Zip Bundles
Zip Bundles
The Zip Bundle feature lets you package multiple files into a single encrypted archive and send them as one queue item. You can optionally add an AES-256 zip-level password for an additional layer of protection on top of the transport encryption.
Creating a zip bundle
In the sender UI
- Open the sender web UI (
http://localhost:5000) - Click the Zip Bundle tab
πΈ Screenshot needed: zip-bundles-sender-tab.png
Description: Sender web UI with the Zip Bundle tab selected, showing the multi-file drop zone and password field
- Add files using any of these methods:
- Drag and drop multiple files onto the drop zone
- Click Add Files to open a multi-file picker
- Repeat to add more files one by one
πΈ Screenshot needed: zip-bundles-sender-files-added.png
Description: Zip Bundle tab showing several files listed with names, sizes, and a remove button for each
(Optional) Enter a zip password in the password field
- The password is used to encrypt the zip archive contents using AES-256 at the zip level
- Leave blank for a standard (unpassworded) zip bundle
Click Create & Queue
The sender will:
- Bundle all selected files into a zip archive using SharpZipLib
- If a password was provided, encrypt the zip entries with AES-256 at the zip level
- Hash the resulting zip bytes with SHA-512
- Encrypt the entire bundle with AES-256-GCM (transport encryption)
- Add it to the queue
πΈ Screenshot needed: zip-bundles-sender-queued.png
Description: Sender queue showing the zip bundle item with a lock icon (if passworded) and Queued badge
Double encryption explained
When you use a zip password, your files are protected by two independent layers of AES-256 encryption:
flowchart TD
A[Original files] --> B["AES-256 zip encryption\nβ zip password you enter"]
B --> C[.zip archive]
C --> D["AES-256-GCM transport encryption\nβ key derived from session secret"]
D --> E[Encrypted bytes in queue]
E --> F[Sent over HTTPS Dev Tunnel]
style B fill:#2d4a3e,color:#fff,stroke:#2ea043
style D fill:#1a3a5c,color:#fff,stroke:#4a9eff
| Layer | Algorithm | Key source |
|---|---|---|
| Zip-level | AES-256 (zip entry encryption via SharpZipLib) | Password you enter |
| Transport | AES-256-GCM | SHA-256 of session secret |
This means that even if the transport encryption were somehow broken, the zip contents would still be protected by the zip password β and vice versa.
Lock icon in the queue
Zip items with a password show a π lock icon in both the sender and receiver queues, making it clear that the recipient will need the zip password to extract the files.
β οΈ Warning: The zip password is not transmitted with the bundle. You must share it with the recipient separately through a secure channel.
Receiving a zip bundle
In the receiver UI
πΈ Screenshot needed: zip-bundles-receiver-queue.png
Description: Receiver queue showing a zip bundle item with lock icon and Receive button
- Click Receive next to the zip item
- The receiver downloads and decrypts the transport layer (AES-256-GCM)
- SHA-512 hash verification runs on the decrypted zip bytes
- The hash verification modal appears
πΈ Screenshot needed: zip-bundles-receiver-hash-modal.png
Description: Hash verification modal for a zip bundle showing success
- If verification passes, a Download button appears
- Click Download β the
.zipfile is saved to your machine
Extracting the zip
If the bundle was created with a password:
Windows (File Explorer)
Right-click the .zip β Extract All β enter password when prompted.
macOS (Terminal)
unzip -P "your-zip-password" bundle.zip
Linux (Terminal)
unzip -P "your-zip-password" bundle.zip
# or
7z x bundle.zip -p"your-zip-password"
β οΈ Warning: If you forget the zip password, the files cannot be recovered. The password is not stored anywhere in the system. You will need the sender to re-create and re-send the bundle.
File size limit
| Limit | Value |
|---|---|
| Maximum zip bundle size (total) | 100 MB |
The 100 MB limit applies to the final zip archive size, not the sum of individual file sizes (compression may reduce the total).
Use cases
- Sending a project folder (multiple source files at once)
- Bundling certificates, keys, and config files together
- Packaging assets that belong together logically
- Sending files that benefit from an extra layer of password protection