it, it’s easier to simply share it with OneDrive)
Again, as a reminder:
When sharing encrypted documents, do not give out the encrypted file password using the same email from which you are sending the encrypted file.
Send the password to the recipient either by calling them with the password or by sending an SMS to their trusted mobile number.
Use a different medium for the password.
Installing Keka (MacOS)
You will need local administrator privileges to proceed with the installation, if you need assistance with this part of the installation, please contact the HelpDesk at x5291
When ready go to http://www.kekaosx.com/en/
Click the download method you prefer and follow the instructions:
Using Keka to encrypt a file or files
Open Keka, select 7z and enter a strong password.
Drag and drop one or more files you want to compress onto the Keka window and they’ll be compressed into an encrypted 7z file with the password you provided:
If you have any further questions regarding 7-Zip or Keka, please contact our HelpDesk at 304-384-5291 or [email protected]