E-mail is an inherently insecurecommunication medium. It is very important that sensitive information not be sent in e-mails, either in the e-mail subject/body or as an unsecuredattachment. This article explains how to secure an e-mail attachment byencrypting it and adding a password using a tool called WinZip.
7-Zip can be used interchangeably with WinZip for either securing or accessing the attachment. Meaning that you can create an encrypted archive with WinZip and decrypt it with 7-Zip, and vice versa.
Securing an Attachment
1. Locate the document you would like to send and right-click it. Click WinZip, then Add to Zip file… as shown in the image below. If you do not see these options WinZip is probably not installed. Please submit an installation request to CCIT by sending an e-mail to firstname.lastname@example.org.
2. In the WinZip window that appears, check the Encrypt added files option. Uncheck the Include system and hidden files option. You can also change the name of the archive and the location where it will be created. Click the Add button when finished with the above steps.
In the Encrypt window that appears, select the 256-Bit AES (stronger) option for the Encryption Method. Enter and renter a password of your choice. This password should not be the same as any of the passwords you use for your existing computer or system accounts (e.g., UNI, College Domain, Exchange/Outlook). Ideally you will not repeat this password even when creating new archives, but instead choose a new once each time. Keep in mind that this password is not recoverable. If it is forgotten or lost the documents in the encrypted archive cannot be decrypted.
3. More files can be added to the archive at this point. Any files in the archive will not be locked until the archive is closed by clicking the Exit option in the File menu.
4. When the archive is created, it will appear in the location you chose, or in the same directory as the file that was archived if no location was specified.
4. Add the encrypted, password-protected archive to your e-mail. Do not include the password for the archive in the same e-mail that the archive is attached to. Ideally you will tell the recipient the password over the phone or in person. If neither of those are a possibility, send the password in a separate e-mail with no other information in the e-mail that would indicate what the password is for.
Decrypting the Attachment
1. Locate the document you would like to send and right-click it. Click WinZip, then Extract Here as shown in the image below.
2. You will see a password prompt. Enter the password given to you by the creator of the archive and click OK.
3. The decrypted files will appear in the same directory as the archive, as shown in the image below.