Gizmos Needs You

Gizmo's Freeware is Recruiting

 We are looking for people with skills or interest in the following areas:
 -  Mobile Platform App Reviews for Android and iOS
 -  Windows, Mac and Linux software reviews       Interested? Click here



Best Free File Encryption Utility

In a Hurry?
  Go straight to the Quick Selection Guide

Encryption is a process of encoding information so that it cannot be accessed by others unless they have the key needed to decode it. Encryption is usually used to protect highly sensitive documents, but it's also a good way to stop people from looking at your personal stuff.

Primary encryption utility categories

Why use categories here? To bring a little order to the large catalog of encryption utility reviews at this site. This particular review article is limited to "file (and folder) encryption" utilities. See related categories below.

  1. Encryption utilities that encrypt files/folders directly - the utilities reviewed in this article. These utilitiees encrypt discrete files and/or folders directly, in contrast to utilities that encrypt and store files in volumes (archives, i.e., container files). File-based utilities may operate in batch mode or in on-the-fly mode.
  2. Virtual-drive encryption utilities create volumes (encrypted containers/archives) which can be mounted in the file-system as virtual drives, complete with drive letters, e.g. "V:". These drives can contain both files and folders. The computer's file system can read, write and create documents in real time, directly in cleartext. Virtual-drive utilities operate in on-the-fly mode.
  3. Full-drive encryption utilities encrypt entire storage devices, e.g., hard-drives, drive partitions and USB drives. Some of the utilities in this category can also encrypt the drive that the operating system itself is installed on.
  4. Client-side encryption utilities for the cloud: A newly emerged category. These utilities encrypt files before they are uploaded to cloud sync/storage locations. The files are encrypted in transit and while at rest in the cloud. Cloud encryption utilities employ various forms of virtualization to present cleartext client-side, and they operate in on-the-fly mode.

 Cautionary Notes

  1. Operating systems are messy: Echos of your personal data -- swap files, temp files, hibernation files, erased files, browser artifacts, etc -- are likely to remain on any computer that you use to access the data. It is a trivial task to extract those echos. If you need to protect against access on your hard-drive as well as in transit or externally, this is a hidden access trap.
    For example, when you encrypt and compress files, clear-text versions that existed before you compress/encrypt the file or clear-text copies that are created after you decrypt/decompress it remain on your hard drive. There may also be "Temp" files left behind. Unless you purge -- not just delete -- those clear-text files. :-(
  2. The fact that an encryption program "works" does not mean that it is secure. New encryption utilities often appear after someone reads up on applied cryptography, selects or devises an algorithm - maybe even a reliable open source one - implements a user interface, tests the program to make sure it works, and thinks he's done. He's not. Such a program is almost certain to harbor fatal flaws.
          "Functionality does not equal quality, and no amount of beta testing will ever
          reveal a security flaw. Too many products are merely buzzword compliant; they
          use secure cryptography, but they are not secure." --Bruce Schneier,
          in Security Pitfalls in Cryptography
  3. Further advice about how to use encryption are discussed in Encryption is Not Enough, including what you need to do beyond encryption to be sure your private data is not lost or exposed.

Most if not all of the programs below leave the user exposed to the non-obvious threats described directly above in Cautionary Note #1.

Updated: TrueCrypt once fully met my criteria for selecting encryption software. However, it appears that the developers of TrueCrypt just dropped a bombshell. TrueCrypt recently passed a preliminary independent audit, but this news changes everything. [best synopsis]

TrueCrypt no longer fits the more-tightly-defined scope of this redefined category. You'll find TrueCrypt in the Best Free Encrypted Virtual Drive Utility category.

Sophos Free Encryption is no longer available.

AxCrypt provides secure AES-128 encryption of single files using passwords, and optionally key-files as well, which AxCrypt can generate for you. Usage is wonderfully simple. To encrypt a file or files in a folder, just right-click the file or folder and select "encrypt". Simply double-clicking an encrypted file lets you edit or view it with the program of your choice (you must supply the password). Closing an open file automatically re-encrypts the file. Self-decrypting files are also supported, removing the need to install AxCrypt to decrypt.

Note: The AxCrypt install program now uses Open Candy to bundle/install third party software with AxCrypt. That does not present a real problem - you have the option to opt out of the unsolicited software.

"If you are in need of a plain Windows Installer (.msi) installer package, for example for group policy deployment or if you for any other reason want an installer that is entirely free of the OpenCandy code, please register for an account and log on." ~From the AxCrypt site.

AES Crypt is a simple program that adds a context menu item in the file system context menu. There is no program window as you have for most programs.

You simply right-click the file you want to encrypt or decrypt in the file listing, select the AES Crypt item, and enter your password in a little dialog box. A new encrypted or decrypted version of the file is created. In the case shown, the filename will be Bootstrap.kdbx.aes.

Since the original file is not purged, AES Crypt is best used for situations where you need to upload, email or otherwise move the encrypted file. If you want to prevent access to the unencrypted version file you would need to shred it with a secure erase utility.

The short Users Manual for AES Crypt makes the encryption and decreption processes easy to understand.


Related Products and Links

Related products:

  • dsCrypt works with single or multiple files. dsCrypt is AES/Rijndael file encryption software with simple, multi-file, drag-and-drop operations. It is tiny, easy to use, and employs proven encryption techniques. However, it is an orphan product.

Alternative products:

  • SafeHouse Explorer is a simple, free program that is small enough to use on a USB flash memory drive. You'll find excellent tutorial videos and the users manual at the website, and a screenshot-rich tutorial here.
  • Rohos Mini Drive is a "portable" program that creates a hidden, encrypted partition on USB flash drives.
  • FreeOTFE is an "on-the-fly" disk encryption program that can be adapted for portable use.
  • FreeOTFE Explorer is a simpler companion to FreeOTFE. It does not require administrative rights.
  • Pismo File Mount Audit Package is a file system extension that provides Windows Explorer context menu access to special encrypted files that open to encrypted folders. Applications can write directly to these folders, which helps assure that plain-text copies of the original document are not left behind on your hard drive. Inconvenient fact #2 - The "clear-text" problem provides more details.
  • 7-Zip Portable is a powerful file compression utility that provides 256-bit AES encryption for *.7z and *.zip formats, but the Pismo program above is a better simple encryption solution because it avoids the plain-text problem.

Related articles:

Quick Selection Guide

Runs as a stand-alone program on a user's computer
Right-click integration with Windows Explorer makes AxCrypt the quickest way to encrypt individual files. AxCrypt makes it as easy to open, edit and save encrypted files as it is to work with unencrypted files. Use this one when you want file-by-file encryption that is integrated into the Windows shell.
The install program uses the Open Candy system for bundled third party software. You can decline to install the bundled software if you like.
1.5 MB
32 and 64 bit versions available
Unrestricted freeware
A portable version of this product is available from the developer.
Windows 2000/2003/XP/Vista/7/8

English, Danish, Swedish, German, Dutch, Hungarian, Spanish, French, Italian and Norwegian versions.

AES Crypt
Runs as a stand-alone program on a user's computer
Quick install. Always ready. Simple to use directly from the file system (Windows Explorer; File Explorer in Windows 8). Fast.
Does not remove the original, unencrypted file. AES Crypt can encrypt single or multiple files, but it does not encrypt folders. Installs Microsoft C++ Runtime.
903 KB
32 and 64 bit versions available
Open source freeware
There is no portable version of this product available.
Windows 8, Windows 7, Windows Vista, Windows XP, Mac, and Linux

Requires (installs) Windows C++ Runtime.

This software category is maintained by volunteer editor philip. Registered members can contact the editor with any comments or suggestions they might have by clicking here.

Share this
Average: 4.3 (109 votes)
Your rating: None


by pavinjoseph on 27. April 2014 - 12:46  (115919)

I created a multiplatform Java based Mail and file encryption software myself after the Snowden leaks. Its a free, open source project on SourceForge.

If you want, you can give it a try on SourceForge. Its portable, user friendly and uses RSA 4096 bit and AES 128 bit encryption, supports SMTP and POP, has SHA-1 checksum calc and even an audio recorder.

by BradG59 on 10. February 2014 - 2:58  (114371)

How does Easy File Locker ( compare?

I run a dual boot system with Ubuntu and Windows 7 and I was very surprised (to put it mildly) to find out my hidden/encrypted Easy File Locker Windows files (folder) were openly visable and accessible from Ubuntu.

Then again I was even more shocked to find out these exact same files were also visable and accessible from our Son's network connected Xbox?

I have since moved all these private files to a password protected USB drive.

Do all of these programs suffer from similiar flaws?

UPDATE Just found this on the xoslab website, maybe I should have checked their FAQ first,
"I forgot my password, can i get the protected files back?
Yes, please start your computer into Windows Safe Mode, then all the protected files will be visible and accessible."
...seems pretty pointless to me?

by sicknero on 10. February 2014 - 23:06  (114388)

It's true that freeware folder lockers are on the whole not very secure but you could do a bit better than Easy File Locker.

Wise Folder Hider and Alfa Folder Locker both work even in Safe Mode although they can still be accessed with Linux and probably X-box too though I wouldn't know about that. The problem is as Philip says, that they work by using the Windows O/S therefore are vulnerable to access from non-Windows O/S's.

WFH possibly has an edge because its locked folders are set as "Protected System Directories" and thus remain hidden if Explorer is set to "Show Hidden Files and Folders". Also the folder is renamed to "..." giving you a bit more plausible deniability.

Alfa on the other hand is a bit more transparent I think (i.e. easier to understand what it does) although you do have to hide the folders manually.

None of these are a match for individual encryption though... I guess it's a trade off as locking and hiding a folder with one of these is pretty much instant regardless of how big the folder is, while encrypting a directory can take a long time if there's a lot of stuff in it.

My own favourite for encyption is Androsa File Protector. It's a bit old and unsupported for ages now but it's an excellent tool. It has a selection of encryption levels plus options for secure-deletion of temporary files created during encryption, secure-deletion of source files and scrambling of filenames on encryption. It can also create self-extracting encrypted files which means you don't need the program itself to decrypt the files, just the password.

All three are available as portable versions meaning that you can try them out without needing to install anything.

Wise Folder Hider -

Alfa Folder Locker -

Androsa Portable -

by philip on 10. February 2014 - 14:14  (114383)

As far as any real protection, yes it's pointless. Any 6-yr old who has heard about how these programs simply tell Windows not to display the file in Windows/File explorer could find them. Most 60-yr olds probably wouldn't have a clue, so there is some protection. ;)

by bitman on 30. September 2013 - 2:24  (111099)

The Sophos site does not seem to have the free encryption software listed any more at the linked location for download, just virus, mobile and firewall software.

by philip on 30. September 2013 - 5:23  (111103)

Thanks for the note bitman. I see they have cleaned up their site, and swept up the free encryption utility too. I've removed the listing.

by Greenspace on 15. October 2013 - 22:01  (111506)

Hi. I did a bit of digging and it looks like it is still available but not direct from the Sophos site. Version sfe_2401_sfx.exe can still be downloaded from, etc.

I'm always a bit wary of downloading anything from sites other than the publisher but this does appear to be the original.

by blazeknick on 10. September 2013 - 14:34  (110641)

Thanks for very informative article..however, via googling i found some other tools Silver Key freeware by kryptel, BCArchive (Jetico Product)..too

Would it be possible for you to post any reviews on these products's and con's of these tools..which one is best when compared below..

1. Axcrypt.
2. Sophos Free encryption.
3. BCArchive.
4.Silver Key


by philip on 30. September 2013 - 5:21  (111102)

Thanks for the comment and info blazeknick. Sophos Free Encryption has been discontinued. I'll take a look at BCArchive and Silver Key, and inclode those that fit the scope of this category. AXCrypt is already listed.

by skydynasty on 3. June 2013 - 17:03  (108242)

For those of you who want to remove OpenCandy from Axcrypt:

Extract the Axcrypt Installer with OpenCandy Offer using 7-Zip.
Open the extracted folder and delete $PLUGINSDIR.

This should remove the OpenCandy junk from the installer.

by johnpaul on 27. May 2013 - 15:20  (108068)

I wanted a really simple file encryption program that I could just give it a file or folder, password and that's it.

I tried Truecrypt, knowing it was the king of all encryption software. However, it is not for the lame user like myself, it's very complicated application. So not for everybody.

Then I came across a small utility WinGuard Pro version 2013. I gave it a try, I was impressed. I gave it a folder to encrypt, with password and clicked Encrypt. It told me it was encrypting my files at 128 bit AES - sounds good too me! After a minute it has processed all my files and directories.

I would recommend it for anyone that just needs to get the job done. It was free too, I can keep it on my PC for forever and no charge. Very impressed.

John, London, UK

by sonoffar on 25. April 2013 - 22:48  (107343)

I have been reading about a program called "Rubberhose". It doesn't seem to be active but what I read sounded like it would be the perfect tool for safeguarding information on a computer. Anyone have any experience or information on this program?

by philip on 25. April 2013 - 23:33  (107345)

If this relates to the same program, Rubberhose was written around 2006 by Julian Assange of WikiLeaks infamy. There was little or no follow-through, and the website is now flakey.

It's a good concept, but at the time Bruce Schneier, of encryption fame, had this to say (interpolation mine).

"The devil really is in the details with something like this [it's awfully easy to screw up the implementation], and I would hesitate to use this in places where it really matters. without some extensive review. But I'm pleased to see that someone is working on this problem."

Google "rubberhose deniable encryption" for more.

by Panzer on 11. April 2013 - 7:52  (106986)

GoAnywhere OpenPGP Studio is a free desktop tool that makes it easy to protect sensitive files using the popular Open PGP encryption standard:

by snakyjake on 11. April 2013 - 15:27  (106991)

I've always considered PGP to be more for sharing encrypted files and passwords, when you need to keep the "password" key secret and well managed. I don't share encrypted files with anyone, and don't want the extra overhead. But if you share and don't mind the overhead, then PGP is better. Personally, I even hate managing key files since I have different machines (windows, linux) and don't like losing keys. And if I do share a file, I call them on the phone and give them a password.

by philip on 11. April 2013 - 12:21  (106990)

Hi Panzer. Interesting. I've not included PGP tools in this category because they involve another dimension of complexity, namely key management. That puts them outside an (unwritten) criterion that I've applied when considering products for this category. However, GoAnywhere looks good enough to motivate working out where to put reviews of dual-key (asymmetric) encryption products. I vaguely recall that there some other free products of this kind to consider too. So it's off to work I go.

by mako on 20. December 2012 - 15:53  (103796)

Looking at these encrytion software I wonder how I can protect the encrypted files from corruption. I opened a file that was encrypted with AxCrypt with notepad, made a few changes and saved it again. Afterwards I could not restore that file. Is there an easy way to avoid such a problem?

by sicknero on 20. December 2012 - 16:22  (103797)

What makes you think the file is corrupted? You mean you opened the encrypted file in notepad just to try corrupting it? Maybe try setting it to Read Only.

I've not tried AxCrypt myself, but I've heard that some encryption apps don't like it when an encrypted file is defragmented.

by snakyjake on 30. November 2012 - 22:28  (103137)

Can you please explain the problems 7-Zip has with plain text? I like the idea of not needing to install additional software to get encryption.

The nice part about AxCrypt/Sophos/7Zip is creating a portable .exe. Great for those that don't have the software, but not good for non-Windows users.

What's the difference between a key file and an extremely strong password? A disadvantage of a key file is that it is a file (subject to corruption/stealing/loss). Much rather have a strong password and store it in a way that cannot be easily accessed. Not sure if the key file feature is a big deal or not?

Sophos has a compression option. How well are files encrypted + compressed? It is my understanding encrypted files do not compress.

AxCrypt does not offer compression.

Sophos allowed multiple files within an encryption container.

A nice feature of 7Zip and AxCrypt is being able to open a file without having to decrypt to the file system.

I'm leaning towards 7-Zip because it is one less software to install, free, open source, no adware, compress, executable, AES 256, open file without decrypting to file system (unless it uses a temp folder), highly portable to other OS's. It doesn't securely delete, which isn't that big of deal to me. And you mentioned something about "plain text".

Second choice is AxCrypt because it is cleaner, and I can open a file without decrypting to the file system. If I want multiple files, I can use 7Zip into a container, then use AxCrypt.

by philip on 30. November 2012 - 23:06  (103138)

Hi snakyjake,

I'll answer your first question. Quoting from the article Encryption is Not Enough,

"Using a compression -- e.g. 7-Zip -- program for encryption can be particularly hazardous. Unless you can create, open and save files directly in the encrypted archive you'll leave clear-text version of files behind on the host computer. You must purge (not just delete) those working files. You did know that deleted files are not actually erased didn't you?"

7-Zip simply reads the files you select, encrypts the contents, and adds that now-encrypted content to the archive that it creates. It does not wipe/purge the plain-text files that you selected, or even delete them (which would still leave the plain-text on the drive].

Now if you don't need to protect the original files because you have a way to physically secure the host computer, residual plain-text files wouldn't be a problem.

by Tusnakam (not verified) on 1. December 2012 - 17:34  (103177)

When you create an archive or extract from one using 7zip, it first gather the data to a temporary file which will then be copied to the destination. The temporary file will then be deleted, leaving it hidden on the disk.

by snaiya (not verified) on 23. November 2012 - 16:30  (102799)

first of all, i am new to all these cryptography. so i have some questions. if you have time it would be grateful to hear from you..

1. assume my laptop got stolen but i encrypted the whole drive beforehand. but as logging into my windows only requires windows admin password, if anyone who can bypass windows password either by using portable linux distros or other brute forcing methods can actually gain access to my data. isn't it? so actually how does whole drive encryption protect data theft in case of a theft?

2. if i only encrypt drives other than the installation drive (i.e C: ), what is the state of data protection in case of similar scenario above?

by philip on 23. November 2012 - 19:50  (102810)

Hello snalya,

Answer 1: Yes, the attacker could try brute forcing methods, but here's how you are protected: The whole drive is encrypted. None of the files can be accessed directly until they are first unencrypted. Only the encryption password can provide the key for un-encryption. Windows has nothing directly to do with un-encrypting the files. In fact all the Windows files are encrypted too. So there's no way in, except by using prodigious computing power for a great length of time, provided the password is strong enough.

Answer 2: If you don't encrypt the operating system drive (I assume that's what you mean by "installation" drive), Windows may, and likely will leave plain-text copies of any data you access lying around in temp files, program data files, virtual memory, etc. That's the main reason for using whole-drive encryption, meaning the whole physical drive, not just selected partitions. You might start with the related article "Encryption is Not Enough" (under "Related Articles" above to learn more.

by snaiya (not verified) on 28. November 2012 - 9:22  (103009)

many many thanks for replying. i have also gone through that article- thanks again; it is indeed very informative. now i got some real idea... :-)

by philip on 29. November 2012 - 4:58  (103044)

You're welcome snaiya.

by rhudson (not verified) on 12. November 2012 - 1:43  (102179)

I have been using Sophos Free Encryption and before that Utimaco Private Crypto for years. Glad to see it added. The program can be set to wipe (not just delete) the original file automatically in the options. Although technically not portable I copy the executable to my flash drives and I'm good to go.

by rhudson (not verified) on 13. November 2012 - 1:57  (102225)

When using the uninstalled executable you lose the context menu but the GUI and other features work fine.

by philip on 12. November 2012 - 2:59  (102181)

Hi rhudson,
I think I know why, but I never ran across Sophos Free Encryption in my many quests on the internet. It was even tricky to find where they hide it when hunter mentioned it. It's interesting that you can run it portable.

by rhudson (not verified) on 13. November 2012 - 1:51  (102224)

Originally the program was written by a german firm called Utimaco. It was called Safeguard Private Crypto and was one of the first programs to use AES. It was tweeked and debugged by them until the final form it now has. About the only thing Sophos did was add their own name. The "about" box and several other locations still have the Utimaco name on it. The only difference in the free and paid versions is the free version adds a line to the encrypted file identifying the program and the paid version has tech support.

by philip on 13. November 2012 - 13:22  (102248)

Thanks rhudson, it's interesting to know the back story.