EncryptionAlgorithm Parameter (Compress-Zip Cmdlet)

The algorithm used to encrypt files written to the archive.


Compress-Zip -EncryptionAlgorithm string


The algorithm used to encrypt files written to the archive.

Note that files will only be encrypted if Password is set. By default the cmdlet will use standard zip encryption if Password is set, and will not encrypt data otherwise.

The cmdlet supports the use of AES, the Advanced Encryption Standard, as well as standard Zip encryption. The default encryption algorithm is the algorithm introduced in version 2.0 of the Zip specification, and is compatible with virtually all other zip utilities. However, this algorithm is considered weak and should not be used to protect sensitive data.

AES is a U.S. government standard cleared to protect even the most sensitive data. The file format used to create AES-encrypted files is designed to be compatible with WinZip 9.0. AES-encrypted files created by the cmdlet may or may not be compatible with other Zip utilities.

The cmdlet supports the use of AES with key lengths of 128, 192, or 256 bits. Note that even with the weakest (128-bit) keys AES is much more secure than standard Zip encryption.

If you use strong or maximum AES encryption the cmdlet will generate a unique salt value and cryptographic key for each file encrypted. If you use weak encryption the cmdlet will use the same salt for each file in the archive. If you are encrypting a large number of files this will have a substantial effect on performance. Set the AESGenerateUniqueKeys configuration setting to configure the salt generation independent of the key length.

If using AES encryption it is important to choose a good Password. For 128-bit keys it is recommended that your password be 32 characters long, and for 256-bit keys, 64 characters.

Important: Note that AES encryption only encrypts the contents of encrypted files within the Zip archive; it does not prevent an attacker from reading the names of files in the archive, or from adding or deleting files to or from the archive. To prevent this consider first storing your files in an unencrypted zip file, and then storing this zip file in another, AES-encrypted zip file.

Possible values:

  • Default
  • Weak
  • Strong
  • Maximum

Default Value


Parameter Alias


Copyright (c) 2022 /n software inc. - All rights reserved.
NetCmdlets 2020 - Version 20.0 [Build 8165]