We strongly recommend the use of more than one key for anything more than transient encryption. The keys can be of mixed types (for example, a public certificate and two passphrases) or of all the same type. Using multiple keys provides insurance against the possibility that a key is lost: passphrases can be forgotten, a private key file can be misplaced, and a private key's unlocking password can be forgotten.
When multiple keys have been used to protect a file, any single one of the keys will serve to decrypt the file.
(By transient encryption we refer to encrypting a file for a quickly-accomplished task, usually lasting a short time. For example, some file types will often be removed or altered by email servers when they are attached to messages. When such files are otherwise safe to send through email, an easy way to protect them from well-intentioned tampering is to encrypt them before attaching, then decrypt them at the receiving end.)
Using the Archive button turns on more features than what
Encrypt does. First, archives store relative pathnames in the
encrypted .wza
file. Secondly, archives offer the option
of compressing your data. And thirdly, archives store file attributes
and permissions.
For these reasons it is often preferable to use Archive even when only encrypting a single file.
One point to keep in mind when making this choice: expanding an archive unconditionally restores files using their original, pre-encryption filenames. Compare this to the Decrypt behavior of allowing the user to choose a name, and basing the default choice on the name of the encrypted archive file.
If you have multiple filesystems available to you during decryption,
we recommend expanding a .wza
archive to the most
"featureful" filesystem with sufficient space. Restoring
file attributes of archive entries works best on fully POSIX
filesystems.
If no such filesystems will ever be available on a given computer, the attribute restore option may as well be turned off, to avoid the needless warnings after expansion. Standard NTFS drives under Microsoft Windows fall into this category as of Windows 7.