CZIP X offers a technology that can be described as “layered” because, while encrypting files, it is possible to enable more and more options that allow to reach increasing level of protection. These layers of protections are both mandatory – those directly enabled in software and not available to user – and optional – offered to user in form of options to the encryption action.
The following are the mandatory layers:
- Passphrase hashing through the SHAKE-256 algorithm
- Initialization vector based off a true crypto-random generator
- Flushing all variables used during the encryption process
- Usage of encryption algorithms as suggested by NIST
Optional layers, available to users as options are:
- Deletion or “wiping” of original files
The user can choose whether to delete original files after the encryption completes; as an additional layers, the user can opt-in for “Secure Deletion”: the original files will be filled with a random sequence of bytes for all their length and this process will repeat three times before actually deleting them. This technique (whose name is “wiping”) increase safety because doesn’t allow (or makes harder for) specialized forensics software products to recover the contents of those files.
- Creation of self-locking or self-deleting encrypted archives
When the user choose to make a self-locking/self-deleting archive, the encrypted archive will allow only three attempts to enter the correct passphrase. After the third error, the encrypted archive will lock automatically or will delete its contents. In the latter case, the contents will be just “wiped” (they will be replaced by random sequences of bytes for several times); the encrypted archive will still be available but it will be just an empty and useless box, and nobody – even The ZipGenius Team – could recover those data.
- Not shareable encrypted archives
An encrypted archive can be made “not shareable”: the archive will be encrypted in a way that it couldn’t be decrypted on any other device, despite the usage of the correct passphrase. Example: if you create an encrypted not shareable archive within an Android device, that file couldn’t be decrypted in other Android devices nor in other computers. The file could be decrypted only within the same device that produced it. As an additional layer, in multi-user environments like desktop operating systems could be, if John encrypts an archive within his account on Windows/macOS/Linux, then Mary won’t be allowed to decrypt it when she’s logged in the same computer and using her own credentials.
- One Time Decryption
An encrypted archive could be set to allow just one decryption task: when decryption succeeds, the contents of the encrypted archive will be wiped just as the same way as if it was set to be a self-deleting archive; the only difference will consist in not showing any warning prior to decryption but only after a successful decryption. WARNING: this option will override the archive type selection.
The user can get the maximum level of protection by activating all of the above options at once before beginning the encryption process.