How to create an encrypted ZIP

Create secure, password-protected ZIP archives with AES-256 encryption before you send sensitive files.

Updated April 2026 6 min read Beginner
Quick answer
  • Windows: use 7-Zip → right-click files → 7-Zip → Add to archive → set password → choose AES-256.
  • Mac: Terminal: zip -er MyArchive.zip folder/ (prompts for password).
  • Always use AES-256, not the older ZipCrypto. It’s the difference between a padlock and a combination lock.

Why create an encrypted ZIP?

Password-protecting a ZIP is the simplest way to send sensitive files by email, upload them to a cloud service, or hand them off on a USB drive. Anyone intercepting the archive still can’t read the contents without the password.

Not all ZIP encryption is equalOlder ZIP tools default to ZipCrypto — a format that’s been cracked for decades. Always choose AES-256. All modern tools support it; you just have to select it.

Create an encrypted ZIP on Windows

The easiest method uses 7-Zip. The built-in Windows tool does not support encryption.

  1. Install 7-Zip From 7-zip.org, free.
  2. Select your files or folder In File Explorer, highlight what you want to encrypt.
  3. Right-click → 7-Zip → Add to archive… On Windows 11, click Show more options first.
  4. Set the archive format to “zip” (Keep the .zip format for maximum compatibility — recipients won’t need 7-Zip to open it.)
  5. Enter a password in the Encryption box Type a strong password (16+ characters, mixed case, numbers, symbols).
  6. Set “Encryption method” to AES-256 This is the critical step. The default is often ZipCrypto, which is weak.
  7. Click OK Your encrypted .zip appears next to the original files.
Send the password separatelyNever email the password in the same message as the ZIP — if the email is intercepted, both are exposed. Send the password via text, Signal, or a phone call.

Create an encrypted ZIP on Mac

macOS includes a command-line zip tool that supports passwords. It uses ZipCrypto by default — which is OK for casual use but not for sensitive data. For AES-256, use Keka or The Unarchiver’s sibling app Archiver.

Method 1 — Terminal (ZipCrypto, built-in)

  1. Open Terminal Cmd + Space, type Terminal, Enter.
  2. Navigate to the folder containing your files Use cd ~/Desktop/ or similar.
  3. Run the zip command Type: zip -er SecureArchive.zip MyFolder/ (the -e enables encryption; -r includes sub-folders).
  4. Enter a password twice Terminal prompts for a password, then to confirm. You won’t see the characters as you type.

Method 2 — Keka (AES-256, recommended)

  1. Install Keka From keka.io or the App Store.
  2. Open Keka and choose ZIP format In Keka’s window, select ZIP and enable the Method: AES-256 option.
  3. Set a password Enter it in the password field at the bottom.
  4. Drag files onto Keka The encrypted ZIP appears in the same folder.

Choosing a strong password

  • Length over complexity. A 16-character random string is stronger than an 8-character one with symbols. Aim for 20+ characters for sensitive data.
  • Use a passphrase. Four random words (like correct-horse-battery-staple) are easy to remember and very hard to crack.
  • Don’t reuse passwords you’ve used elsewhere.
  • Use a password manager (1Password, Bitwarden) to generate and store the password. Share it via the manager’s secure-sharing feature.

When NOT to use encrypted ZIPs

For truly sensitive data (financial records, health information, source code), encrypted ZIPs are a reasonable layer but not the strongest option: