Best Free Encryption Utility for Personal Use at Work

 
In a Hurry?
  Go straight to the Quick Selection Guide
Introduction

Encryption is a process of encoding information so that it cannot be accessed by others unless they have the key needed to decode it. Encryption is usually used to protect highly sensitive documents, but it's also a good way to stop people from looking at your personal stuff.

Programs reviewed in this category are for use in keeping personal information private in situations where you can't install or get access to encryption services. Essentially, you need a program that can be run in portable mode (not installed).

 Cautionary Notes

  1. Operating systems are messy: Echos of your personal data -- swap files, temp files, hibernation files, erased files, browser artifacts, etc -- are likely to remain on any computer that you use to access the data. It is a trivial task to extract those echos.
    For example, when you encrypt and compress files, clear-text versions that existed before you compress/encrypt the file or clear-text copies that are created after you decrypt/decompress it remain on your hard drive. Unless you purge -- not just delete -- those clear-text files. :-(
  2. The fact that an encryption program "works" does not mean that it is secure. New encryption utilities often appear after someone reads up on applied cryptography, selects or devises an algorithm - maybe even a reliable open source one - implements a user interface, tests the program to make sure it works, and thinks he's done. He's not. Such a program is almost certain to harbor fatal flaws.
          "Functionality does not equal quality, and no amount of beta testing will ever
          reveal a security flaw. Too many products are merely buzzword compliant; they
          use secure cryptography, but they are not secure." --Bruce Schneier,
          in Security Pitfalls in Cryptography
  3. Further advice about how to use encryption are discussed in Encryption is Not Enough, including what you need to do beyond encryption to be sure your private data is not lost or exposed.
Discussion

TrueCrypt screenshotTrueCrypt is a seasoned, open-source program that you can run in "traveler mode". That means it doesn't require installation but does require administrative privileges on Windows XP. (I don't know, but suspect that you can use TrueCrypt/Traveler Mode as a standard user in Vista unless UAC is locked down.)  I have used TrueCrypt for several years, primarily in installed mode, but traveler mode works well for me too.

When you run the TrueCrypt installation file it offers to install or just extract the files. The latter choice gives you access to TrueCrypt.exe, which is all you need to operate TrueCrypt in traveler mode. If you have access to another computer where you can install TrueCrypt, you can use the "Traveler Disk Setup..." tool to create self contained secure volumes.

FreeOTFE is an "on-the-fly" disk encryption program written by Sarah Dean. It is open source, and has been under continuing development for several years. If you dig around Sarah's personal website you'll see that she understands encryption and security -- particulary if you read some of her reviews of other OTFE programs.

FreeOTFE includes an excellent user guide (online version here). You can read about all the features there too. I found it simple and straightforward to install and use FreeOTFE. If you don't want it to autostart several system services, you can run FreeOTFE in "portable mode" instead.

Installation is not required for using FreeOTFE, but read on. It does require administrator privileges to install FreeOTFE, but it does to run it after it's installed. Administrator privileges are also required to run FreeOTFE in portable mode, but you can use the associated FreeOTFE Explorer to work around that limitation. Download the *.zip version of FreeOTFE Explorer to use it that way.

FreeOTFE can also be used directly in "portable mode", making it ideal for carrying your data securely on USB devices or smart cards. You'll need administrative privileges to run FreeOTFE in portable mode though. If you are unable to do that, then you should consider FreeOTFE Explorer (below).

FreeOTFE Explorer is a simpler companion to FreeOTFE. It does not require administrative rights. You can create encrypted volumes with FreeOTFE Explorer, or use it to open encrypted volumes created by FreeOTFE. There's one major limitation. The Explorer version of FreeOTFE is not as fully intregated with the file system as FreeOTFE itself. That means that you need to do file operations directly from the program, not from Windows Explorer.

Attach files to an entry.The portable version of KeePass Password Safe is nominally a password encryption program, but you can also attach files to entries, even dummy entries and they'll be encrypted too. Since it runs without administrator privileges it's a good way to protect your files as well as your passwords. I learned about this feature at Lifehacker. I don't know what the limit one file size or total database size, but it's a good way to keep sensitive data private. The procedure to attach a file is not obvious at first (see the "Advanced" tab on the entry window), but it's very easy to do once you locate it.

 

7-Zip Portable is a powerful file compression utility that provides 256-bit AES encryption for *.7z and *.zip formats. It's very easy to use, but has a short, steep learning ramp. Be aware that if you add an unencrypted to a encrypted 7-Zip archive, the unencrypted file must be shredded, not just deleted. Otherwise it will be available to anyone who has access to your computer. Do not edit and save files directly in the archive either as they will not be encrypted.

Related Products and Links

Encryption is Not Enough offers further cautions on encryption, and on what you need to do beyond encryption to be sure your private data is not lost or exposed.

Related products:

Rohos Mini Drive creates a hidden, encrypted partition on USB flash drives. It enables you to work with the files on the hidden partition by using the "portable" program -- which does not require administrative permission -- that it also installs on the USB drive. The learning curve could be daunting for some users.

SafeHouse Explorer is a very simple, free program that PC Dynamics released in 2009. It can be used as a portable program, and is small enough to use on a USB flash memory drive. SafeHouse Explorer does not require administrative privileges. You'll find excellent tutorial videos and the users manual at the website, and a screenshot-rich tutorial here.Showing the<br />             SAFEHOUSE drive in Windows Explorer.

SafeHouse Explorer is easy to use, but it has a flaw that could leave your data exposed. The SafeHouse Explore interface is a pseudo Windows Explorer window, with a few encryption functions included.

The problem is, you cannot create files directly in the interface. That forces you to create unencrypted files outside the volume, and then copy them to the volume. Of course those unencrypted files still reside on your hard drive. There is a "Secure Delete" function to securely delete external files, but you need to remember to always do that.

Fortunately, there's a way around that security hole. If you open a real Windows Explorer window after opening a volume in SafeHouse Explore, you'll find a SAFEHOUSE drive listed there. You can work within that encrypted window -- create files, delete files, edit files, etc. -- just like you would in any other drive. There will be only one copy of your files, and they will never be stored in unencrypted form. If you're careful how you use SafeHouse Explorer, it's a safe, simple program.

A portable version of KeePass is available, and you can store files under the "Advanced" tab of any entry. Your files will be encrypted in the KeePass database, but .NET must be installed on the computer you're going to use the portable version on.

Related encryption categories:

Quick Selection Guide

TrueCrypt
5
 
Gizmo's Freeware award as the best product in its class!

Runs as a stand-alone program on a user's computer
Use this seasoned, widely-used encyption program when you want an encrypted container that mounts as a virtual drive. TrueCrypt's open source status allows the all-important peer review of the source code required for a trustworthy encryption program. "Traveler mode" offers portable encryption.
It takes some time to learn how to use TrueCrypt if you've never used any sort of encryption program before. Requires administrator privileges to run in traveler mode.
http://www.truecrypt.org/
7.1a
3.0 MB
32 and 64 bit versions available
Open source freeware
A portable version of this product is available from the developer.
Windows 2000/2003/XP/Vista/7 Runs on Windows 8, but may not be compatible for full disk encryption; Mac OS X; Linux

Use in "traveler mode" to secure your data on USB devices or smart cards.

FreeOTFE
4
 
Runs as a stand-alone program on a user's computer
Installation is not required, but see cons below. FreeOTFE is simple and straightforward to install and use. You can even build your own copy from the source code if you like. The latest version now includes support for 64 bit systems, smartcards, security tokens, language translations - and more.
Requires administrator privileges to install, but not to run after it is installed. Also requires administrator privileges to run in portable mode, but you can use the associated FreeOTFE Explorer to work around that limitation. See more notes above.
http://www.freeotfe.org/
5.21
2.3 MB
32 and 64 bit versions available
Open source freeware
A portable version of this product is available from the developer.
Windows 2000/XP/Vista/7/8

Use in "portable mode" to secure your data on USB devices or smart cards.

FreeOTFE Explorer
3.5
 
Runs as a stand-alone program on a user's computer
The portable version does not require administrative rights. It is simple to use. Fully integrated with FreeOTFE version.
The portable version is not fully integrated with the file system, so you need to do file operations directly from the program interface, not Windows Explorer.
2.10
2.3 MB
Unrestricted freeware
A portable version of this product is available from the developer.
Windows 2000, XP, Vista and 7
KeePass Password Safe
3
 
Runs as a stand-alone program on a user's computer
Simple, stand-alone program. Unzip the contents of the zip file and run KeyPass.exe. Use to encrypt files as well passwords.
A bit convoluted to use at first, but it's just a matter of learning how to attach a file (see the "Advanced" tab) to an entry.
http://keepass.info/
2.09
1.7 MB
32 bit but 64 bit compatible
Open source freeware
A portable version of this product is available from the developer.
Windows XP/Vista/7
7-Zip Portable
3
 
Runs as a stand-alone program on a user's computer
Very simple to use (but see Con's). Compresses as well as encrypts. Integrates with the PortableApps.com suite (for USB drives). Work directly from Windows Explorer or the user interface.
7-Zip's user interface is simple, but a bit mysterious until you catch on to how to use it. Also, you need to use a workaround if you want to create new files directly in the encrypted archive to avoid leaving an unencrypted file or file remnant behind.
9.2
1.4 MB
Unrestricted freeware
This product is portable.
Windows 95/98/Me/2000/XP/Vista/7, WINE on Linux/UNIX

This software category is maintained by volunteer editor philip. Registered members can contact the editor with any comments or suggestions they might have by clicking here.

Share this
3.76
Average: 3.8 (25 votes)
Your rating: None

Comments

by ZambonieDude on 6. January 2012 - 18:15  (86702)

For File Encryption....

Easy & simple & strong -- Encryption Wizard, at spi.dod.mil/ewizard.htm. ITs Java - no installation needed.

Coming from the Air Force Research Lab it can be trusted more that freeware from lesser-known sources.

by philip on 7. January 2012 - 4:46  (86741)

Looks good ZambonieDude. Probably does everything they claim, and possibly more. Yes, I'm a little paranoid, and I realize the military does not exhibit the same duplicity as the government. But I wouldn't use a free program from the military to encrypt anything I didn't want the government to know about. Just saying...

by Australia (not verified) on 27. November 2011 - 7:35  (83978)

Thank you everyone for a very helpful discussion. I seek the basic task of creating a secure USB folder/partition for my USB files
I have hundreds of files on my USB drives, so individual file encryption is impractical. Unfortunately for such a basic function, after more than 5 years I still am not convinced any of the alternatives are adequate
1)TrueCrypt - excellent program, but needs administrator privileges
2)Rohos Mini Drive - I always read the feedback on different sites. Download.com reviews mention the fact that Partitions may be difficult to delete, and that the program may require administrator privileges
3)OTFE - to avoid administrator privileges, you need to use the OTFE Explorer, and simple file tasks cant be done using Windows Explorer, you have to go through OTFE Explorer. Program sounds good, just not good enough

All the above are just too flaky. The search continues for me. Thanks to everyone :)

by doctorfrog (not verified) on 3. August 2011 - 9:31  (76815)

I just wrestled with using 7zip in the described fashion here, and don't recommend using it, except just to basically encrypt and decrypt files. DO NOT edit and save files directly into the archive itself, unless you do not care whether they are encrypted. Currently using the most recent version of 7zip Portable from portableapps.com.

Here are the problems:

1. Opening a file from within an archive will extract it to a temporary directory within your user profile. In other words, an unencrypted copy of the file will temporarily exist on the host machine. In the case of a crash or other issue, that file may be left behind, unencrypted. This doesn't appear to be alterable.

2. Dragging and dropping a file into an encrypted container will NOT encrypt the file. In fact, it appears to also disable the "encrypt filenames" option for the archive. Files already encrypted in the archive will remain encrypted. I tested this by closing the archive and reopening it: no password prompt for viewing the file list or viewing that file, and checking the file properties from within 7zip reveals that it is not encrypted, though the other files were.

In short, you're better off with a different option, or using 7zip in a more limited fashion.

by philip on 3. August 2011 - 13:54  (76831)

Thanks doctorfrog,

I've updated the entry to take your findings into account.

by Anonymouse (not verified) on 19. February 2011 - 16:24  (66734)

Regarding Rohos Mini Drive..

"The learning curve could be daunting for most users."

I find that statement a little odd, given the above recommendations for TrueCrypt, FreeOTFE and (to a lesser extent) 7-Zip! There are all flexible, powerful and (no doubt) secure programs, but they all suffer from the same usability/confusability issues when placed in the hands of the average user.

For the average user asking them to choose which encryption standard, or cryptographic hash function to use is frankly ridiculousness. Providing them with XYZ esoteric options (even, if in the case of FreeOTFE, where the documentation is extensive) actually tends to reduce the likelihood of the said program being configured and operated securely.

Personally I have found Rohos Mini Drive to be very usable, and easily the best choice when wanting to work with encrypted files in multiple locations (for which it is especially designed). Yes, it's not open source so the encryption algorithms used cannot be verified by experts. For most people though I don't that is of great concern. Most of us simply want an easy to understand, easy to use encryption utility that will protect our data from opportunistic or commercial theft.

by myfolder (not verified) on 17. December 2010 - 18:32  (62838)

myfolder is free software to create password protected folders, website: http://virtual-protect.com/myfolder2.aspx

by philip on 17. December 2010 - 19:53  (62844)

Looks interesting, but MyFolder does not meet the selection criteria -- found here -- for this freeware category.

by myfolder (not verified) on 23. December 2010 - 18:54  (63154)

Ok, I understand why myfolder does'n meet your criteria - because it is not very old and not open source. I'm still thinking about whether to make it open source or not.

But I'd like to notice that using compression utilities for encryption purposes is not secure, because when you decrypt (=decompress) your files, they are written to some temporary location on your hard drive, which is not protected, anybody can copy these files when you use them.
Even when these files are deleted by 7-zip, you still can recover it.

by philip on 23. December 2010 - 23:34  (63164)

Hello again myfolder,

I see from your 2nd and 3rd paragraph that you are aware of some of the implementation hazards that must be avoided in all circumstances. They are one class of the hazards that I refer to in my brief article Encryption is not Enough.

The only way I can imagine that an individual can avoid fatal implementation flaws is to work with a few veteran cryptographers to vet any encryption software. Making a program open source is a good start, but enlisting the seasoned experts may be more difficult.

by tyee (not verified) on 18. August 2010 - 0:13  (56241)

Anyone know of an app that can encrypt a file to an exe, then when run it decrypts to memory, not the hard drive. I have a batch file that unpacks zips and rars recursively until done. It took days to figure out and I don't want to just give it away so that's why I'm looking for an app to do this. I've looked at ***** but the latter just adds the batch file to the end of the exe and it's plainly visible.

Edit: Commercial software references removed

by philip on 4. June 2010 - 15:53  (51212)

Comments here -- the page you're on now -- should be about reviewing software that fits the title, "Best Free Encryption Utility for Personal Use at Work".

Gizmo's Freeware Forum is a better place to get help at this site for problems. More editors watch the forum, and you'll get excellent support there.

http://www.techsupportalert.com/freeware-forum/
http://www.techsupportalert.com/freeware-forum/freeware-forum/
http://www.techsupportalert.com/freeware-forum/general-computer-support/

by Anonymous on 13. April 2010 - 17:07  (47578)

Philip,

Can you take a look at this one...

http://www.wecode.biz/2010/02/protect-me-1011.html

It is called Protect Me! Here is what the site states:

Protect Me! 2010 creates secure executable (.exe) container files to which you can add any files and directories you want to. Your files will be stored securely inside the container file. To ensure a maximum of security, Protect Me! 2010 uses SHA1 for password validation and AES for encryption.
The container file can either run or extract your files once you typed in the right password.

So if I have it right, essential it creates an exe vault. However, the benefit over this then say other vault creating programs is that your vault is just a few KB bigger than your file(s). With other vault creating programs like Cryptainer LE if you put 1 file of 10KB instead a vault of 100MB, the vault still takes up the 100MB of space on your hd.

I would love your comments on it. Thanks

by Anonymous on 18. May 2010 - 7:22  (49869)

Hi all.

I am the author of TheLetterEncrypter.
Someone had listed my app at your site so received some traffic and came to know about you.

I have just released the 2nd version of TheLetterEncrypter
It uses Rijndael Encryption Algorithm.
Its a 14 KB download(rar file and 41 KB extracted)
Single exe file.
Portable.
Simple to use

I'll be glad to hear comments on it.

by MidnightCowboy on 18. May 2010 - 8:45  (49879)

Please see my response to your other post here:
http://www.techsupportalert.com/best-free-file-encryption-utility.htm

by philip on 13. April 2010 - 18:28  (47582)

For what you want Anon (minimum file size), I recommend AxCrypt or dsCrypt -- if you can use them in your work situation.
--Best Free File Encryption Utility

I do not recommend "Protect Me!". I'm sure the author is well intentioned, but there's very little assurance the program is not fatally flawed through naive implementation.

Here's what a seasoned expert has to say about such things:

"Building a secure cryptographic system is easy to do badly, and very difficult to do well. Unfortunately, most people can't tell the difference. In other areas of computer science, functionality serves to differentiate the good from the bad: a good compression algorithm will work better than a bad one; a bad compression program will look worse in feature-comparison charts. Cryptography is different. Just because an encryption program works doesn't mean it is secure. What happens with most products is that someone reads Applied Cryptography, chooses an algorithm and protocol, tests it to make sure it works, and thinks he's done. He's not. Functionality does not equal quality, and no amount of beta testing will ever reveal a security flaw. Too many products are merely "buzzword compliant"; they use secure cryptography, but they are not secure."

--Bruce Schneier, Security Pitfalls in Cryptography

And here's what the author of Protect Me! offers as qualifications:

I'm an 19-year-old student, who lives in Germany. Some years ago i started programming Visual Basic 6, then VB.NET and finally i switched to C#.

My conclusion: Protect Me! is not worth evaluating when there are better alternatives.

Cheers ~ Philip

by Anonymous on 18. May 2010 - 7:27  (49871)

Why do you think a 19 year old is unable to write a good software?

by philip on 4. June 2010 - 15:33  (51204)

It's unlikely that a 19-year-old student would have time to become an expert programmer, (he could easily be that), plus attend school, and at the same time learn the ins and outs of writing bullet-proof encryption software.

To quote Bruce Schneier: "A cryptographic system can only be as strong as the encryption algorithms, digital signature algorithms, one-way hash functions, and message authentication codes it relies on. Break any of them, and you've broken the system. And just as it's possible to build a weak structure using strong materials, it's possible to build a weak cryptographic system using strong algorithms and protocols."
http://www.schneier.com/essay-028.html

It's also unlikely that he has the connections he'd need for in-depth peer review, an essential part of avoiding fatal flaws in this class of software. I'm not qualified to review it myself, so my policy is to avoid recommending programs of dubious provenance.

by Anonymous on 15. June 2010 - 6:37  (52146)

nice... philip.... every new programmer... don't released your software tell your old enough.... sometimes we forget programming is not all about experience... and qualification... programming is an art...

by rik on 15. June 2010 - 10:28  (52155)

Sorry but crypto code is a science, although I'll admit that the interface code is more of a cross between an art and science.

If you don't want the people that don't like you to have your secrets then be clever and don't make their job easy. Sorry to have to state the obvious and before I get bombarded with rubbish, this can be done. Assuming of course that you know how to do it :)

Rik, Category Editor - Best Free Windows 7 / Vista 64 bit Software and Site Technical Support Mananger

by Anonymous on 15. February 2010 - 10:47  (43660)

Hi philip

you wrote this:

I seriously doubt that a 9K encryption program, even if Steve Gibson himself wrote it, would pass the snake oil test. On the other hand, it might be fine for casual use.

Cheers

here: http://www.techsupportalert.com/best-free-file-encryption-utility.htm

Why do you think that a 9K program is not enough.

I found TheLetterEncrypter good enough.

by philip on 15. February 2010 - 15:16  (43670)

I don't know that TheLetterEncrypter is not "good enough". My opinion is based on common sense though.

First, a robust encryption algorithm is not simple, so I imagine that a significant amount of computer code is required to implement it. I don't know offhand of any recognized encryption program that is less than 1.7 MB. Let's just say that a good one could be as small as 0.9 MB though. TheLetterEncrypter -- 9 KB -- is 100 times smaller than that. Even if it were only 10 times smaller, I don't think it would be reasonable to conclude that TheLetterEncrypter uses robust cryptographic methods.

Second, the author describes his algorithm this way: "It features a terribly strong Encryption." That's it. There are no further details to go on. That claim is even weaker than the those that Bruce Schneier identifies as warning signs in Snake Oil, his essay on naive cryptography.

There may be nothing wrong with TheLetterEncrypter for your purposes. I'm not an expert who can evaluate it independently, so it's not a program that I can recommend without further information.

Cheers

by Anonymous on 5. June 2010 - 16:40  (51417)

it says in the site that The Letter Encrypter uses Rijndael Encryption.
I say thats quite good!
it'll give the NSA a run for their money.

by rikmayell (not verified) on 15. February 2010 - 16:38  (43680)

I imagine that Bruce's minimum would be 256 bit AES, although there are circumstances in which 128 bit is harder to crack. You can find details of that story on Bruce Schneier's web site.

The actual AES algoritm can be implemented in less than 9 kb, but that wouldn't be a normal compiled Windows program. That is more the sphere of javascript, text until executed, or embedded code.

Ultimately, if I want your secrets, there are more subtle ways of obtaining them than cracking your encryption :)

Rik Mayell - Category Editor, Best Free Windows 7 / Vista 64 bit Software

by philip on 15. February 2010 - 17:17  (43681)

Thanks for the reply Rik. Yes, a Windows GUI wrapper would add around 10 KB to the algorithm.

I dug a little further and found this dialog in some comments on TheLetterEncrypter site.

Question: I still can't understand which algorithm does it use.
Author's answer: It uses an algorithm designed by me. Its quite strong.

And that's the end of my comments on this program. ;-)
Phil Spohn - Editor for this category.

by Anupam on 15. February 2010 - 18:31  (43687)

The guy who posted about LetterEncrypter must be the author of the program. Obviously, his main motive is to promote the product.
It would have been good, if he just said that this is a program I made, test it out, or review it. But the way it is posted, its about promoting the site, and the software.

by Anonymous on 15. February 2010 - 18:08  (43683)

In case any of you guys haven't noticed TheLetterEncrypter is not 9 KB.
The 9 KB download is a compressed rar file.
The actual executable file is 26 KB.

Well, the screenshots show that the text is changed pretty much.
I don't know if its strong or not, but the concept of the program is nice.

by Anonymous on 22. October 2009 - 10:22  (35237)

TrueCrypt 6.3 just released.

by Anonymous on 10. December 2009 - 1:08  (38160)

truecrypt 6.3a now released

by Anonymous on 22. October 2009 - 10:25  (35238)

Gizmos Needs You

Gizmo's Freeware is Recruiting

 We are looking for people with skills or interest in the following areas:
 -  Mobile Platform App Reviews for Android and iOS
 -  Windows, Mac and Linux software reviews       Interested? Click here