Child pages
  • FAQS - Windows Desktop
Skip to end of metadata
Go to start of metadata
Generated: 2016-04-27 22:12:28.091000
Licensing
 Can I transfer my license to a new computer?

Yes, you can use the same license key on your new computer but be sure to remove the product from the old computer when you are finished. 

 How many licenses do I need to use on Terminal Server?

You will need the number of licenses to match the number you have for terminal server. 

 If I have a desktop and a laptop computer, how many licenses do I need?

In this case, you will need two.  You will need one license per computer. 

Latest Version

  What is the latest version of PKZIP / SecureZIP?

Latest English version: 14.40.0034; Latest Japanese version: 14.20.0019; Latest desktop command line version: 14.40.0028

Compatibility

  Is there a 64-bit version of the Policy Manager program available?

Yes, both 32-bit and 64-bit versions of the the Policy Manager program are available from PKWARE. If you are already using PKZIP / SecureZIP Enterprise or the Policy Manager on a 64-bit machine, you can download the new 64-bit Policy Manger installer from the Desktop Products update page. If you do not yet have PKZIP / SecureZIP Enterprise, the 64-bit software dowload now includes the 64-bit Policy Manager installer.


  Can I run PKZIP / SecureZIP for Windows Desktop under Microsoft Windows 8.1?

Customers running PKZIP or SecureZIP for Windows Desktop on Microsoft Windows 8.1 should use version 14.20.0019 or newer. Customers using earlier versions of PKZIP / SecureZIP on Windows 8.1 may experience a loss of functionality for operations using Drag-and-Drop. This includes operations such as dropping files onto the Desktop icon, or creating ZIP files using Explorer context menu.


  Can I run PKZIP / SecureZIP for Windows Desktop under Microsoft Windows 10?

Yes, the latest version of PKZIP / SecureZIP (14.40.0028) is supported on Windows 10. No known issues exist. An improvement to managing file associations is in progress.


  Can I run PKZIP / SecureZIP Command Line (CLI) for Windows Desktop under Microsoft Windows 8.1?

Yes, there are currently no known issues using the CLI program under Windows 8.0 or Windows 8.1.


  Can I run PKZIP / SecureZIP Command Line (CLI) for Windows Desktop on Windows Server?

No, PKZIP / SecureZIP Command Line (CLI) is designed to only run on Windows Desktop operating systems (Vista, Win7, Win8, Win10) and will not run on a Windows Server operating system. If you need a command line interface for a Windows Server operating system, try out PKZIP / SecureZIP for Server which is designed for server needs.


  Do Windows keyboard shortcuts work in PKZIP / SecureZIP for Windows Desktop under Microsoft Windows 8.1?

Some customers running PKZIP or SecureZIP for Windows Desktop on Microsoft Windows 8.1 have reported they can no longer use Windows keyboard shortcuts such as Ctrl-A to select all files. While this capability is not controlled by PKZIP / SecureZIP we currently are investigating this issue to identify if there is anything that can be changed in PKZIP / SecureZIP to resolve this.


  When uninstalling or upgrading PKZIP / SecureZIP in Windows 8.x, Windows Explorer failed to restart and I can't start programs or access files. What's going on?

During an upgrade or uninstall of PKZIP / SecureZIP, a prompt may appear if the Windows Explorer requires a restart to complete the uninstall / upgrade. This restart may be required to add or remove PKZIP / SecureZIP actions from the right-click context menu. Windows may fail to restart Explorer preventing program and file access. To avoid this issue when upgrading or uninstalling PKZIP / SecureZIP, should this prompt appear asking you whether Windows Explorer should automatically be closed, choose "Do not close applications". When the update / uninstall is complete, reboot your computer. If you already chose to auto-close Explorer and have run into this situation, press ctrl-alt-del. You have two options:Restart your computer (display the shutdown icon)If you have other programs running, you may prefer to start the Task Manager. Stop this instance of Explorer; Windows will restart it.


  Why do I get a message about an expired digital certificate when extracting PKWARE Desktop installer programs?

To ensure integrity of the application software, PKWARE digitally signs .EXE and Enterprise PKSFX installation files. Depending on the version of the software you are installing, the digital certificate may have expired. Don't worry, the signature on these files remains valid and the software remains fully operational. This message just reports that the certificate used to sign the software when it was first released is now expired and will no longer be used for new digital signatures. This only occurs if you are installing an older version of the software that was signed during the valid signing period for the certificate. We would recommend checking our Product Updates page for newer versions to ensure you have access to the latest programs and features. You can continue to install and use the software if the installation reports the "Certificate is expired" warning. To continue with the installation, just press Okay to continue.


  Why do file names appear as 12 when viewing an OpenPGP file with SecureZIP?

This problem is likely due to a documented problem with the GPG4WIN software that most likely was used to create the encrypted file. We recommend asking the sender of this file to either obtain a newer version of the GPG4WIN software, or to use SecureZIP instead.


  Will PKWARE support Windows XP SP3 after April 8, 2014?

Having taken our best efforts to continue supporting our products on this platform we have determined that support for Windows XP is no longer possible. Version 14.4 and later from PKWARE are no longer supported on Windows XP.


  Will PKWARE support Microsoft Office 2003 after April 8, 2014?

Microsoft has announced the end of extended support for Office 2003 will take effect on April 8, 2014. At that time, PKWARE will not discontinue support for this Office version. However, our ability to provide continued support for this platform may be significantly reduced with no further support available from Microsoft. We will take our best efforts to continue supporting our products on this platform for the foreseeable future, but the availability of continued Quality Assurance testing, fixes and product enhancements may be limited.


  What happened to the conventional UI in PKZIP / SecureZIP for Windows?

With the V14.2 release support for the older style conventional Windows interface has been discontinued. The Fluent (or Ribbon-style) interface is now the only UI supported for the Windows Desktop. With this change, the menu option to change between interface styles is no longer provided.


  I am using a current version of PKZIP / SecureZIP, what versions of Microsoft Windows are supported?

PKZIP / SecureZIP V14 is supported on Windows XP SP3 through Windows 10.


  I am using an older PKZIP / SecureZip version, which versions of Microsoft Windows can I use?

We have fully tested SecureZIP and PKZIP v11 and 12.x on Windows Vista and v12.4 and later on Windows 7. and both programs are fully compatible and supported.When installing or using earlier versions of PKZIP / SecureZIP on Vista or Windows 7, be aware of the following known limitations:You may need to log in as Administrator to install the application.File associations for ZIP and other file types may need to be set as an administrative user.You may need to resize the column widths for certificate lists displayed on the passphrase / recipient selection dialog.Dialogs may not display full graphics capabilities under Windows Aero.You will be unable to use the diskette format and wiping feature of PKZIP / SecureZIP.


  Does SecureZIP / PKZIP for Windows Desktop support Office 2007? 2010?

Yes. PKWARE products are tightly integrated with Microsoft Office to provide compression and encryption of email messages and attachments. PKWARE products are typically able to auto-detect Microsoft Outlook to install the appropriate options.


  I have SecureZIP v10 or earlier. When I try to open a Microsoft Office file, I see a SecureZIP window. What's going on?

You likely have a document or spreadsheet created with Office 2007 or later. These Office files have the .docx or .xslx extension, and are zipped XML files. SecureZIP will attempt to "unzip" the file, and generate the error. Right click on the file and choose Open With to open the file in the appropriate Office application.


  I have Microsoft Office 2002 or 2003. When I open an archive with a single Word document or Excel spreadsheet, I get an 'The file is not in a recognizable format' error message. What's wrong?

You likely have a document or spreadsheet created with Office 2007. You will need to reinstall the Office 2007 Compatibility Pack. See http: / / support.microsoft.com / kb / 924074 for more information.


  In Outlook, I see the warning "A program is trying to access e-mail addresses you have stored in Outlook. Do you want to allow this?"

You will see this message from a number of applications you may run if you have not configured third party application DLL's as trusted. This dialog is automatically displayed by Outlook in order to better protect systems from the spread of e-mail-bourne viruses. Microsoft has implemented this protection to prevent unauthorized access to your address book. This dialog may appear on systems running Outlook 2003, Outlook 2002 and Outlook 2000 with SP2. It is reported most commonly on Outlook 2002 / XP with SP3. It can also appear on versions of Outlook earlier than 2000 and on Windows 98 if you have installed the Outlook E-mail Security Update.When this dialog appears, it is to inform you that an application program is trying to access your address book. You must confirm this access is allowed in order for the application to proceed. You can configure your system to trust applications you use frequently to avoid repeatedly seeing this dialog for those applications authorized to run on your machine.This dialog may appear when using SecureZIP within Outlook to encrypt and send message attachments if you have not configured SecureZIP as a trusted application. To establish SecureZIP as a trusted application, you must configure the PKWARE Outlook integration DLL PKOutAdd.DLL within your Outlook Security Settings folder.Microsoft provides detailed instructions for establishing the Outlook Security Settings folder. Please reference the Microsoft Knowledge Base article OL2000: Administrator Information About the Outlook E-mail Security Update ( http: / / support.microsoft.com / ?kbid=263297 ) for information on administering your Outlook security settings.


  When trying to install my enterprise software, I receive a pop-up box stating "Certificate has Expired."

This indicates the PKWARE Software Publisher Certificate used to sign the installation package has expired. To ensure the integrity of all software delivered to customers, PKWARE digitally signs all installers to provide assurance that they come from PKWARE and can be trusted. This message indicates the certificate use by PKWARE has expired. This expiration means that PKWAREs current certificate will no longer be used to sign new software packages we provide in the future. It does not mean there is any problem with the installer you received, and the signature it contains remains valid. PKWARE is already using a new certificate for new installers. Please note - this notice does not prevent the software from installing, and DOES NOT impact the operation of the software. Affected installers of our current products for v12.51 have been updated to use PKWAREs current certificate.To view a detailed explanation of this issue, click here .


  I just installed a new digital certificate and PKZIP / SecureZIP now starts slowly?

PKZIP / SecureZIP startup time may be affected by attributes within your digital certificate. If you received your certificate from a CA that includes settings for Authority Information Access, your system may be checking online with your CA for information of certificate status, or for confirmation of the CA's signing certificate. These checks may take time and can be even more adversely affected if your network environment prohibits such checks. Determine if your online access is allowed. If your certificate includes an Access Method of On-line Certificate Status Protocol, you can disable CRL checking within your SecureZIP options. This will instruct SecureZIP to specify not to check online. If your certificate includes an Access Method of Certification Authority Issuer, then try installing the CA signing certificate(s) into your local certificate store.


  Do Policy Manager and SecureZIP need to be installed onto the same machine?

No, You can install and use the Policy Manager on a system that is not running SecureZIP / PKZIP and if you are not the Policy Administrator you most likely do not want them on the same machine. SecureZIP only needs access to the Policy file (.szp) and the registry entries created using policy.


  Why doesn't the PKSFX option appear in Policy Manager?

If you have installed the Policy Manager onto a machine that is not running SecureZIP, the PKSFX option will not appear unless this machine has a copy of the PKSFX.DAT file that is installed only with SecureZIP. To manage PKSFX options using policy you will need to copy this file to your machine running the Policy Manager.


  Why does PKZIP / SecureZIP not check for new software versions?

The default operation of PKZIP / SecureZIP for Windows Desktop is to check for new versions weekly. Whether to check or not is determined each time a program component starts up. This can occur when the standalone UI starts, or when integrated components such as PKTray, Explorer, or Outlook start. If you find this does not occur, first check if you have the Check for Updates option enabled in the General settings under Miscellaneous options. This option may be disabled by policy on your system. Versions 12.0 and later may fail to enable this check even if configured in options. To resolve this condition, open the General tab under Miscellaneous options, change any setting and save the options settings. If the option you changed is not one you want preserved, set it back to it's prior setting and save the options again. If enabled, this check should now occur at the configured frequency.


  Why won't 7zip and other programs open my ZIP file?

ZIP is the most interoperable compressed file format in the industry. This format is used in countless applications and is copied by countless ZIP compatible programs. The specification for ZIP files is published so all developers can create compatible ZIP files. Compatibility is important to ensure your files can be opened by anyone you send them too. Unfortunately, many developers that claim to be ZIP-compatible often fail to implement support for all of the features supported by this format. 7zip and others, have failed to provide full interoperability for ZIP files and many features of ZIP such as some compression and security methods as well as split ZIP archive support are not provided. PKZIP / SecureZIP by PKWARE supports all capabilities to ensure full interoperability of zipped data.


  Does PKZIP / SecureZIP open PKARC files?

No. PKARC is a program originally developed by PKWARE. This software has not been developed or supported for over 20 years.; There have been links available on the internet that still pointed to some old versions of this software and we understand some archiving programs may still support this format. We are not aware of any programs that include this capability that will run on 64-bit Windows. Some additional information on this format can be found at http: / / fileformats.archiveteam.org / wiki / ARC_%28compression_format%29. You may also want to look into 16-bit emulators that may allow you to run 16-bit applications under 64 bit Windows. One option we have heard of is called DOSbox which allows users to run vintage computer games from the same era as PKARC.

Basics of Zipping and Unzipping with PKZIP and SecureZIP

  Why am I experiencing unexpected behavior when using e-mail integration with certificate-based encryption?

PKWARE has identified a compatibility issue that may affect customers using SecureZIP v8.0 and newer that have also installed a Microsoft Security Patch for Outlook 2003 (KB2293428).Customers installing a Microsoft security patch for an Outlook 2003 issue that is described in Microsoft Security Bulletin MS10-064 may experience problems automatically sending encrypted messages using SecureZIPs Outlook integration feature. Further, some customers may experience messages sent without encryption.Microsoft has documented information about this Outlook 2003 security issue in the Knowledge Base article found here: http: / / support.microsoft.com / kb / 2293428 . A problem has been acknowledged by Microsoft with this patch and has indicated it affects multiple vendors, including PKWARE. Specific information on the problem resulting from installing the KB2293428 patch is outlined in a subsequent Knowledge Base article referenced as KB2445403. Customers are advised to contact Microsoft Product Support referencing KB2445403 for additional information and availability of a cumulative patch. Information on how this compatibility issue may affect SecureZIP use and details on a documented work-around is available from PKWARE at https: / / www.pkware.com / documents / Eloqua / TechnicalAdvisoryOutlook2003Patch.pdf . Customers applying a cumulative Outlook 2003 patch for KB2445403 from Microsoft do not need to consider this work-around. Please contact PKWARE Product Support for information or assistance with this problem. You can contact us on the web at https: / / www.pkware.com / support / desktop .


  How do I create a .ZIP file with PKZIP for Windows?

There are several ways to create a .ZIP file in PKZIP or SecureZIP, including:Using the Create New Archive wizard;Using the drag and drop method;Using the Add Files dialog; orUsing the right-click context menu on one or more selected files in Windows Explorer.All of these methods are explained in the help section on zipping files.


  How do I use PKZIP for Windows to compress a folder and all subfolders?

The simplest way to compress a folder and all its subfolders is to select the folder in Windows Explorer and drag it into the main PKZIP window. Alternatively, you can zip folders and subfolders from the Add Files dialog. In the Compression Options dialog, first set the options Include subfolders and Save folder name: Relative path. See the help section for information on other settings you can make in the Compression Options dialog.


  How do I unzip (extract) a file from a .ZIP archive?

There are several ways to extract a file from a .ZIP in PKZIP, including:Using the Extract from Archive wizard;Double-clicking on an archive;Using the PKZIP Open dialog; orUsing the right-click context menu on a selected file in Windows Explorer.


  How do I add multiple files to an archive at the same time?

You can add multiple files to an archive in all the same ways that you add single files, including:Using the Create New Archive wizard or the Update Existing Archive wizard;Using the drag and drop method;Using the Add Files dialog; orUsing the right-click context menu on one or more selected files in Windows Explorer.


  How do I select files in different folders to compress?

There are two ways to have PKZIP add files from multiple folders in a single operation:In the Add Files dialog, build a list of files selected from different folders. You select files to add to a list in the same way that you select files to add to an archive; but, when you add files from a list, PKZIP waits until the list is complete and then adds all the files in one operation. See the help topic: Add Files from a List.Turn off Auto-Save and add files with drag and drop. The Auto-Save feature will save an archive automatically anytime you change the archives contents by adding or deleting files. When the feature is turned on (as it is by default), you do not need to manually save an archive each time after you change it. If you want to make several changes to an archive for example, add several different sets of selected files you can turn off Auto-Save so that PKZIP runs in delay-save mode. To turn off Auto-Save, right-click an empty area in the middle of the PKZIP main window and uncheck Auto-Save in the context menu. When Auto-Save is turned off, PKZIP creates an internal list of any changes you specify, but does not make the changes until you manually save the archive (or turn Auto-Save back on). Until then, PKZIP highlights names of files that you add, update, or delete in boldface and flags the files with special icons. When you save the archive, all of your changes are made in one operation.


  My network firewall won't allow files with a .ZIP extension to be attached to email messages. Is there something I can do in PKZIP / SecureZIP?

PKZIP and SecureZIP v12.5 allows you to define a three-letter extension for your ZIP archives, either as a default (in Mail Options) or in individual email messages. See the help topic: Using Alternate ZIP Extensions.


  How does PKZIP and SecureZIP for Windows compare to WinZip?

WinZip is not a PKWARE product. PKWARE invented and continues to innovate and evolve the standard for ZIP data compression. Similarly, we invented and set the standard for SecureZIP. For more information on PKZIP and SecureZIP for Windows, please visit PKWARE Products .


  How can I use PKZIP / SecureZIP to scan my .ZIP files for viruses?

If you have a virus scanning program, and you turn on virus scanning in PKZIP or SecureZIP, your virus scanner will scan for viruses in the folders to which you have just extracted files. You can configure and turn on virus scanning from the Virus Scan tab of Security Options.You can also have PKZIP / SecureZIP scan the files in an archive for viruses. (Again, you must first have configured a virus scanner.) To scan an archive for viruses, open the archive and choose Virus Scan from the Actions menu (using the Conventional interface), or go to the Extraction tab and check the "Scan for Viruses..." box. PKZIP extracts the files to a temporary location, launches your configured virus scanner to scan them, and deletes the temporary files afterward.


  What is a split archive? How do I create a split archive?

A split archive is a .ZIP file that is broken into smaller segments. A split archive is useful if you plan to place the file onto removable media later or want to send a large archive as an email attachment and your mail system has restrictions on the size of attachments.You can split an archive when you save it. In the Save As dialog, set the Split size control to the size segment that you want.


  Whenever I use Microsoft Outlook to send an attachment, SecureZIP automatically compresses it. How can I turn off or disable that feature?

If you do not want to use SecureZIP to zip attachments in Outlook, click the ZIP files toolbar button in the new message window so that the button is not selected. Alternatively, you can single-click the SecureZIP tool tray icon. An x will appear on the icon to indicate that SecureZIP Attachments is disabled.


  I lost my license key. How can I find out what it is?

When the product asks for your license key, enter the serial number from the confirmation email you received when you purchased the software. You can also find that key in your packing slip (if you received a physical copy) or in the Online Store Help section.


  Can I create self-extracting archives on the command line with PKZIP or SecureZIP Windows Desktop?

The license for PKSFX is good only for the Windows Desktop graphical interface. You cannot create self-extracting archives from the Windows command line interface. If you need to create self-extracting archives on the command line, consider PKZIP or SecureZIP for Windows Server.


  What are the current file size and number limitations in PKZIP and SecureZIP?

Currently PKZIP and SecureZIP has been tested with over 500,000 files in a single archive and our total file size limit to compress is 18 petabytes.


  When does PKZIP / SecureZIP create temporary files? Can someone who accesses my temporary file read my data?

There are several operations for which PKZIP and SecureZIP creates temporary files:Opening and editing archived files without first extracting them: When you double-click a file in an archive to open it in its associated application, SecureZIP creates a temporary copy of the archived file for you to work on. This file is uncompressed and unencrypted while you are working on it.Updating an archive: When you update an archive, SecureZIP first creates and updates a temporary copy of the archive. When the update is completed, the original archive is replaced with the updated copy. Data in the temporary file is encrypted if it was encrypted in the archive you are updating. Similarly with new or updated files for the archive: they are encrypted in the temporary file if they are to be encrypted in the updated archive.Creating a spanned archive: A temporary file is created to span an archive in segments across multiple discs or other media. Data in the temporary file is encrypted if it is to be encrypted in the final archive.


  How can I preserve the correct "last modified" date on files I unzip using PKZIP and SecureZIP?

This date should restore by default when you unzip files. However, if you downloaded your .ZIP file from another computer Windows may have file blocking set for the file. This will prevent the original time and date information from being preserved when unzipped. To correct this open File Properties for the .ZIP file within Windows. Choose "unblock".

Security, Encryption, and Digital Certificates

  Does SecureZIP for Windows Desktop Enterprise Edition still include a digital certificate?

No, As of January 1, 2015, digital certificates are no longer included with the purchase of SecureZIP Enterprise Edition. Renewals of existing digital certificates will continue through 12 / 31 / 2015.


  Can I use a contingency key with OpenPGP encrypted files?

Yes, SecureZIP Enterprise Edition supports using OpenPGP keys as policy-enforced contingency keys when creating OpenPGP encrypted files. Only OpenPGP keys can be used for encrypting OpenPGP files. Both X.509 and OpenPGP keys can be used when creating encrypted .ZIP files. When using OpenPGP keys as contingency keys, make sure you are using SecureZIP version 14.20.0015 or newer.


  Can I use OpenPGP keys with .ZIP file encryption?

Yes, ZIP file encryption can use either X.509 digital certificates, OpenPGP keys, or both at the same time. Signing operations on ZIP files cannot use OpenPGP keys. You can configure an OpenPGP key as a Contingency Key within an PKWARE Policy File.Recent version of the GnuPG program creates OpenPGP keys in a new format called keybox. This format is currently not support by most OpenPGP programs and PKZIP / SecureZIP do not use keys from an GnuPG keybox. To enable use of a key with PKZIP / SecureZIP, convert the key to a standard OpenPGP keyring before using it.


  Why does my encrypted .ZIP file open without asking for my password?

SecureZIP will encrypt files using either a password / passphrase, a public key, or both. If you have a digital certificate configured for use with SecureZIP and it is used when you encrypt a file, the protected private key will be used to automatically decrypt the file. You would only be asked for a password if your private key is not present, or if your private key requires a password to allow it to be used.


  Why does my new digital certificate signed using SHA2 appear as invalid or not trusted when using SecureZIP?

There is a documented issue with using certificates signed using SHA2 if you are using Microsoft Windows 2003 R2 or a 64-bit version of Windows XP. You will need to obtain and apply a Hotfix from Microsoft to resolve this problem. Additional information on this issue is available directly from Microsoft using the following URL, http: / / support.microsoft.com / default.aspx?scid=kb;EN-US;938397 . PartnerLink customers providing new Software Distribution Packages (SDP) to their partners should inform them to obtain and apply this Hotfix from Microsoft if they will be using SHA2-signed certificates on the affected platforms.


  What is a digital certificate?

A digital certificate identifies you to others when you are sending or receiving encrypted or digitally signed ZIP files. A digital certificate provides an alternative to using a passphrase when securing data. Using a passphrase is easy, but it is difficult to safely exchange a passphrase, and even more difficult to remember it over time. Digital certificates provide stronger protection and eliminate difficulties associated with using a passphrase to send files securely across the Internet.A digital certificate consists of a private key and a public key. Your private key is something which you hold securely and use to decrypt ZIP files or to digitally sign ZIP files for authentication purposes. Your public key is given to others that need to encrypt ZIP files that you are allowed to open. When you send a file encrypted with your digital certificate (using your private key), the recipient can only open the files if they provide the public key that corresponds to the digital certificate used for encryption. View the SecureZIP tutorial for more information on using digital certificates .


  My SecureZIP digital certificate is about to expire. How do I renew it?

Note, new SecureZIP purchases will no longer include a SecureZIP Digital Certificate as of January 1, 2015. A Comodo / PKWARE digital certificate is valid for one year from the date you received it. Each year, you should renew your certificate to ensure the integrity of the certificate you use. Customers renewing digital certificates obtained using SecureZIP must have a current maintenance agreement. Each year a new certificate is issued to you as a means of confirming you remain the authorized user of the certificate issued in your name. This provides assurances to those people receiving signed ZIP files from you that you are who you say you are.Approximately two weeks before your certificate expires, SecureZIP will display a reminder prompt informing you that the certificate you are using is about to expire. SecureZIP will report this for your SecureZIP certificate as well as for certificates you may have received from other vendors.If your certificate is from a vendor other than PKWARE, contact that vendor for instructions on how to renew that certificate. If your certificate is issued from PKWARE, then the renewal process is as follows: At this time, your SecureZIP certificate can be renewed at no cost. In addition to the SecureZIP reminder notice, you will also receive an email from PKWARE Certificate Services. To ensure you receive this email, we suggest you do not block incoming messages from PKWARE. This email will provide instructions on how to start your certificate renewal.The email you receive will prompt you to select the Get a Digital Certificate option from the SecureZIP Help menu. (This option is normally disabled, but is automatically enabled when it is time to renew your SecureZIP certificate. We suggest you do not choose this option until you have received the renewal notification from PKWARE Certificate Services.)Once you have selected to get a new digital certificate, the PKWARE certificate delivery system will be activated to issue a new certificate for your email address. Note: If you choose the Get a Digital Certificate option before you receive your email renewal notice, you may receive an error message from SecureZIP that a digital certificate is already issued for your email address.


  After my certificate expires, can I still decrypt my ZIP files?

Yes. In fact, you should retain your expired digital certificate for as long as you anticipate you will need to decrypt data that was encrypted for that certificate. When you receive a new certificate through a renewal process, it will not open data you have encrypted with your expired certificate. You should always retain each certificate to ensure you can always open all of your encrypted ZIP files.


  How can I backup my digital certificates and their private keys so I can restore them if I need to repair or replace my computer?

You should make a backup copy of both your old and new digital certificates and store them in a safe place. If you ever lose a certificate, or repair or replace your computer, you will need to restore your certificates from your backup media. SecureZIP cannot recover your digital certificates and PKWARE cannot recover encrypted data if you no longer have your certificate.Unless you are using an advanced method of digital certificate storage, such as a USB token or a Smart Card, your digital certificates and their corresponding private keys are protected within the Windows Certificate Store located within the Windows registry. Make sure you backup your certificates along with other critical system files you save for recovery purposes. SecureZIP can be used to save each of your certificates to a passphrase protected file which you can then copy to removable media for storage. Click here for information on making a backup copy of your digital certificate using SecureZIP.


  What is the SecureZIP Global Directory?

The SecureZIP Global Directory is a certificate directory service provided by PKWARE for SecureZIP users. Its purpose is to publish public keys used for encrypting ZIP files you send to other SecureZIP users. The SecureZIP Global Directory is similar to an address book which can be used to look up your public key; this makes it easier for others to send you encrypted ZIP files without requiring you to manually send each person a copy of your public key. When you send a file or message encrypted with a digital certificate to another SecureZIP user, the recipient's copy of SecureZIP will automatically search for public keys in the SecureZIP Global Directory to decrypt the item.When you receive your SecureZIP digital certificate, a copy of your public key is automatically placed into the SecureZIP Global Directory so you can immediately being to exchange secure ZIP files with others. If you have a digital certificate that you did not receive as a SecureZIP user (one that may be from another certificate provider), you can upload your certificates public key to the SecureZIP Global Directory by visiting http: / / directory.comodo.com . You should never place more than one certificate for the same email address into the SecureZIP Global Directory. The SecureZIP Global Directory will not accept private keys or certificates from private certificate authorities.


  Can PKZIP / SecureZIP use OpenPGP keys from LDAP?

No, OpenPGP keys can only be read from OpenPGP keyrings, not from LDAP.


  My digital certificate and private key have been lost or stolen. How do I revoke it?

Revoking your certificate ensures that the issuing provider publishes your certificate with a no longer trusted status. This will ensure that if someone other then you has your private key, they cannot successfully impersonate you when sending ZIP files to others. If you received your digital certificate from a source other than SecureZIP, you should immediately contact your certificate authority for instructions on how to have your certificate revoked.If you received your certificate from SecureZIP, you should immediately contact PKWARE Technical support and inform them that you need to have your certificate revoked. You will need to send an email from the email address for which the certificate was issued and provide them with the email verification code that you received from PKWARE when your certificate was received.If you are using a purchased copy of SecureZIP, PKWARE will then initiate the revocation process for your certificate. If you are using a free version of SecureZIP, PKWARE will initiate the revocation process, but then ask you to directly contact Comodo, the certificate authority that signs all SecureZIP certificates. You will need to provide them with information about your certificate and email address. PKWARE will provide Comodos contact information.


  Can I use certificates stored in my hardware security module (HSM)?

Yes. SecureZIP / PKZIP will use private keys for X.509 digital certificates from leading HSM vendors (examples include SafeNet and Thales). If your HSM provides a standard Microsoft CAPI or CNG interface to access keys, SecureZIP will use it. You will need to ensure the appropriate Cryptographic Security Provider from your HSM vendor is installed and appropriate key access permissions and / or registration steps for yours key are performed. Contact your HSM vendor for details on providing applications access to keys stored in HSM's.


  What does "Persona Not Validated" mean in my new digital certificate?

Some certificate providers no longer include a user specified name for certificates purchased online as "email" certificates. One example is Symantec. They will place the string "Persona Not Validated" into the Common Name (CN) field of the certificates they issue online. Contact your certificate provider if you need to obtain a certificate that includes a user name. They can provide information about the types of certificate offerings they provide that will allow a user name to be included in the certificate they issue to you. Alternative certificate providers such as Comodo still provide CN values. A suggestion to assign a "friendly name" value to this certificate can help when viewing this certificate within SecureZIP.


  I forgot the passphrase for my .zip file(s). What do I do?

PKWARE solutions utilize strong encryption so there is nothing that can be done if you lose or forget your passphrase. It is important to remember your passphrase as PKWARE has no special means for getting around the encryption and may not be able to assist in the recovery of an encrypted file.To avoid problems with forgetting passphrases, it is recommended that files be encrypted using a digital certificate. A digital certificate provides a digital ID that can be used to encrypt and decrypt files without having to remember a passphrase used for each ZIP file.


  When trying to retrieve a digital certificate using SecureZIP I get the error message, The CSR uses an unsupported key size.

This message will appear if you are using versions of SecureZIP prior to v12.51 which created digital certificates having key sizes of 1024 bits. Recent industry best practices recommend moving from certificates of 1024 bits to certificates of 2048 bits. Comodo has implemented support for this new key size for all certificates issued using SecureZIP. In SecureZIP v12.51 PKWARE has updated the certificate wizard to create certificate requests (a CSR) to reflect this change. If you have an older version installed, you will need to upgrade to v12.51 which is located on our website at https: / / www.pkware.com / support / desktop / updates / on the 12.5 downloads tab. If you do not have current maintenance that will allow for free upgrades, you can go to our online store to get product and pricing information: https: / / www.pkware.com / store / securezip / windows / enterprise


  My Windows Server certificate policy supports only CNG certificates. Can I use these with SecureZIP?

Using Windows Server as your Certificate Authority (CA) provides policy settings to create certificates using only CNG (Cryptography Next Generation) compatible digital certificates. This certificate type currently is not compatible with SecureZIP which uses the standard Microsoft Cryptographic API (CAPI) for storing certificates. You can configure your CA to support both CNG and CAPI stores. You will need to check with your certificate administrator to enable this setting on your CA. In this case your CNG / CAPI certificate should be accessible using SecureZIP. Alternatively, make sure your certificate policy supports certificates created using Microsoft Strong or Enhanced Cryptographic Server Providers rather than CNG.


  How does SecureZIP shred (wipe) my files?

When the shred option is configured, SecureZIP will overwrite files using the algorithm selected in SecureZIP options. This operation will repeatedly write data over each byte of your file until no trace of the file information remains on the media. SecureZIP can shred temporary files it creates during SecureZIP actions and it can shred an original file placed into a ZIP file when requested to "Delete original files". Note, shred operations cannot be performed on files that reside on network storage. Similarly, solid state drives (SSD) do not ensure data overwrite and may not allow complete physical removal of all file data.


  Why does a decrypted OpenPGP file from SecureZIP have more information than the original file when opened using GnuPG?

SecureZIP versions 14.0 and 14.1 automatically encrypt files into a format called OpenPGP ZIP. Much like a PKWARE ZIP file, this format allows storing multiple files into a single encrypted OpenPGP file. Before encryption the files are wrapped into a TAR archive. SecureZIP and some other OpenPGP programs automatically unwrap the TAR file restoring all original files. Some OpenPGP programs however do not include TAR support leaving the decrypted file with the unprocessed TAR wrapper. When this occurs you can add a .tar file extension to the decrypted file and then open it using any TAR program, or avoid this extra step by using SecureZIP. SecureZIP versions 14.2 and later will only apply this TAR wrapper when multiple files are selected for encryption using OpenPGP. Single files will not be wrapped in TAR and should automatically open using any OpenPGP program.


  When displaying configured OpenPGP contingency keys during an encryption operation, SecureZIP shows the wrong count?

SecureZIP versions 14.0 and 14.1 will display the wrong count of contingency keys applied if your policy file includes both OpenPGP and X.509 contingency keys. This is a display error only and the correct contingency keys are applied to your files. This issue is corrected in SecureZIP V14.2.


  Why does my OpenPGP key show an expiration date of 1 / 18 / 2038 when configured as a contingency key?

If your contingency key was created with no expiration date, SecureZIP will display the value 1 / 18 / 2038 in the Expiration field for this key. We anticipate a future release will simply show no expiration date value for this key.


  Why do I see more frequent password prompts when using OpenPGP files with SecureZIP?

OpenPGP files use a different storage format than ZIP files. Some information about the files inside ZIP files can be displayed within the user interface without requiring a decryption key. When working with OpenPGP files, no information can be accessed without using a decryption key. Each encryption or decryption operation on an OpenPGP file requires access to a key. To avoid security gaps, these keys are not stored within computer memory beyond the instant during which they are used. This means operations to create an OpenPGP file can be followed by viewing that file immediately within SecureZIP. To avoid caching a password in memory, SecureZIP will currently require entry of a password when the OpenPGP file is created, and again as it is opened to view immediately after it has been saved within the program.


  When trying to request or renew a digital certificate with SecureZIP for Windows Standard Edition, I see the message "A certificate is not available for the current desktop configuration"?

Certificate requests and renewals using SecureZIP for Windows Standard Edition are no longer supported. Try to obtain a free digital certificate from available certificate services. One example is www.comodo.com / home / email-security / free-email-certificate.php.

US Government Security

  How do I enable SecureZIP to operate in FIPS 140 mode?

SecureZIP does not operate in FIPS 140 mode by default. To enable this mode, choose SecureZIP Options and select Security-General. Select the setting for Encryption Algorithms to Use FIPS 140 mode. Use SecureZIP Enterprise to lock this setting using policy manager.


  Is it sufficient to just enable the "Use FIPS compliant algorithms" setting under Windows System Cryptography policy settings?

No, and we strongly recommend this Windows policy setting not be used when trying to achieve FIPS compliance. Turning on this setting is often cited as leaving user systems completely unusable. Customers frequently report they must immediately disable this setting because of the disruption it causes. Common examples are applications cease to run, network connectivity may fail, and many websites become unreachable. PKWARE provides a FIPS MODE setting that ensures the use of FIPS 140-2 validated cryptography and that does not require using this Windows setting. FIPS 140-2 validated cryptography is used only within SecureZIP and does not adversely affect any other system functions.


  Is SecureZIP compliant with the Federal Desktop Core Configuration (FDCC)?

SecureZIP has been tested using the National Institute of Standards and Technology (NIST) FDCC test images for Windows XP and Windows Vista. SecureZIP operates correctly on FDCC configured desktops.


  What is happening with FIPS 140 and hashing algorithms in 2010, and what does it mean for my SecureZIP archives?

SHA-1 is scheduled to be deprecated by NIST as FIPS-compatible after 2010. SecureZIP v12.5 in FIPS mode will not sign files or central directories using the SHA-1 hashing algorithm.


  Can I still use my SecureZIP certificates after 2010 and be FIPS-compliant?

Yes, existing certificates using the SHA-1 algorithm will be valid until they expire.


  Is the FIPS 140 Encryption standard changing too?

NIST is also scheduled to deprecate 3DES-112 (also known as two key 3DES) after 2010. SecureZIP with FIPS mode turned on will not extract files encrypted with this algorithm. By default, SecureZIP uses the FIPS 140-compliant AES-256 algorithm.

The PKZIP / SecureZIP Fluent User Interface

  Is SecureZIP compliant with the Federal Desktop Core Configuration (FDCC)?

SecureZIP has been tested using the National Institute of Standards and Technology (NIST) FDCC test images for Windows XP and Windows Vista. SecureZIP operates correctly on FDCC configured desktops.

64-bit Windows

  How do I know if I have a 32-bit or 64-bit version of Windows?

Your computer manufacturer can tell you whether the processor is 32-bit or 64-bit. The System page in your Windows Control Panel should also tell you. This page can also help you identify the type of Windows operating system you have:http: / / support.microsoft.com / kb / 827218


  I am using SecureZIP on 64-bit Windows XP, Windows Vista or Windows 7, and SecureZIP is not available in the Windows Explorer context menu. Why?

If you are using a 64-bit version of Windows, we recommend installing the 64-bit version of PKZIP / SecureZIP (in version 12.4 and later) to make the most effective use of your Windows environment. If you are running Windows XP, we recommend you update to a newer version of Windows.SecureZIP v12.3 included a 64-bit Explorer shell integration module. To complete the setup for 64-bit Explorer integration, after installing SecureZIP v12.3, run the "Install 64-bit Explorer Integration" option from the SecureZIP entry on the Windows Start menu.SecureZIP versions 12.2 and earlier operate on 64-bit versions of Windows, but they do not integrate into the 64-bit version of the Windows Explorer. Run the 32-bit Explorer for this integration by selecting Run from the Windows Start menu. Enter %systemroot%\syswow64\explorer into the Open box and choose OK.


  I am using a 32-bit version of SecureZIP on a 64-bit version of Windows. How do I upgrade to the 64-bit version of SecureZIP?

SecureZIP v12.4 is the first release for 64-bit Windows. The 64-bit SecureZIP installer should uninstall any existing installation of SecureZIP v12.3 or earlier before installing v12.4. If you have already installed the 32-bit v12.3, you will need to uninstall the 64-bit Explorer Integration application manually before installing SecureZIP v12.4.


  Can I use the 32-bit version of PKZIP / SecureZIP on a 64-bit version of Windows?

Yes you can, however, the convenience of PKZIP / SecureZIP integration with the default Windows command line shell will not be available. If you are using a 64-bit version of Windows, we recommend installing the 64-bit version of PKZIP / SecureZIP to make the most effective use of your Windows environment.


  Can I use the 64-bit version of PKZIP / SecureZIP on a 32-bit version of Windows?

No, 64-bit PKZIP / SecureZIP will only install and run on a 64-bit version of Windows.


  Can I use PKZIP / SecureZIP with the 64-bit version of Microsoft Office 2010?

Yes, PKZIP / SecureZIP v12.5 Office Integration will work with both 32-bit and 64-bit Office applications.


  Are PKSFX files available in 64-bit versions?

You can create PKSFX files using the 64-bit versions of PKZIP / SecureZIP for Windows Desktop, however, only 32-bit PKSFX files are provided at this time. This ensures that PKSFX files you create will run on the widest range of target systems.

Compression Algorithms

  Will SecureZIP open ZIP files compressed using the LZMA compression algorithm?

SecureZIP v12.4 and later includes support for creating and opening ZIP files using the LZMA compression algorithm.


  Will SecureZIP open ZIP files compressed using the PPMd compression algorithm?

SecureZIP v12.4 and later includes support for creating and opening ZIP files using the PPMd compression algorithm.


  Will SecureZIP open ZIP files compressed using the WavPack compression algorithm?

SecureZIP v12.5 includes support for opening ZIP files using the WavPack compression algorithm.

Legacy Applications

  What happened to SecureZIP Express?

Thank you for your interest in SecureZIP Express. PKWARE offers our customers high quality products to help serve security and compression needs. SecureZIP Express has successfully provided a means for users to obtain the advanced security available through personal digital certificates and SecureZIP. We have discontinued the limited-time offer of SecureZIP Express as we focus on new initiatives in providing interoperable, easy-to-use security solutions.


  Can I keep using my copy of SecureZIP Express?

Yes, you may continue to use your installed copy of SecureZIP Express for as long as you choose.


  What if I need to re-install SecureZIP Express?

Support for re-installing SecureZIP Express was discontinued at the end of December, 2009.


  What can I use instead of SecureZIP Express?

If you are interested in a free ZIP utility for decrypting and decompressing ZIP archives you may consider our free ZIP Reader product by clicking here .Alternatively, if you would like the benefits of a full, licensed copy of SecureZIP, we encourage you to try the 30-day free Evaluation of SecureZIP for Windows Desktop by clicking here .


  Why does SecureZIP not work when I send a message using Outlook Express or Windows Mail?

SecureZIP v12.4 and later Office Integration does not support compressing or encrypting files with Outlook Express or Windows Mail, as Microsoft has discontinued these products.


  I installed PKZIP / SecureZIP and I see garbage when I try to run the program. Why?

Below is a screen shot of how the program may look, this is caused by a bad installation or a previous version not being removed properly. To correct this issue, go through Add / Remove programs and remove SecureZIP for Windows. After removing the program, make sure all folders and files are deleted. Then REBOOT the machine and re-install SecureZIP.


  Is SecureZIP affected by Daylight Savings Time?

All file times will remain true to the Operating System; there will be no effect to our product based on DST.


  Is PKWARE Authenticity Verification still available?

No, the Authenticity Verification feature of PKZIP programs has been discontinued for a number of years. This feature was originally provided to registered PKZIP for DOS users. It allowed them to embed an identifying string within their copy of PKZIP. When they created ZIP files this early form of a signature would be included within each ZIP file they create. It would then be verified on extraction to show the identity of the creator. SecureZIP offers a much stronger alternative to this capability through the digital signing feature. Digitally signing a .ZIP file using a users verified digital signature provides for authenticated identity reporting to the recipient and ensures the content of the ZIP file has not been altered. Digital signing is the recommended method to provide authenticity and identity verification to your .ZIP (and OpenPGP) files. A digital signature is applied to ZIP files using your X.509 digital certificate which can be obtained from certificate sources such as Symantec or Comodo. Other certificate sources can be used. A digital signature is applied to OpenPGP files using your RFC 4880-compliant OpenPGP key.

  • No labels