Gizmo's Freeware is Recruiting

Gizmos Needs YouWe are looking for people with skills or interest in the following:
- Mobile Platform Reviews
- Rootkit Scanner and Remover
- Streaming Media Recorder
- Email Client
- Archive Manager        Interested? Click here

 

Best Free File Encryption Utility

Updated 13. November 2012 - 13:20 by philip
 
In a Hurry?
  Go straight to the Quick Selection Guide
Introduction

Encryption is a process of encoding information so that it cannot be accessed by others unless they have the key needed to decode it. Encryption is usually used to protect highly sensitive documents, but it's also a good way to stop people from looking at your personal stuff.

Primary encryption utility categories

Why use categories here? To bring a little order to the large catalog of encryption utility reviews at this site. This particular review article is limited to "file (and folder) encryption" utilities. See related categories below.

  1. Encryption utilities that encrypt files/folders directly - the utilities reviewed in this article. These utilitiees encrypt discrete files and/or folders directly, in contrast to utilities that encrypt and store files in volumes (archives, i.e., container files). File-based utilities may operate in batch mode or in on-the-fly mode.
  2. Virtual-drive encryption utilities create volumes (encrypted containers/archives) which can be mounted in the file-system as virtual drives, complete with drive letters, e.g. "V:". These drives can contain both files and folders. The computer's file system can read, write and create documents in real time, directly in cleartext. Virtual-drive utilities operate in on-the-fly mode.
  3. Full-drive encryption utilities encrypt entire storage devices, e.g., hard-drives, drive partitions and USB drives. Some of the utilities in this category can also encrypt the drive that the operating system itself is installed on.
  4. Client-side encryption utilities for the cloud: A newly emerged category. These utilities encrypt files before they are uploaded to cloud sync/storage locations. The files are encrypted in transit and while at rest in the cloud. Cloud encryption utilities employ various forms of virtualization to present cleartext client-side, and they operate in on-the-fly mode.

 Cautionary Notes

  1. Operating systems are messy: Echos of your personal data -- swap files, temp files, hibernation files, erased files, browser artifacts, etc -- are likely to remain on any computer that you use to access the data. It is a trivial task to extract those echos. If you need to protect against access on your hard-drive as well as in transit or externally, this is a hidden access trap.
    For example, when you encrypt and compress files, clear-text versions that existed before you compress/encrypt the file or clear-text copies that are created after you decrypt/decompress it remain on your hard drive. There may also be "Temp" files left behind. Unless you purge -- not just delete -- those clear-text files. :-(
  2. The fact that an encryption program "works" does not mean that it is secure. New encryption utilities often appear after someone reads up on applied cryptography, selects or devises an algorithm - maybe even a reliable open source one - implements a user interface, tests the program to make sure it works, and thinks he's done. He's not. Such a program is almost certain to harbor fatal flaws.
          "Functionality does not equal quality, and no amount of beta testing will ever
          reveal a security flaw. Too many products are merely buzzword compliant; they
          use secure cryptography, but they are not secure." --Bruce Schneier,
          in Security Pitfalls in Cryptography
  3. Further advice about how to use encryption are discussed in Encryption is Not Enough, including what you need to do beyond encryption to be sure your private data is not lost or exposed.
Discussion

TrueCrypt was once the venerable, top-rated utility in this review category. It is still top-rated, but no longer fits the more-tightly-defined scope of this redefined category. You'll find TrueCrypt in the Best Free Encrypted Virtual Drive Utility category.

Most if not all of the programs below leave the user exposed to the non-obvious threats described directly above in Cautionary Note #1. TrueCrypt - which is volume, not file and folder based - does not create this vulnerability.

Sophos Free Encryption is provided by Sophos, the prominent security enterprise. It is a derivative of their commercial program, SafeGuard PrivateCrypto. It provides a graphical user interface (GUI) and also integrates with the file-system to provide context menu (right-click) control. Using Sophos Free Encryption is straightforward. You can encrypt single files, multiple files or folders. It works much like zip file compression programs.

Sophos Free Encryption includes an option - and a utility - to securely delete source files after encryption. That utility can also be used to securely delete any other copies of plain-text files that may be left behind. Sophos Free Encryption also provides a command line function for AES-256 encryption. [more]

AxCrypt provides secure AES-128 encryption of single files using passwords, and optionally key-files as well, which AxCrypt can generate for you. Usage is wonderfully simple. To encrypt a file or files in a folder, just right-click the file or folder and select "encrypt". Simply double-clicking an encrypted file lets you edit or view it with the program of your choice (you must supply the password). Closing an open file automatically re-encrypts the file. Self-decrypting files are also supported, removing the need to install AxCrypt to decrypt.

Note: The AxCrypt install program now uses Open Candy to bundle/install third party software with AxCrypt. That does not present a real problem - you have the option to opt out of the unsolicited software.

"If you are in need of a plain Windows Installer (.msi) installer package, for example for group policy deployment or if you for any other reason want an installer that is entirely free of the OpenCandy code, please register for an account and log on." ~From the AxCrypt site.

AES Crypt is a simple program that adds a context menu item in the file system context menu. There is no program window as you have for most programs.

You simply right-click the file you want to encrypt or decrypt in the file listing, select the AES Crypt item, and enter your password in a little dialog box. A new encrypted or decrypted version of the file is created. In the case shown, the filename will be Bootstrap.kdbx.aes.

Since the original file is not purged, AES Crypt is best used for situations where you need to upload, email or otherwise move the encrypted file. If you want to prevent access to the unencrypted version file you would need to shred it with a secure erase utility.

The short Users Manual for AES Crypt makes the encryption and decreption processes easy to understand.

 
Related Products and Links

Related products:

  • dsCrypt works with single or multiple files. dsCrypt is AES/Rijndael file encryption software with simple, multi-file, drag-and-drop operations. It is tiny, easy to use, and employs proven encryption techniques. However, it is an orphan product.

Alternative products:

  • SafeHouse Explorer is a simple, free program that is small enough to use on a USB flash memory drive. You'll find excellent tutorial videos and the users manual at the website, and a screenshot-rich tutorial here.
  • Rohos Mini Drive is a "portable" program that creates a hidden, encrypted partition on USB flash drives.
  • FreeOTFE is an "on-the-fly" disk encryption program that can be adapted for portable use.
  • FreeOTFE Explorer is a simpler companion to FreeOTFE. It does not require administrative rights.
  • Pismo File Mount Audit Package is a file system extension that provides Windows Explorer context menu access to special encrypted files that open to encrypted folders. Applications can write directly to these folders, which helps assure that plain-text copies of the original document are not left behind on your hard drive. Inconvenient fact #2 - The "clear-text" problem provides more details.
  • 7-Zip Portable is a powerful file compression utility that provides 256-bit AES encryption for *.7z and *.zip formats, but the Pismo program above is a better simple encryption solution because it avoids the plain-text problem.

Related articles:
Quick Selection Guide

Sophos Free Encryption
8
 
Gizmo's Freeware award as the best product in its class!

Runs as a stand-alone program on a user's computer
Simple, straightforward to use. GUI and context menu interfaces. High confidence in the security of the program. Right-click integration with the file-system context menu, and with email programs. Quick install. Always ready. Simple to use directly from the file system (Windows Explorer; File Explorer in Windows 8). Fast.
Does not remove the original, unencrypted file automatically (but provides a manual utility to use). Must register with email and phone number.
http://www.sophos.com/en-us.aspx
http://www.sophos.com/en-us/products/free-tools/sophos-free-encryption.aspx
2.4.01
2.1 MB
32 bit but 64 bit compatible
Unrestricted freeware
There is no portable version of this product available.
Windows 2000, XP, Vista, and Windows 7
AxCrypt
7
 
Runs as a stand-alone program on a user's computer
Right-click integration with Windows Explorer makes AxCrypt the quickest way to encrypt individual files. AxCrypt makes it as easy to open, edit and save encrypted files as it is to work with unencrypted files. Use this one when you want file-by-file encryption that is integrated into the Windows shell.
The install program uses the Open Candy system for bundled third party software. You can decline to install the bundled software if you like.
http://www.axantum.com/axcrypt/
http://www.axantum.com/axcrypt/
1.7.2931.0
1.5 MB
32 and 64 bit versions available
Unrestricted freeware
A portable version of this product is available from the developer.
Windows 2000/2003/XP/Vista/7/8

English, Danish, Swedish, German, Dutch, Hungarian, Spanish, French, Italian and Norwegian versions.

AES Crypt
6
 
Runs as a stand-alone program on a user's computer
Quick install. Always ready. Simple to use directly from the file system (Windows Explorer; File Explorer in Windows 8). Fast.
Does not remove the original, unencrypted file. AES Crypt can encrypt single or multiple files, but it does not encrypt folders. Installs Microsoft C++ Runtime.
http://www.aescrypt.com/
http://www.aescrypt.com/download.html
3.0.8
903 KB
32 and 64 bit versions available
Open source freeware
There is no portable version of this product available.
Windows 8, Windows 7, Windows Vista, Windows XP, Mac, and Linux

Requires (installs) Windows C++ Runtime.

This software category is maintained by volunteer editor philip. Registered members can contact the editor with any comments or suggestions they might have by clicking here.

Share this
4.294735
Average: 4.3 (95 votes)
Your rating: None

Comments

by sonoffar on 25. April 2013 - 22:48  (107343)

I have been reading about a program called "Rubberhose". It doesn't seem to be active but what I read sounded like it would be the perfect tool for safeguarding information on a computer. Anyone have any experience or information on this program?
by philip on 25. April 2013 - 23:33  (107345)

If this relates to the same program, Rubberhose was written around 2006 by Julian Assange of WikiLeaks infamy. There was little or no follow-through, and the website is now flakey.

It's a good concept, but at the time Bruce Schneier, of encryption fame, had this to say (interpolation mine).

"The devil really is in the details with something like this [it's awfully easy to screw up the implementation], and I would hesitate to use this in places where it really matters. without some extensive review. But I'm pleased to see that someone is working on this problem."

Google "rubberhose deniable encryption" for more.
by Panzer on 11. April 2013 - 7:52  (106986)

GoAnywhere OpenPGP Studio is a free desktop tool that makes it easy to protect sensitive files using the popular Open PGP encryption standard:
http://www.goanywheremft.com/products/openpgp-studio
by snakyjake on 11. April 2013 - 15:27  (106991)

I've always considered PGP to be more for sharing encrypted files and passwords, when you need to keep the "password" key secret and well managed. I don't share encrypted files with anyone, and don't want the extra overhead. But if you share and don't mind the overhead, then PGP is better. Personally, I even hate managing key files since I have different machines (windows, linux) and don't like losing keys. And if I do share a file, I call them on the phone and give them a password.
by philip on 11. April 2013 - 12:21  (106990)

Hi Panzer. Interesting. I've not included PGP tools in this category because they involve another dimension of complexity, namely key management. That puts them outside an (unwritten) criterion that I've applied when considering products for this category. However, GoAnywhere looks good enough to motivate working out where to put reviews of dual-key (asymmetric) encryption products. I vaguely recall that there some other free products of this kind to consider too. So it's off to work I go.
by mako on 20. December 2012 - 15:53  (103796)

Looking at these encrytion software I wonder how I can protect the encrypted files from corruption. I opened a file that was encrypted with AxCrypt with notepad, made a few changes and saved it again. Afterwards I could not restore that file. Is there an easy way to avoid such a problem?
by sicknero on 20. December 2012 - 16:22  (103797)

What makes you think the file is corrupted? You mean you opened the encrypted file in notepad just to try corrupting it? Maybe try setting it to Read Only.

I've not tried AxCrypt myself, but I've heard that some encryption apps don't like it when an encrypted file is defragmented.
by snakyjake on 30. November 2012 - 22:28  (103137)

Can you please explain the problems 7-Zip has with plain text? I like the idea of not needing to install additional software to get encryption.

The nice part about AxCrypt/Sophos/7Zip is creating a portable .exe. Great for those that don't have the software, but not good for non-Windows users.

What's the difference between a key file and an extremely strong password? A disadvantage of a key file is that it is a file (subject to corruption/stealing/loss). Much rather have a strong password and store it in a way that cannot be easily accessed. Not sure if the key file feature is a big deal or not?

Sophos has a compression option. How well are files encrypted + compressed? It is my understanding encrypted files do not compress.

AxCrypt does not offer compression.

Sophos allowed multiple files within an encryption container.

A nice feature of 7Zip and AxCrypt is being able to open a file without having to decrypt to the file system.

I'm leaning towards 7-Zip because it is one less software to install, free, open source, no adware, compress, executable, AES 256, open file without decrypting to file system (unless it uses a temp folder), highly portable to other OS's. It doesn't securely delete, which isn't that big of deal to me. And you mentioned something about "plain text".

Second choice is AxCrypt because it is cleaner, and I can open a file without decrypting to the file system. If I want multiple files, I can use 7Zip into a container, then use AxCrypt.
by philip on 30. November 2012 - 23:06  (103138)

Hi snakyjake,

I'll answer your first question. Quoting from the article Encryption is Not Enough,

"Using a compression -- e.g. 7-Zip -- program for encryption can be particularly hazardous. Unless you can create, open and save files directly in the encrypted archive you'll leave clear-text version of files behind on the host computer. You must purge (not just delete) those working files. You did know that deleted files are not actually erased didn't you?"

7-Zip simply reads the files you select, encrypts the contents, and adds that now-encrypted content to the archive that it creates. It does not wipe/purge the plain-text files that you selected, or even delete them (which would still leave the plain-text on the drive].

Now if you don't need to protect the original files because you have a way to physically secure the host computer, residual plain-text files wouldn't be a problem.
by Tusnakam (not verified) on 1. December 2012 - 17:34  (103177)

When you create an archive or extract from one using 7zip, it first gather the data to a temporary file which will then be copied to the destination. The temporary file will then be deleted, leaving it hidden on the disk.
by snaiya (not verified) on 23. November 2012 - 16:30  (102799)

first of all, i am new to all these cryptography. so i have some questions. if you have time it would be grateful to hear from you..

1. assume my laptop got stolen but i encrypted the whole drive beforehand. but as logging into my windows only requires windows admin password, if anyone who can bypass windows password either by using portable linux distros or other brute forcing methods can actually gain access to my data. isn't it? so actually how does whole drive encryption protect data theft in case of a theft?

2. if i only encrypt drives other than the installation drive (i.e C: ), what is the state of data protection in case of similar scenario above?
by philip on 23. November 2012 - 19:50  (102810)

Hello snalya,

Answer 1: Yes, the attacker could try brute forcing methods, but here's how you are protected: The whole drive is encrypted. None of the files can be accessed directly until they are first unencrypted. Only the encryption password can provide the key for un-encryption. Windows has nothing directly to do with un-encrypting the files. In fact all the Windows files are encrypted too. So there's no way in, except by using prodigious computing power for a great length of time, provided the password is strong enough.

Answer 2: If you don't encrypt the operating system drive (I assume that's what you mean by "installation" drive), Windows may, and likely will leave plain-text copies of any data you access lying around in temp files, program data files, virtual memory, etc. That's the main reason for using whole-drive encryption, meaning the whole physical drive, not just selected partitions. You might start with the related article "Encryption is Not Enough" (under "Related Articles" above to learn more.
by snaiya (not verified) on 28. November 2012 - 9:22  (103009)

many many thanks for replying. i have also gone through that article- thanks again; it is indeed very informative. now i got some real idea... :-)
by philip on 29. November 2012 - 4:58  (103044)

You're welcome snaiya.
by rhudson (not verified) on 12. November 2012 - 1:43  (102179)

I have been using Sophos Free Encryption and before that Utimaco Private Crypto for years. Glad to see it added. The program can be set to wipe (not just delete) the original file automatically in the options. Although technically not portable I copy the executable to my flash drives and I'm good to go.
by rhudson (not verified) on 13. November 2012 - 1:57  (102225)

PS-
When using the uninstalled executable you lose the context menu but the GUI and other features work fine.
by philip on 12. November 2012 - 2:59  (102181)

Hi rhudson,
I think I know why, but I never ran across Sophos Free Encryption in my many quests on the internet. It was even tricky to find where they hide it when hunter mentioned it. It's interesting that you can run it portable.
by rhudson (not verified) on 13. November 2012 - 1:51  (102224)

Originally the program was written by a german firm called Utimaco. It was called Safeguard Private Crypto and was one of the first programs to use AES. It was tweeked and debugged by them until the final form it now has. About the only thing Sophos did was add their own name. The "about" box and several other locations still have the Utimaco name on it. The only difference in the free and paid versions is the free version adds a line to the encrypted file identifying the program and the paid version has tech support.
by philip on 13. November 2012 - 13:22  (102248)

Thanks rhudson, it's interesting to know the back story.
by godel on 12. November 2012 - 1:17  (102178)

I'm aware that whole disk encryption is the best practice for security, but would doing your file creation and encryption inside a sandbox such as Sandboxie, ease some of the leakage problems?
by philip on 12. November 2012 - 2:53  (102180)

Hi godel,
I used to mess about with Sandboxie, and it seems possible that it might keep things under positive restraint. But my recollection is hazy. Here's what I do for my most sensitive documents and data. I put my whole working environment in a TrueCrypt volume (300 MB). For example I use portable Firefox as my browser so that the cache as well as downloaded files are never outside the encrypted volume. I create any files that need, for example tax documents, in the encrypted volume.

by andy329345 (not verified) on 10. November 2012 - 2:18  (102093)

thanks
by hunter (not verified) on 2. November 2012 - 21:29  (101765)

i think sophos free encryption is the best
by philip on 2. November 2012 - 23:49  (101771)

Thanks for your comment hunter. I will evaluate Sophos Free Encryption soon.
by MidnightCowboy on 3. November 2012 - 2:55  (101779)

Looking forward to that. :) I don't use encryption myself but Sophos are one of the most respect names in security software so it will be interesting to see how this performs. MC - Site Manager.
by Mark Yourdon (not verified) on 13. October 2012 - 3:53  (100714)

Great list but you missed to include Conjurers Encrypter, which is very easy to use and also has anti-brute force technology.
http://en.wikipedia.org/wiki/Conjurers_Encrypter
by philip on 13. October 2012 - 4:55  (100717)

Thank you for your suggestion Mark. I explored what I could find online about Conjurers Encrypter. I concluded that with all I found to go on, it fails to fully meet every one of my criteria for selecting a candidate for this software category.
by wllmthms on 7. October 2012 - 20:45  (100453)

I've recently read a recommendation that to securely delete a file, rendering it unrecoverable, you should encrypt it and then use a file shredder. Is there an encryption utility that will encrypt a file and not leave the original, un-encrypted, file intact on the computer?
by richtea (not verified) on 11. November 2012 - 15:39  (102165)

Built into Axcrypt.
by sicknero on 8. October 2012 - 8:07  (100474)

I'd like to mention Androsa File Protector.

Although the last version is 2009 it seems like a fairly powerful app with several levels of encryption to choose from (64bit DES through to 256bit Rijndael AES), and three different options for deleting/securely deleting the original versions of the files you just encrypted. This might fulfill your needs - you could use it to encrypt files and securely delete the originals, although you'd still need another app for securely deleting the then encrypted files, if you see what I mean. (Eraserdrop seems very good.)

It also has options for renaming the encrypted files, and the ability to create self-extracting files too... i.e. files that can be unencrypted anywhere without needing the original app.

It's not a fast program, takes a long time to encrypt a folder full of, say, media files. But then it does have an option to back up each file during the encryption process, a back up which can itself then be deleted. It can also compress the encrpyted files, thus the encryption process can go through several stages with each file which would account for it taking so long.

A disclaimer - I'm no expert on encryption/decryption and thus can't speak for the strength or efficiency of the app. Personally I'd never rely solely on an app like this for security, but I do feel safer using it as one layer, so to speak. It can be portable too.

If you were feeling exceptionally cautious, you could add steganography to the process and hide your files inside picture or music files etc, before you delete and wipe them.