Add Digital Signatures

A digital signature enables people who receive a file to authenticate that it comes from you and is unchanged since you signed it.

You can digitally sign files when you add them to a ZIP archive, and you can add signatures to files that are in an existing ZIP archive.

You can also digitally sign an entire archive. A signed ZIP archive can contain a mixture of signed and unsigned files. Signing an archive enables people who receive it to confirm that the archive as a whole is not changed. Signing only files in an archive enables people to confirm that the individual signed files are unchanged but does not guarantee that files have not been added or removed.

You must have a digital certificate to attach digital signatures.

To digitally sign files, or the archive itself, when adding files to an archive:

1.  Do one of the following to turn on signing:

1. • Select Sign button in the main window.

   • Check the Sign files box in the Add Files to an Archive dialog.

   • Check the Sign files box on either the ZIP page or the OpenPGP page of Security options, depending on whether you use OpenPGP.

2.  Add files to the archive.

The files are added using the settings in effect in the Security options. The settings you make here control, for instance, whether signatures are attached only to added files or to the archive itself. (To sign the archive, select the option to sign the central directory of the archive.)

Note: To apply a signature based on an OpenPGP certificate, make sure signing in OpenPGP is enabled. Create (or add files to) an archive, and save it as an OpenPGP file.

To add or remove a signature from a file already in an archive: Select just that one file and use the controls on the Digital Signatures tab of the Properties dialog.