Most of us are familiar with PKZip – the most popular file archiving and compression tool used on Windows machines. It's easy to forget, though, that as well as compressing data, PKZip has always been able to protect data – initially using passwords, and more recently using more modern techniques such as PKI. SecureZip is the encryption-specific part of PKWare's armoury.
SecureZip ships in both client and server versions. The client version is a GUI-based Windows application that provides users with a stand-alone encryption and decryption facility (though it's clearly designed with corporate networks in mind, since it provides the ability to apply network-wide policies and the like). In this review, however, we'll concentrate on the server product – imaginatively called SecureZip Server (SZS).
SZS is a command-line tool that can be used to add functionality to server-type products such as FTP or email servers. It's available for Windows 2000, Windows Server 2003, Solaris (2.8+), HP-UX (10.20+), AIX (4.3.3+) and Linux (the distribution doesn't matter so long as you have at least release 2.4 of the Linux kernel).
Many servers are able to interface to external applications (a mail server might call an external AV package, for instance) – so you can use the same features to make the server program call SZS's functions. So if, for instance, you have two sites in your organisation, each with its own mail server, you could configure each server to encrypt messages that are being sent to the other server, and to decrypt messages that are coming in from the other site.
The PKZIPC program itself is a hefty 1.2MB executable – which isn't surprising when you consider the raft of features it has. At the basic level, you get the ability to encrypt data based on a password – something PKZip users have been used to for years. You can also encrypt and decrypt based on digital certificates (and if, as is likely, you want to centralise your organisation's certificates in one place, SZS can use LDAP to look up the appropriate information in the corporate repository).
As well as being used as an add-on by packages such as mail servers, SecureZip Server can also exploit SMTP and FTP servers for sending files outside the local network. The command line can become rather convoluted (after all, a mail message has loads of variable sections – addresses, subject lines, body text, carbon copies) but in the majority of cases the SZS functions will be a part of a script, so once they're created, they'll be reused many times. If you have some standard settings that you don't want to keep repeating in your commands (such as the address of your local SMTP server) these can be defined as persistent configuration options.
Because SZS's functions are designed to be run unattended, you need some way to find out when things are going wrong (or, for that matter, to be reassured that things are going right). The various implementations of SZS are able to write to the native logging system for the platform in use (the Event Log in Windows, or a Syslog-compliant host under Unix/Linux), or you can alternatively tell it to send SNMP traps to your network management application if you have one.
We found SZS pretty easy to get on with – although, as we've said, some of the command-line options can lead to gargantuan commands, you tend only to write things once and wrap them up in scripts. Installation is simple (there's just the main executable, some documentation and a few ancillary tools for doing things like adding digital certificates). The PDF manual that's installed by the setup routine runs to 220 pages, and it goes into adequate detail about all the commands you can use.
Although SZS is perhaps most useful in a closed environment (where you own both ends of a communication and can therefore control the encrypt/decrypt process), you can also use it to send stuff securely to third parties by providing the latter with a free decrypt-only tool that they can use to extract data from archives. This can be downloaded from the PKWare Web site, or you can distribute it yourself at no charge.
SecureZip Server is an interesting and functional package. The only drawback is that it's entirely command-line based (a wizard-based GUI would have been a nice touch) but this isn't the end of the world.