How to Zip and Encrypt in OSX

by

apple how to zip and encrypt files

Last week, I needed to email someone a document that had my social security number in it. Before the recent 25 million person breach of personally identifiable information (PII) I would have probably just emailed it without a second thought. But, with all the recent security news, I hesitated. How should I get this to them? Faxing was not an option, since my “fax” is just an email service, and my physical fax machine was recycled years ago. What I really wanted was to zip and encrypt the document on my Apple MacBook Air and then have then unzip and decrypt the document on their Windows PC. This worked flawlessly!

  1. Zip and encrypt:
    • Open a terminal window in OSX (Applications | Utilities | Terminal)
    • Move to the directory containing your file (e.g. cd Documents )
    • zip -e Test.zip mydoc.doc
    • Enter the password
    • Re-enter the same password
  2. Email the zipped file:
    • Open Finder
    • Navigate to the zipped file
    • Right-click the file | Share | Mail
    • Enter your recipient, subject, and text per usual

      Notice that you should never include the password in the same email with the encrypted zipped file. In my case, I called the recipient, and told them the password over the telephone. I also wanted to be certain that they were able to unzip the file successfully on their Windows PC, so I hung out on the phone until they received and decrypted the file.

  3. Unzip the file
    • Save the attachment
    • Double-click the zipped file
    • A popup will prompt for the password

This method is a quick and easy way of transferring PII information over email. But, keep in mind that you have no control over what the recipient does with your files+information once they receive them. If they double-click the attachment to view it, they may generate an temporary unencrypted version of the file that resides on their local machine for quite some time without their knowledge. If they unzip and save the unzipped version, they may keep a permanent unprotected copy of your information. If they unzip and then re-email the unprotected version using SMTP, which is normally sent in plain text, all your precautions could be wasted.