is a free cross-platform file archiver that provides an unified
portable GUI for many Open Source
technologies like 7-Zip, FreeArc, PAQ, UPX...
ARC, BZ2, GZ, *PAQ, PEA,
QUAD/BALZ, TAR, UPX, WIM, XZ, ZIP files
Open and extract
ARJ, CAB, DMG, ISO, LHA, RAR, UDF, ZIPX files and more...
includes extract, create and convert multiple
archives at once, create self-extracting archives, split/join files,
strong encryption with two factor authentication, encrypted password
manager, secure deletion, find duplicate files, calculate hashes,
export job definition as script.
FAQ / DATA SECURITY
> APPLY ENCRYPTION TO ARCHIVE
PeaZip is a free file archiver especially focused on security which
supports reading and writing (encryption and decryption) of many strong
optionally using two factor
authentication (password and keyfile) for increased security
against means like social engineering
or dictionary based attacks (that
can considerably reduce the effort of brute-forcing a textual password
Use of end-to-end
cryptography, in which sender and recipient are in
charge of encrypting and decrypting the encoded data, is strongly
each time data is sent to (or through) external servers, even if the
service is advertised implementing cryptography measures.
In example, creating encrypted mail
attachments (and to encrypt uploads to cloud services) preserve
data secrecy against any unauthorized access to user's private
information and data even in case the service is
compromised, either by successful attack, insider breach, or plain
change of policies granting access to unwanted subjects.
Cryptographic protocols supported by PeaZip for writing
(creating password protected archives) are:
PeaZip supports (read-only) decryption of ACE, and RAR archives.
7-Zip / p7zip
WinZip AE (Advanced
- ZipCrypto, for
legacy compatibility purpose only as the algorithm is considered weak
under today's standards
- FreeARC ARC format implementing
encryption scheme that supports AES256, AES contest finalists
Twofish256 and Serpent256 algorithms, and classic Blowfish algorithm
- PeaZip's native .pea file format,
supporting AES, Serpent and Twofish (128 and 256 bit) EAX-mode
authenticated encryption, enforcing
cryptographically strong data secrecy and verifiable autenticity
To password protect files within archives, chose an archive type
supporting encryption, as ZIP, 7Z, ARC, and PEA, add files to the
archive being created as explained in the FAQ page, then click on the
padlock icon to
set a password and optionally
a keyfile for the archive -
the icon is in the status bar in the file/archive browser, and under
the output file name in the archive creation interface.
provides an integrated utility to create
random keyfiles and
passwords sampling entropy from the system and from user's
interaction, Crtl+F9 or main applications' menu Tools > Create
random password / keyfile
PeaZip's password manager is
available from main menu, Tools > Password manager.
The password list file is saved in private user's path, allowing each
user to maintain a personal password manager containing different
passwords or passphrases not accessible to other standard users of the
Optionally, the user can decide to encrypt the password list with a
master password, making the passwor manager private even to
administrative accounts of the same machine, being the data file
unreadable until the correct password is provided.
archive types, like 7Z and ARC, support encrypting
added to the archive: in this case it will not even be
possible to see the list of archive's content, file and directory
names, without knowing the password.
ARC, ZIP, and ZIPX archives support file
level encryption, so each file
in an archive could have, if desired by the archive creator, a
factor authentication is not available for self-extracting archives
(which can be built with 7Z or ARC compression), because usage of
keyfile is not supported by available SFX modules - otherwise resulting
executables would be unable to exctract themselves. When a
self-extracting archive is created, only the password (if provided)
will be used for encrypting it, and only the password will be needed to
extract & decrypt it.
PeaZip supports optional two factor authentication for any
write-supported archive format (7Z, ARC, PEA, ZIP) using both a
password (the element you know) and a keyfile (the element you have) to
encrypt the content - it only needs to enter a keyfile in password
dialog when creating the archive.
If a keyfile is set for any
other format than PEA (which has its own way to use keyfile) the SHA256
hash of the file encoded in Base64 (RFC 4648) is prepended to the
password used to build the archive, using standard archive format
This simple password/keyfile combination scheme allows to retain read
compatibility with any other file archiver, even ones not supporting
keyfile parsing (or with different two factor authentication
passing the Base64-encoded SHA256 hash of the keyfile as the first part
of the password.
In "Advanced" tab of archive creation interface users can chose
encryption method to apply to the archive: by default the recommended
method will be displayed.
If a password is already set (i.e. because adding files to an already
encrypted existing archive) it will be reported to the user in the
archive creation interface.
External online resources: NIST
Information Technology Portal, Wikipedia
entry for encryption,
description of Rijndael/AES, Twofish, Serpent ciphers.
Topics and serach suggestions: create
encrypted files, NIST Advanced Encryption Standard, Rijndael/AES
EAX mode, Twofish encoding, Serpent algorithm,
apply cryptography, symmetric key block cipher, encode / encrypt files
Windows and Linux systems,
encrypted archives, encoded data, set encryption password protection
generator, password manager, open source strong encryption software,
archives, how to encode 7z files.