The Ask before overwrite feature is selected by default. With this feature enabled, the RAR app lets you know if files with the same name already exist, and you're given the choice to skip, rename, or replace each file.
PowerShell 5.0 includes two cmdlets for working with compressed Zip files: Compress-Archive and Expand-Archive. However, these cmdlets do not support encryption, are relatively slow, cannot handle other archive formats, cannot peek at file listings inside of Zip archives without doing extraction, and cannot handle files larger than 2 GB (which is a big problem for archiving log files).
7-Zip is a free, open source, cross-platform, very fast, archive file manager. It supports a wide variety of formats (like 7z, zip, tar, wim, iso, rar, and rpm) and can be run from the command line or as a graphical application. Unlike the old Zip archives, modern 7-Zip archives (in 7z format) can be up to 16,000,000 TB in size!
Zip archives can also be encrypted with 256-bit AES, which is much more secure. However, there is a compatibility problem: Zip with AES is not supported by many operating systems or other archival tools; for example, Windows File Explorer does not support AES-encrypted Zip files and probably never will.
A third problem with AES-encrypted Zip files is that some vendors will encrypt the names and paths of files inside the Zip archive, while others do not. Beyond the compatibility problem, file names and folder paths are \"metadata\" which can be very revealing all by themselves, even if the file contents are encrypted.
Imagine capturing an archive that contained files like \"DivorceAttorneys.xls\" or \"\\Contracts\\2016\\Panama-Gov\\OffShoreAccounts.pdf\". If you are uploading encrypted Zip files to Amazon or Azure, it's possible that file names and paths are being extracted and indexed, perhaps by Cortana in OneDrive, even though you intend to keep the contents of the Zip files 100% private. When you e-mail encrypted Zip files to others, or upload/download such files through proxy servers, it is also possible that the e-mail gateways and proxy servers are examining and logging the plaintext file names and paths in the otherwise-encrypted Zip files too. In some countries, just having suspicious file names could land you in jail.
A fourth problem is that, if you attempt to extract files from an encrypted Zip file using the wrong password, such as with a typo, you risk overwriting any existing files of the same names with a zero-byte files, thus effectively deleting the existing files! This could accidentally destroy irreplaceable data.
7-Zip also supports the 7z or \"SevenZip\" archive format (*.7z file name extension). The 7z format is technically superior to Zip as an archive, and 7z files can also be encrypted with 256-bit AES in CBC mode. The AES key is derived by hashing a user-supplied passphrase with SHA-256 several times.
When 7z archives are encrypted, you have the option to also encrypt the file names and paths inside the archive. You should always encrypt file/path metadata, unless there is some compelling reason not to do so. Unfortunately, this is not the default in 7-Zip, you have to choose to check the \"Encrypt file names\" box in 7-Zip (or use the -EncryptFilenames switch in PowerShell). But once you do choose this option, 7-Zip remembers your choice the next time you run 7-Zip by setting the following registry value (which could be set pre-emptively with a .reg file or through Group Policy):
Hence, when security is the primary goal, only use the 7z archive format (not Zip), always check the box to \"Encrypt file names\" (or use the -EncryptFilenames switch in PowerShell), and use a complex passphrase that is at least 25 characters in length. The longer and more random the passphrase, the better it is for the quality of the encryption.
7-Zip can be \"wrapped\" by PowerShell for very convenient command-line access and scripting use. A popular PowerShell module for this is 7Zip4PowerShell, which can be installed for free from the PowerShell Gallery, or, if you have an older version of PowerShell, downloaded from GitHub. (You must have at least PowerShell version 2.0.)
Notice in the above that the archive format is SevenZip (creates a *.7z file) and the -EncryptFilenames switch is used. As discussed above, this combination should be considered mandatory. If you do not encrypt file names, and you attempt to extract files from the encrypted 7z archive using the wrong password (perhaps accidentally) then you risk overwriting any existing files with the same names with empty files, thus deleting the contents of those files! This does not happen when the -EncryptFilenames switch is always used.
For example, you could encrypt 500GB of your personal files using 7-Zip and an encryption passphrase stored in KeePass, then upload that archive to Amazon Glacier or Azure Cool Blob Storage for pennies per month. Because your data is encrypted locally, you don't have to trust Amazon or Microsoft. Because you're using PowerShell to automate the process, it can be done quickly and conveniently. And because the encryption passphrase is stored in KeePass, the passphrase does not need to be hard-coded into any plaintext scripts.
(When archiving a large number of data files, it may be best to first make copies of those files to a temp folder, archive the copies from the temp folder, then securely delete the temp folder. Using the built-in ROBOCOPY.EXE utility you can copy just the files you want to archive using a variety of command-line switches. On Server 2016 and later, check out Storage Replica vs. ROBOCOPY too.)
Imagine capturing an archive that contained files like \"DivorceAttorneys.xls\" or \"\\\\Contracts\\\\2016\\\\Panama-Gov\\\\OffShoreAccounts.pdf\". If you are uploading encrypted Zip files to Amazon or Azure, it\\'s possible that file names and paths are being extracted and indexed, perhaps by Cortana in OneDrive, even though you intend to keep the contents of the Zip files 100% private. When you e-mail encrypted Zip files to others, or upload/download such files through proxy servers, it is also possible that the e-mail gateways and proxy servers are examining and logging the plaintext file names and paths in the otherwise-encrypted Zip files too. In some countries, just having suspicious file names could land you in jail. 59ce067264