diff --git a/omps/api/v1/push.py b/omps/api/v1/push.py
index 344be2f..5c15483 100644
--- a/omps/api/v1/push.py
+++ b/omps/api/v1/push.py
@@ -84,11 +84,17 @@ def extract_zip_file(
                     uncompressed_size, max_uncompressed_size
                 ))
 
-        bad_file = archive.testzip()
+        try:
+            bad_file = archive.testzip()
+        except RuntimeError as e:
+            # trying to open an encrypted zip file without a password
+            raise OMPSUploadedFileError(str(e))
+
         if bad_file is not None:
             raise OMPSUploadedFileError(
                 "CRC check failed for file {} in archive".format(bad_file)
             )
+
         archive.extractall(target_dir)
         archive.close()
 
diff --git a/tests/api/v1/test_api_push.py b/tests/api/v1/test_api_push.py
index 818d2cd..91c77f9 100644
--- a/tests/api/v1/test_api_push.py
+++ b/tests/api/v1/test_api_push.py
@@ -79,6 +79,31 @@ def test_push_zipfile_unauthorized(client, endpoint_push_zipfile):
     assert rv_json['error'] == 'OMPSAuthorizationHeaderRequired'
 
 
+@pytest.mark.usefixtures("mocked_quay_io")
+def test_push_zipfile_encrypted(
+        client, encrypted_zip_archive,
+        endpoint_push_zipfile, auth_header):
+    """Test if proper error is returned when the attached zip file
+    is encrypted
+    """
+    with open(encrypted_zip_archive, 'rb') as f:
+        data = {
+            'file': (f, f.name),
+        }
+        rv = client.post(
+            endpoint_push_zipfile.url_path,
+            headers=auth_header,
+            data=data,
+            content_type='multipart/form-data',
+        )
+
+    assert rv.status_code == 400, rv.get_json()
+    rv_json = rv.get_json()
+    assert rv_json['status'] == 400
+    assert rv_json['error'] == 'OMPSUploadedFileError'
+    assert 'is encrypted' in rv_json['message']
+
+
 def test_push_koji_nvr(client):
     """Test REST API for pushing operators form koji by NVR"""
     rv = client.post('/v1/organization-X/repo-Y/koji/nvr-Z')
diff --git a/tests/conftest.py b/tests/conftest.py
index 95f8b30..3fc1c04 100644
--- a/tests/conftest.py
+++ b/tests/conftest.py
@@ -58,6 +58,12 @@ def valid_manifests_archive(datadir, tmpdir):
     return path
 
 
+@pytest.fixture
+def encrypted_zip_archive(datadir):
+    """Path to the encrypted zip archive created in advance"""
+    return os.path.join(datadir, 'encrypted.zip')
+
+
 @pytest.fixture
 def mocked_quay_io():
     """Mocking quay.io answers"""
diff --git a/tests/data/encrypted.zip b/tests/data/encrypted.zip
new file mode 100644
index 0000000..a4d62a7
Binary files /dev/null and b/tests/data/encrypted.zip differ
diff --git a/tests/integration/push_archive/push_archive_test.py b/tests/integration/push_archive/push_archive_test.py
index 62c6a11..87cfd5b 100644
--- a/tests/integration/push_archive/push_archive_test.py
+++ b/tests/integration/push_archive/push_archive_test.py
@@ -201,8 +201,8 @@ def test_upload_password_protected_zip(omps):
     response = omps.upload(organization=TEST_NAMESPACE,
                            repo=TEST_PACKAGE, archive=archive)
 
-    assert response.status_code == requests.codes.internal_server_error
-    assert response.json()['error'] == 'InternalServerError'
+    assert response.status_code == requests.codes.bad_request
+    assert response.json()['error'] == 'OMPSUploadedFileError'
     assert 'is encrypted' in response.json()['message']
 
 
diff --git a/tox.ini b/tox.ini
index 00fae76..14a35f9 100644
--- a/tox.ini
+++ b/tox.ini
@@ -34,3 +34,8 @@ max-line-length: 90
 ignore =
     # E731 do not assign a lambda expression, use a def
     E731
+exclude =
+    # flake8 defaults
+    .svn,CVS,.bzr,.hg,.git,__pycache__,.tox,.eggs,*.egg,
+    # added
+    venv