Manage Signatures for an Archive

You can view information about an X.509 digital signature attached to an archive from the Digital Signatures tab of Archive Properties.

To access the Digital Signatures tab for an open archive: Right-click an empty space in the main window, choose Properties from the context menu, and select the Digital Signatures tab.

The Digital Signatures tab appears only with a ZIP archive and only if the archive itself is digitally signed.

You can sign an archive only when you create or update it. A new archive is signed if, when you create the archive, signing is turned on, and the option is set (on the Advanced Signing options on the ZIP page of Security options) to sign the central directory of the archive.

To turn on signing:

  • Select the Sign button in the Actions group or check one of the Sign files check boxes offered in various dialogs, such as the Security options page.

A signed ZIP archive can contain files that are signed or unsigned (or both). Signing an archive enables people who receive it to confirm that the archive as a whole is not changed. Signing only files in an archive enables people to confirm that the individual signed files are unchanged but leaves open the possibility that the archive has had files added or removed.

Digital Signature

The Digital Signature group displays information about the attached signature. It lists the name of the person who signed the archive, confirms that the content of the archive has not been altered since the archive was signed, and declares whether the certificate is valid.

You can view properties of the certificate used to sign the archive by clicking View Certificate. This button links to the Certificate Properties dialog.

PKWARE Authenticity Verification

If an archive contains PKWARE Authenticity Verification information, controls for working with it are displayed in a PKWARE Authenticity Verification group. This group displays information about the Authenticity Verification (AV) status of the archive. The View Details button displays any PKWARE AV Text attached with the PKWARE AV information.

Note: PKWARE AV is an older kind of authentication technology that has been superseded by authentication based on digital signatures. Support for reporting PKWARE AV information is provided only for compatibility with legacy versions of PKZIP and SecureZIP.