Encrypt a file for email by compressing it into a password-protected ZIP with AES-256, then share the password separately.
Sending a sensitive PDF or contract through email without encryption is like mailing a postcard — anyone handling it can read it. To encrypt a file for email properly, the standard approach is to compress the file into a ZIP archive protected with AES-256 encryption, then share the password through a separate channel. Compressing first and encrypting second is the only order that keeps your data safe.
Encrypting a File for Email: Why the Order Matters
The most common mistake people make is encrypting a file and then compressing it. That order can strip the encryption entirely and leave metadata exposed inside the archive. Always compress your file into a ZIP first, then apply encryption to the ZIP itself. This preserves the encryption and keeps filenames hidden when you enable the Encrypt file names option.
Method 1: 7-Zip on Windows (Most Compatible)
AES-256 encrypted ZIP files created with 7-Zip open on Windows, macOS, and Linux without extra software. The free tool is the standard for cross-platform file encryption.
- Download and install 7-Zip from the official site. Run the installer (7z1900-x64.exe on 64-bit Windows), click Yes for User Account Control, then Install, then Close.
- Right-click the file you want to send and select 7-Zip > Add to archive.
- Set the format to ZIP and change the Encryption method to AES-256.
- Check “Encrypt file names” so the recipient can’t see the original filename without the password.
- Enter a password at least 8 characters long, then click OK. The encrypted ZIP appears next to the original file.
- Attach the encrypted ZIP to your email.
Share the password through a separate channel — a text message, phone call, or a completely different email — never in the same message as the file. FDU’s IT guide on encrypted email attachments walks through this exact workflow with screenshots.
Method 2: Keka on macOS
Mac users have a similar one-tool workflow with Keka, a free archiver that supports AES-256 encryption on ZIP files.
- Download and open Keka from the official site.
- Open Keka Preferences and check Use AES-256 when encrypting ZIP files. Note that this makes the file slightly less compatible on older systems than 7-Zip’s implementation.
- Set a password in the Keka window.
- Drag your file onto the Keka window. The encrypted ZIP saves next to the original.
- To decrypt later, drag the ZIP back onto Keka and enter the password.
Method 3: Outlook Built-In Encryption (Microsoft 365)
If you have a Microsoft 365 Personal or Family subscription, Outlook’s Information Rights Management (IRM) can encrypt the message itself. This works well for Office documents sent within the same organization but doesn’t encrypt the attachment file independently — encrypting the attachment separately with 7-Zip first is still the safer route for external recipients.
- Open a New Email in Outlook.
- Go to the Options tab and click Encrypt.
- Choose Encrypt Only (the recipient can forward or reply but cannot print or copy) or Do Not Forward.
- Attach your file and send.
Encryption Methods at a Glance
| Method | Best For | Key Limitation |
|---|---|---|
| 7-Zip + ZIP/AES-256 | Cross-platform file sharing | Password must be shared separately |
| Keka + AES-256 ZIP | Mac users | Less compatible on older systems |
| Outlook Encrypt (IRM) | Microsoft 365 subscribers | Message-level only; subscription required |
| Adobe Acrobat PDF Encryption | Sending signed PDF documents | Requires Acrobat editor on sending end |
| Gmail Confidential Mode | Gmail users needing basic protection | Does not encrypt the attachment itself |
| S/MIME | Enterprise Outlook environments | Requires a digital certificate |
| PGP/GPG (Public Key) | Technical users needing asymmetric encryption | Complex setup; recipient must also use PGP |
Method 4: PDF Encryption in Adobe Acrobat
Adobe Acrobat lets you password-protect a PDF directly before attaching it to an email. The recipient opens it with the password in any PDF reader.
- Open the PDF in Adobe Acrobat.
- Go to Tools > Protect > Encrypt > Encrypt with Password.
- Check “Require a password to open the document”, then enter a strong password.
- Choose a compatibility level matching the recipient’s Acrobat version (Acrobat 2017 or newer is safe for most).
- Select “Encrypt all document contents” and click OK. Re-enter the password to confirm.
Adobe also offers an online password tool at Acrobat online services — upload the PDF, enter a password, and download the encrypted version. The file is deleted from Adobe’s servers after processing.
What Are the Most Common Encryption Mistakes?
Even with the right tool, small mistakes can leave your file exposed. The table below covers the ones that matter most.
Common Encryption Mistakes and Their Fixes
| Mistake | Why It’s Risky | The Fix |
|---|---|---|
| Encrypt then compress | Compression can strip or break the encryption | Compress first, encrypt second |
| Password in the same email | One compromised message exposes both file and key | Send password by phone, text, or separate email |
| ZipCrypto instead of AES-256 | ZipCrypto is vulnerable to brute-force attacks | Always select AES-256 in your archiver’s settings |
| Filenames visible inside the ZIP | Attackers see what files you sent without the password | Enable “Encrypt file names” in 7-Zip or equivalent |
| Acrobat version mismatch | Recipient cannot open the encrypted PDF | Match the compatibility level to the receiver’s version |
How Do You Share the Password Safely?
The encrypted file is only as secure as the password delivery method. Never include the password in the same email as the file — that negates the entire point of encryption. Instead:
- Phone call: Call the recipient and read the password aloud.
- Text message: Send the password by SMS or WhatsApp, then send the file by email.
- Separate email: Send the file from one address and the password from another.
- Password manager share: If both parties use a password manager, use its secure share feature.
Sending Your First Encrypted File: The Complete Sequence
- Compress your file into a ZIP archive using 7-Zip or Keka.
- Apply AES-256 encryption with a password of 8+ characters.
- Enable “Encrypt file names” to hide filenames.
- Attach the encrypted ZIP to your email and send it.
- Share the password through a separate channel (phone, text, or different email).
That’s it. The file arrives encrypted, the password travels a different path, and your recipient can open it with the password you provided — no special software needed beyond a standard unzip tool.
References & Sources
- Fairleigh Dickinson University IT. “Sending an Encrypted File Using Email.” Official university guide covering 7-Zip AES-256 encryption workflow for email attachments.
