Secure E-mail Attachments with 7-Zip

Print this articlePrint this article

E-mail is an inherently insecure communication medium. It is very important that sensitive information not be sent in e-mails, either in the e-mail subject/body or as an unsecured attachment. This article explains how to secure an e-mail attachment by encrypting it and adding a password using a tool called 7-Zip.

WinZip can be used interchangeably with 7-Zip for either securing or accessing the attachment. Meaning that you can create an encrypted archive with 7-Zip and decrypt it with WinZip, and vice versa.

Securing an Attachment

1. Locate the document you would like to send and right-click it. Click 7-Zip, then Add to archiveā€¦ as shown in the image below. If you do not see these options 7-Zip is probably not installed. Please submit an installation request to CCIT by sending an e-mail to ccit@columbia.edu.

2. In the 7-Zip window that appears, select the Zip option for the Archive Format. Select the AES-256 option for the Encryption Method.

Enter and renter a password of your choice. This password should not be the same as any of the passwords you use for your existing computer or system accounts (e.g., UNI, College Domain, Exchange/Outlook). Ideally you will not repeat this password even when creating new archives, but choose a new once each time. Keep in mind that this password is not recoverable. If it is forgotten or lost the documents in the encrypted archive cannot be decrypted.

You can also change the name of the archive and the location where it will be created. Click OK when finished with the above steps.

3. When the archive is created, it will appear in the location you chose, or in the same directory as the file that was archived if no location was specified.

4. Add the encrypted, password-protected archive to your e-mail. Do not include the password for the archive in the same e-mail that the archive is attached to. Ideally you will tell the recipient the password over the phone or in person. If neither of those are a possibility, send the password in a separate e-mail with no other information in the e-mail that would indicate what the password is for.

Decrypting the Attachment

1. Locate the document you would like to send and right-click it. Click 7-Zip, then Extract Here as shown in the image below.

2. You will see a password prompt. Enter the password given to you by the creator of the archive and click OK.

3. The decrypted files will appear in the same directory as the archive, as shown in the image below.