There are a few theories as to why desktop encryption products are only used among those who absolutely must use them. Two of my favorites deal with usability:
- The process of encrypting or decrypting something is often too arcane for most people, even when it's simplified quite a bit.
- If someone else wants to make use of what you've encrypted, they often have to download and install software that's intrusive and difficult to use -- which is, in a way, an extension of the first problem.
Data security vendor PKware Inc., the maker of the PKZIP family of products, is doing its best to break through this double impasse with a new product, SecureZIP, version 11. It's a multi-platform .zip application, billed as "the next generation of ZIP," and it includes strong password- and certificate-based encryption as a standard feature. Most everyone knows how to create a .zip file or unpack one; PKware's guess
is that by adding strong encryption as a standard .zip feature, they can make it that much easier for people to encrypt documents and email. In that sense it's similar to products like MessageLock, but MessageLock is specifically designed as an Outlook extension while SecureZIP is more general-purpose.
SecureZIP installs and runs primarily as a .zip file client, so the user doesn't have much of a learning curve to get over. Right-click on the file, select the appropriate context menu option and the .zip file appears in the same directory. The only overhead that SecureZip adds is to prompt the user for a password. As long as recipients of the file have the password, they can extract the file. But if they don't have SecureZip on their end, they can elect to automatically create a self-extracting archive (which can run on Windows, Linux, DOS, Solaris and a variety of other platforms). AES 256-bit encryption is used by default, but 128- and 192-bit AES (as well as 168-bit 3DES) are also available. SecureZip can also optionally install a system tray icon that allows quick access to common options such as signing attachments or encrypting a message body.
Advanced SecureZip options include signing files with encryption certificates as well as password protection.
If password encryption alone isn't enough, SecureZip allows files to be automatically signed using a digital certificate, one either stored locally or available through a directory. Received signed files can also be authenticated against the signature's public key (if one is available). In addition, you can use a certificate as a recipient list with or without a password so that a given file cannot be decrypted by anyone except the intended recipient.
SecureZIP integrates into Microsoft Outlook as a message-encryption solution. By default, it automatically compresses any attachments sent through Outlook and installs a toolbar to let you set message-specific options. It supports both Outlook 2003 and 2007, although integration with OL2K7 is a little clunky at the moment -- the SecureZip toolbar shows up in the Add-Ins tab for a message. If you elect to encrypt an entire email and not just its attachments, then the message, attachments and all, are packed into a file and encrypted with instructions for extraction. A SecureZIP user at the other end will be prompted to automatically extract the file. Those without SecureZIP can download a free tool, ZIP Reader to unpack the message, which also works with standalone .zip archives.
SecureZip makes the basic process of securely encrypting documents and email as easy as creating a .zip file.
One possible problem with SecureZIP is that people on locked-down machines who cannot install or run programs arbitrarily must have SecureZIP or the ZIP Reader added by an administrator in order to receive messages. If the lockdown on their end is tight enough, they probably won't even be able to unpack a self-extracting archive created by SecureZIP. But, realistically speaking, this isn't a limitation of SecureZIP per se, and the way SecureZIP is implemented makes it a lot easier for people to perform good encryption (that is, encryption that isn't going to be broken casually) without a huge amount of work.
Finally, in addition to the desktop version, PKware publishes an advanced server edition of SecureZIP, which includes extensions for FTP and SMTP -- a feature set I'm deeply curious about and would like to explore separately at another time.
About the author: Serdar Yegulalp is editor of the Windows Power Users Newsletter. Check it out for the latest advice and musings on the world of Windows network administrators -- and please share your thoughts as well!
