What's New in SecureZIP® Server
SecureZIP Server contains the following changes and
new features, listed by release:
Version 14, Maintenance Release 4
This maintenance release is targeted at SecureZIP Server eBusiness Edition users. We also fixed numerous miscellaneous bugs. New eBusiness Edition features include:
- Enhanced Key Maker, including a new graphical interface allowing you to create and manage OpenPGP files.
- More support for McAfee eBusiness Server scripts. New OpenPGP and Legacy PGP modes support your existing "ebs" and "pgp" command switches.
Version 14, Maintenance Release 3
- SecureZIP Server eBusiness Edition. This new product provides additional functionality with OpenPGP keys and X.509 certificates, including allows you to generate and sign OpenPGP keys, convert X.509 certificates to OpenPGP keys, and convert OpenPGP keys to X.509 certificates.
- Organize recipients into groups. Create and configure groups of recipients (whether those recipients use OpenPGP or X.509 to identify themselves) to simplify sending encrypted files to such groups.
Version 14, Maintenance Release 2
- Single-file OpenPGP archives. When you create an
OpenPGP archive containing only a single file, SecureZIP now creates
a *.pgp file without wrapping the file in the TAR format first.
- Specify OpenPGP keyring files. When creating or
extracting OpenPGP files, custom keyring locations can now be
specified on the command line.
Version 14, Maintenance Release 1
- Improved LDAP authentication
support. LDAP connections can now be specified as SSL, and
the logged-in user's Windows credentials may be used without
specifying the actual user name and password.
- Improved support for long file
names in TAR archives. POSIX extensions now used for file
names with more than 255 characters.
- Improved support for handling OpenPGP files.
Creates ASCII Armor. Supports creating and reading comments included
with OpenPGP files. Supports opening OpenPGP files containing multiple
user IDs and multiple sub-keys.
- Create and Extract OpenPGP files. Some
organizations use encryption tools based on the OpenPGP standard,
rather than X.509. SecureZIP extracts and decrypts files that comply
with the OpenPGP standard, RFC 4880. SecureZIP can also create and
sign OpenPGP-compliant files. You can also use OpenPGP keys to encrypt
and decrypt data within ZIP archives.
- Message Digest Display. Display
hash value (also called a "message digest") and CRC checksum for a
file using the messagedigest command. This feature will help meet ONC
Meaningful Use requirements.
- Digital Time Stamping for signed
archives. When you need to establish not only who is
responsible for a file or set of files, but also when it was created,
digital time stamping is a critical service. With SecureZIP’s support
for digital time-stamping, you can add a timestamp to any signed
archive. SecureZIP will also verify existing time stamps.
- FastAES. Support for Intel®
processors that implement AES-NI. Other processors may also gain from
using a more optimized Advanced Encryption Standard algorithm. FastAES
is not available when using FIPS 140 mode.
- Extract 7-Zip files and CD/DVD Data
Image files. SecureZIP now extracts 7-Zip and three types of
files typically associated with CD and DVD data images: CDR, ISO, and
- Preserving Zone Identifier
information in downloaded files. When you download a file
from any other computer with Microsoft Internet Explorer, the browser
attaches “security zone” information about the computer hosting the
file in an alternate data stream. By default, SecureZIP now preserves
Version 12, Maintenance Release 5
- Include open files in ZIP archives. The OpenFile
option allows you to include files in memory in archives.
- Extract WavPack files within ZIP archives. Open
audio files compressed with this algorithm.
- Extract files from archives created on IBM z/OS using
hardware compression tools. PKZIP Server can extract these
files without special hardware.
- Changes in FIPS Mode. With FIPS mode selected,
files must be signed with the SHA-256 algorithm (or higher). Also will
not extract files encrypted with 112-bit (two-key) 3DES. These
algorithms are still available outside FIPS mode.
Version 12, Maintenance Release 4
- Support for Windows 7. Windows 7 users enjoy all
the benefits and functionality of SecureZIP.
- New installer for 64-bit systems. SecureZIP now
comes in a full 64-bit version for users of 64-bit Windows systems,
including Windows 7 and Windows 2008 Server.
- Full support for opening and extracting files with the .zipx
extension. SecureZIP will work with ZIP archives with the
- Improved retrieval of digital certificates from LDAP
providers. Re-designed LDAP query dialog makes entering an
LDAP query easier; status messages are reported better when a
Lightweight Directory Access Protocol (LDAP) query fails to return any
certificates. You can now retrieve digital signatures from Korean LDAP
- Version command updated. The version
command has a new product suboption and now lists
major, minor, and step version numbers of the program and
lists major and minor version numbers and the build number of the product.
- .Z archive extraction. SecureZIP Server can now
extract .Z archives.
- Extract path substitution. The substitution
option can now be used with extract to extract
multiple archives each into its own directory.
- LZMA and PPMd compression. New lzma
and ppmd options are added to support LZMA and PPMd
- New PKCertTool options. New options are added to
make it easier to view and select specific types of certificates.
- Options to support application integration. New stream
and rename options make it possible to stream data
to an archive from STDIN or special files such as named pipes and UNIX
sockets. Data can also be streamed to STDOUT or special files on
- ZDW extraction support. The translate
option has new suboptions for EBCDIC line-ending translation to
support extraction of mainframe data compressed using the SecureZIP
for z/OS Zip Descriptor Word (ZDW) option to preserve variable
- FIPS 140 compliant SFX engines. An SFX
(self-extracting) archive created in FIPS mode now remembers that it
is a FIPS SFX and applies FIPS-mode constraints when its files are
- Path performance improvements. The directories
option now does pattern-matching on file names in a way that's faster
and more consistent with releases prior to version 8.4. When
processing a file specification that includes a path component,
SecureZIP looks only within the specified folder for the pattern to
match. Versions 8.4 - 8.7 look for the entire file specification in
all subfolders of the current folder. To perform an 8.4-style search,
prefix the file specification with an asterisk "*".
Version 8 Maintenance Release 7
- FIPS mode option. A new fipsmode
option causes SecureZIP to use only FIPS-validated algorithms to
encrypt or decrypt files or to apply or authenticate signatures. FIPS is an abbreviation for Federal Information Processing Standards,
a set of standards for information processing in federal agencies.
- SHA-2 hashing algorithms. SecureZIP adds support
for SHA-2 hashing algorithms SHA-256, SHA-384 and SHA-512. Each is
stronger than the already supported SHA-1. Federal agencies are to
completely phase out use of SHA-1 after 2010 for digital signatures
- List hashing algorithms. A new ListHashAlgorithms
command lists hashing algorithms that SecureZIP can use on your system
to apply or authenticate signatures. Used with the fipsmode
option on, the command lists only FIPS-validated algorithms.
Version 8 Maintenance Release 6
- Preserve international characters in file names and
comments. A new utf8 option enables UTF-8
characters in file names and file comments to be correctly displayed
when an archive's contents are viewed or extracted in compatible
Version 8 Maintenance Release 5
- Streaming archive creation/extraction. The add
command can write archives to special files such as named pipes and
(UNIX) domain sockets. Similarly, the extract, test,
and view commands can read archives from these same
sources and from STDIN.
- Trusted extraction. A new verifySigner
option constrains PKZIP to extract only archives signed using a
certificate specified with the option. The option protects against
being fooled by a valid signature made using a different certificate
from the one that actually belongs to your expected correspondent.
- Embed a timestamp in archive names. A new substitution
option works with the add command to embed a
timestamp in the name of a new or updated archive. You construct the
timestamp using tokens for such elements as day, month, year. The
tokens are replaced by values when the command line is run.
- Wipe option renamed shred. The wipe
option for securely overwriting deleted files is renamed shred
and has a new dod5220 sub-option that overwrites files three
times, to the DOD 5220.22-M specification.
Version 8 Maintenance Release 4
- Contingency keys. An administrator can now
automatically include contingent recipient keys in the recipient list
whenever PKZIP does strong encryption. Such contingency keys
ensure that an organization does not lose access to its encrypted
data. Note: Users upgrading to the current version
of SecureZIP Server must get new license keys to activate the
contingency key feature.
- Create archives to STDOUT. The add
command can now output archives to STDOUT instead of to a file.
- Translate line endings when adding. The translate
option can now be used when adding to an archive as well as when
extracting, to translate line endings for a specified platform.
- Create multiple, respective archives. A new archiveeach
option creates and names a separate archive for each of multiple files
specified in a single command line.
- Behavior change for newer and older.
These options now behave as in version 6.0 when using a time unit of
days: They now measure the interval (for example, five days) from the
beginning of the current day (midnight) instead of from the current
- Behavior change for configuring silent option.
Configuring the silent option no longer produces an
interactive confirmation message. The change makes it easier to
configure silent in scripts.
- New silent suboption for configuration
command. The configuration command now
has a silent suboption to suppress default display
of the list of configuration settings when the command is used.
Version 8 Maintenance Release 3
- New crl option. Warns if a certificate appears on
an accessible list of revoked certificates.
- New strict option. Uses only certificates that are
valid and designated for the purpose at hand (encryption or signing).
- Listcertificates enhanced. The command now lists
certificates in a specified store.
- TAR file processing. Several problems with
processing TAR files corrected.
Version 8 Maintenance Release 1
- Bug fixes:
- PKZIP could not extract some archives containing
encrypted file names
- Problem with display of language strings could result
in incorrect message display or crash
- PKZIP tried to create an archive when -preview option
used with -add command
- Was possible to create self-extracting (SFX) archives
having smaller segments than target platform supported
- On Windows 98, the -log option could crash the
- SNMP traps. You can use a new snmpTrapHost
option to specify an SNMP host to receive SNMP traps. SecureZIP can
send traps to report application startup, shutdown, error and warning
conditions, or results of normal operations.
- Set execution priority. A new priority
option enables you to change the priority of execution of SecureZIP
relative to other applications.
- Date/time display format. New sub-options make the
locale option easier to configure and use.
- FTP integration. A new ftp option
transfers a new or existing archive to another system by FTP.
- E-mail integration. New mail…
options transfer a new or existing archive to other people by email.
- New options for self-extracting ZIP files. Several
new options—SFXDestination, SFXDirectories, SFXOverwrite, and
SFXUIType—give you more control over the type and behavior of
self-extracting (SFX) ZIP files you create. (Requires the optional
Enhanced Data Processing Module.)
- Antivirus integration. New avscan
and avargs options enable you to run an external
antivirus program when you extract files to scan for viruses in the
destination folder and its subfolders.
- Syslog integration. New options ErrorLog,
JobID, Log, and LogOptions
enable you to log records of warnings, errors, and normal operations
to STDOUT, STDERR, the native system logging facility (syslog) for
your platform, or to a file.
- Encrypt file names. A new cd
option can be used to encrypt file names in an archive. The option
strongly encrypts an archive's central directory, where file names and
virtually all other metadata about the archive is stored.
- Alternate configuration file. A new altconfig
option enables you to use an alternate configuration file for special
purposes. Specify the file in a command line to temporarily apply
special default command or option settings for the current command.
- Movearchive option. A new movearchive
option deletes unwanted intermediate archives when you encode an
archive to a different type—for example, a TAR archive to a GZIP
archive—or transfer an archive by FTP.
PKWARE, the PKWARE logo, PKZIP, PKUNZIP, PKSFX, PKLITE,
PKLITE Professional, SecureZIP, and PKWARE Data Compression Library are
registered trademarks of PKWARE, Inc. PKZFIND, PKZOOM, Deflate64,
EasySFX, AutoSFX, RegularSFX and ZIP2EXE are trademarks of PKWARE, Inc.
Microsoft, Outlook, Windows and Windows NT are registered trademarks or
trademarks of Microsoft Corporation. Trademarks of other companies
mentioned appear for identification purposes only and are property of
their respective companies.