Archive | Encryption Software RSS feed for this section

DropKey for MAC OS X to easily encrypt and email files

/ 28 April, 2012 / Encryption Software / Permalink

MAC OS X file encryption

DropKey is a MAC OS X tool (Lion and above) to easily encrypt and share documents using public/private key encryption, you only have to drag and drop any file you want to encrypt on top of the DropKey icon that appears in the menu bar and it will automatically encrypted, specifying who to send the file to will create a new email message with the encrypted attachment, only the person whose public encryption key has been used will be able to view it.

Your public encryption key is stored in your personal contact record in the Address Book and it can be safely attached to a vcard file (.vcard) to send to your contacts, any file encrypted by a sender using your public key can be opened by you without entering a password. The secret private key in your power decrypts it and makes sure that nobody else can access the file.

It is possible to guard against man-in-the-middle attacks, where an adversary sends the wrong public encryption key making you believe that it is that of your friend so that you encrypt your personal files using it. DropKey can generate 4 random dictionary words with each encryption key, asking the person you are communicating with to verify those words, over the phone or Instant Messenger, will guarantee that it is his key. This is akin to a digital fingerprint, formed of random letters and numbers, DropKey has pursued to make the system easier for the average user by using pronounceable words instead of random characters.

DropKey MAC OS X file encryption

DropKey MAC OS X file encryption

This program is very easy to use and it integrates with your address book, the private encryption key is kept in OS X’s built-in Keychain Access app, to see it you will be asked for the administror password. DropKey can be used to keep personal files encrypted, they don’t have to be necessarily emailed, simply choose a place where to save the file after encryption, multiple files can be encrypted at once, the developer created this app with people wanting to email documents securely and not for those who need secure data archiving, functionality comes accordingly.

No data ever leaves your computer unencrypted, the encryption and decryption process takes places locally, the recipient will need to have DropKey installed but doesn’t have to buy the software just to decrypt data, trial mode decryption never expires. I can foresee a big problem with this app, you won’t be able to communicate with friends using Windows or Linux computers, and for that reason I would advise you against it and go for GPGTools instead, which is compatible with any other OpenPGP software.

Visit DropKey homepage

Notice: This is not a free app.

0 Comments

Judge rules Truecrypt child porn suspect doesn’t have to give up password

/ 25 February, 2012 / Encryption Software / Permalink

 Truecrypt and child porn

A Florida judge ruled that a suspect involved in a child porn case who had encrypted a laptop and five external hard drives with Truecrypt does not have to give up his password because he is protected by the US Constitution Fith Ammendment right not to be a witness against himself.

The man can not be named as he has not be charged with any crime and has now been released from prison where he was being held in contempt of court. John Doe first came to the attention of the police on suspicion of uploading videos of under-age girls to Youtube, the computer IP was traced back to the hotel room where John Doe was staying. According to the ruling it is not enough for the Government to prove that the encrypted drives can store vast amounts of data , the Government would need to show what files are stored inside and the computer forensics expert has admitted that the drives might as well be empty.


This new ruling will help clarify future cases in which someone is compelled to give up his password to law enforcement when requested, at first glance it appears contradictory with an earlier bank fraud ruling where a judge ordered Ramona Fricosu to surrender her password, but they are totally different cases as Ramona Fricosu had been recorded over the phone admitting to hold incriminating evidence inside her encrypted laptop whereas John Doe had never admitted to holding the files the police is after.

1 Comment

Lacie Private-Public AES256 encryption based on Truecrypt

/ 31 January, 2012 / Encryption Software / Permalink

Truecrypt alternative

Lacie Private-Public is a multilingual free encryption program for Windows and Mac computers based on Truecrypt, it comes with Truecrypt license included. What makes it different from Truecrypt is its simplicity of use, while Truecrypt will give you many encryption algorithms and options this tool sticks to the standard AES256 encryption and does not give the user any kind of option, you can create an encrypted virtual drive with just three clicks without reading the manual, which is available online. Encrypted containers are saved with the .lc extension and automatically named “La-Private” inside a folder bearing the same name, the software does not need installation you can carry it with you on a USB thumbdrive, however, administrator rights are still needed.

Encrypted containers larger than 4GB can not be created in FAT32 drives, to achieve this you will have to reformat to NTFS (Windows) or HFS+ (Mac). Anyone familiar with virtual drive encryption software will instantly know how to use this program, after creating an encrypted container you will see a new drive letter appear next to your C: hard drive, anything you store in there will be automatically encrypted.

Lacie Private-Public AES256 encryption

Lacie Private-Public AES256 encryption

To lock the container right click on Lacie’s logo in Windows toolbar and select dismount, to access the data again execute the program and enter the password. The only possible settings are password change, mount encrypted volume as read-only and timed self-dismounting, Lacie Private-Public appears to be directed towards the 100% newbie person that knows nothing about encryption products and is not interested in learning about them or customization options.

The company claims that there is no backdoor, if you forget your password that is it. Full disk encryption has been eliminated, to use this capability you will have to look for something else, the only advantage Lacie Private-Public seems to have over Truecrypt is that it is extremely simple to use and it should not frighten off computer ignorant people.

Note: This software can not run if you have Truecrypt installed, they both use the same drivers.

Visit Lacie Private-Public encryption tool

0 Comments

GPG Tools Windows Privacy Tray review

/ 29 January, 2012 / Encryption Software / Permalink

GnuPG email encryption

WinPT is an open source graphical front end for GnuPG, a compatible OpenPGP software that allows people to exchange encrypted messages and files with other PGP users, without WinPT you would only be able to use GnuPG from the command line which requires a long learning curve, GnuPG is included in the download. After installing Windows Privacy Tray you will be asked to create or import your public encryption keys and associate the program with .asc, .gpg and .sig files. The default extension for encrypted messages is .gpg but this can changed to .pgp in preferences.

All of the needed GPG/PGP functions are available, setting up your preferred keyserver, importing and exporting keys, setting ownertrust, revoking keys, digitally signing messages or files and others. Hotkeys can be used to quickly encrypt and decrypt messages.

public key GPG encryption WinPT

public key GPG encryption WinPT

The software includes plugins for Euroda and Outlook Express, key management, and encryption and decryption of text in Windows clipboard. WinPT is a good alternative to GPG4Win, another free OpenPGP compatible tool, I did not notice too many differences in between them, WinPT is lighter and a smaller download, and GPG4Win has a few more features like Claws Mail and a bigger community. You will still need to learn how public key encryption works, this software is not as automated as Enigmail, a GPG Thunderbird plugin, but it can be used to encrypt files and text outside of your email client to store them online for example, so it has more functions. To protect against brute force attacks it is much safer using an encryption key and a password than just a password.

If you are looking for a free alternative to the expensive Symantec PGP Desktop, more suitable for businesses, WinPT will get the job done, an easy and simple way to send encrypted messages or attachments by email with the power of OpenPGP.

Visit Windows Privacy Tray homepage

0 Comments

Idoo file encryption freeware review

/ 2 January, 2012 / Encryption Software / Permalink

Encryption I don’t trust

Idoo file encryption can lock, hide and encrypt files using AES256, you will be prompted to enter the masterpassword after installation, and optionally, an email address to recover your password in case you forget it. You can lock and hide files using the interface, but not single file encryption, this can only be done through Windows context menu, I used it to encrypt a file and it did not ask me to confirm my password, you will have to be very careful what you type if it is a long passphrase, I would advise you to tick the box to see the password you are entering and do not use asterisks.

Hiding a couple of photos worked fine, Windows was unable to see them, however, specialist computer forensics software, of the kind used by law enforcement and well funded investigators should be able to discover them, to make the photos or files visible again all that is needed is unchecking a tickbox. File write protection stopped me from erasing files where it had been applied, not even using administrator rights I was able to get around it, Idoo file encryption is fairly easy to use and you have an online help manual with screenshots.

This tool saves encrypted files as .gfl but you can choose to use a .exe extension to be able to decrypt them without the software, files can securely wiped after use and you can use it to hide drive letters, like an external plugged in device, but I doubt this will be of use for a home user who isn’t on a network.

Idoo file encryption free version

Idoo file encryption free version

I am very concerned about the password recovery feature, I used it once and I was sent my password in plain text to my email Inbox, this indicates to me that the password must be available in plain text somewhere, normally, encryption software never stores a readable password, it uses a hash algorithm instead, Idoo file encryption did not inspire me confidence due to this. I have nothing against password recovery but not this way, a good example of password recovery done right is SpiderOak, they email a password hint that the user has previously set himself, but not the full password in plain text as nobody has access to it.

The developers website comparison in between the Free and Pro version mentions that the Free version is good enough for company documents and the Pro version for Government agencies and financial data, in reality the level of encryption it is exactly the same, the only difference is that the Pro version can encrypt folders, their comparison is not quite right, adding that their password recovery in plain text really blows me away, unless you only want to protect from your little niece spying on you, I wouldn’t waste my time with this product, lets alone any money.

Visit Idoo Encryption homepage

0 Comments

Create an encrypted virtual drive with CloudFogger

/ 1 January, 2012 / Encryption Software / Permalink

 Easily share encrypted files

CloudFogger is all in one encryption solution to encrypt and share your documents, it uses AES256 and public key RSA to secure the data,it can be used to encrypt your cloud storage documents before uploading them. During installation you will get a Windows warning saying that the driver publisher signature could not verified, it is ok to carry on installing the software as long as you downloaded it from the official website. You will need to reboot your computer and CloudFogger will prompt you to create an account for which you will have to facilitate an email address that needs to be verified using a code, the process shouldn’t take more than a couple of minutes.

After your CloudFogger account has been created you will notice a new letter on your computer hard drive (:X), anything you store there will be automatically encrypted and only accessible while your are logged into your CloudFogger account, it works like the encrypted virtual drives created by Truecrypt, what CloudFogger adds is easy sharing allowing you to add email addresses of people who can access the file, and single file encryption using the extension .cfog.

CloudFogger virtual drive encryption

CloudFogger virtual drive encryption

Any single file you encrypt is automatically stored in the virtual drive, when you double click on a .cfog file it will not decrypt, you will have to right click for that,  everything works integrated with Windows right click mode, there is no interface. CloudFogger claims it doesn’t create temporary files hence being more secure than encrypting using other applications, but if you view a file using an external application (e.g. Windows Media Player) a temporary back up file could be created and there is nothing CloudFogger can do about it.

CloudFogger has some time saving advantages over traditional on-the-fly encryption,right click integration and not needing to enter a password to encrypt the file while you are logged into your account, it can also securely wipe files which is something that normally requires separate software, and it makes it easy to share encrypted files the same way like SpiderOak does, but I did not find this encryption tool very intuitive to use, it think that you will have to read the manual to understand how everything works, it shouldn’t take long thought, and a first steps guide is included. This software does not support any kind of anonymity, everything works through email addresses  (sender&receiver) which are obviously traceable.

Note: Windows version is still in beta, there are plans to make an Android, iOS and Mac version.

Visit CloudFogger homepage

1 Comment

GPG4Browsers encrypts webmail using OpenPGP

/ 23 November, 2011 / Encryption Software / Permalink

Webmail PGP encryption

GPG4Browsers is a Javascript implementation of OpenPGP that can be used to encrypt and decrypt webmail, at the moment it is only available as a Google Chrome extension and it only works with Gmail, using HTML5 for local storage of public and private encryption keys, GPG4Browsers supports all encryption ciphers (AES, Twofish, TripleDES, CAST5, Blowfish) and hashing algorithms (SHA, MD5, RIPEMD160) supported by OpenPGP specifications (except IDEA). It can be used to digitally sign messages using standard public/private RSA, DSA or ElGamal asymmetric cryptography, however it can not create signing keys, you will have to import them. GPG4Browsers is not available in the Chrome Web Store, it needs to be manually installed following the instructions in Recurity Labs website

GPG4Browsers webmail OpenPGP encryption

GPG4Browsers webmail OpenPGP encryption

Its main features are encryption and description of messages, signing and verifying of message signatures, and the importing and exporting of certificates. Unlike GnuPG, it can not compress data, this can be a problem to create messages compatible with GnuPG, the whole idea of using standard OpenPGP encryption is that it does not matter what software people is using to encrypt and decrypt email as long as they use OpenPGP specifications they should be able to communicate. The developers advise that to create a GnuPGP compatible messages you add the option –compress-algo none in settings.

Although lacking features and restricted to Gmail encryption right now, being an open source project open to everyone for improvements this applications has the earmarks of being promising, if someone can manage to port it to other Internet browsers and support other webmail providers it should be quickly adopted, a GPG Javascript tool like this one can be used in portable browsers, and it does not require administrator rights or installing anything in your computer which is a big bonus.

Note: GPG4Browsers is a prototype still in development, treat with caution.

Visit GPG4Browsers homepage

0 Comments

Chrome browser plugin Crypter encrypts text&files

/ 21 November, 2011 / Encryption Software / Permalink

Chrome browser privacy plugin

Lazar Crypter is a Chrome app encryption plugin that ciphers text and files with the standard AES256 cipher, to encrypt the files or text data does not need to be uploaded to any server, encryption is carried out in the browser using Javascript, this makes man in the middle attacks impossible as well as stopping any remote vulnerabilities on a server relied on for encryption. The size of encrypted files is limited to a few Megabytes due to the plugin saving it as data URI.

Lazar Crypter Chrome browser encryption plugin

Lazar Crypter Chrome browser encryption plugin

To use this encryption plugin simply copy and paste any text inside the box, or upload a file from your computer hard disk selecting it, enter a password and click on “Encrypt”, you can then copy the resulting ciphered text to a webmail message, the receiver will need to have the same Crypter plugin installed or use a web based encrypt and decrypt form implementing the Lazar Crypter and located in the Lazar homepage and click on the “Decrypt” button after entering the password.

This can be a good plugin for those who travel as it could be added to a portable Chrome browser, the only problem is that your friend will need to have it too.

Visit Lazar Crypter Chrome web store

0 Comments

Review file encryption program ProtectOrion Data Safe

/ 14 November, 2011 / Encryption Software / Permalink

Secure AES encryption software

ProtectOrion Data Safe is an user friendly file encryption software made by an Austrian company, after installing it you will be prompted to create a masterpassword, a password strength meter will let you know how secure your password is, the user is forced to enter a password made up of a combination of letters and numbers or special characters, otherwise it will be rejected for being too weak.

ProtectOrion main window is very informative, a toolbar above lets you know the full file path where data is being stored in Windows, and below you are shown the remaining free hard disk space and encrypted database size. Through the interface you can create folders where to classify your encrypted data (files and folders), just like you would do working on your operating system but with the data encrypted, a wastebin securely keeps any files you erase in case you change your mind.

ProtectOrion file encryption software

ProtectOrion file encryption software

A Windows widget, called SafePad, holds over your desktop at all times if you choose so, it can be used to drag and drop files or full folders for automatic encryption with the AES256 cipher (used by many government agencies and banks), after dragging a file you can choose in what encrypted folder you would like to place it, ProtectOrion options allow you to specify if the original file should be securely wiped after encryption or only copied, leaving the original file intact, the software can be set to autolock after a preset time or manually locked if you need to go away from your computer, the encrypted database can easily be backed up anywhere you like and restored.

Another feature is a password manager where you can create groups of passwords, usernames and URLs, all nicely put together, you can paste passwords to the clipboard with a single click, for security, the passwords are automatically erased from the clipboard after 15 seconds. There is a portable version of this software that can be installed on a USB thumbdrive with ProtectOrion ToGo (7MB), encrypted passwords can be synchronized in between the desktop and USB thumbdrive.

Most of the software functions are intuitive but a complete well structured PDF manual is included anyway, my main concern with this software is the existence of temporary files when you open them, a common Windows problem is that the operating system can create automatic unencrypted backups of photos or documents you are viewing in hard to find places.

Freeware encryption ProtectOrion

Freeware encryption ProtectOrion

Protectorion Data Safe claims to securely wipe files after adding them to the encrypted database but besides the fact that it stops data recovery software, they do not mention anywhere what method and how many wipes they use.

I think this could a good program for people who want something very easy to use with no learning curve, an eye candy interface and have very low security needs, if your opponent is someone well funded stay away from this encryption software, I saw decrypted temporary files created on the hard disk while the safe was open, once you close the encrypted safe the temporary files vanish, but I don’t know if they are securely wiped or not, there is no information about this anywhere.

Other encryption programs (Safetica, DiskCryptor, etc) create encrypted virtual drives where to store the data, that appears to me a far more secure solution than encrypting and decrypting every single file when you view them, even if they were wiped, the data leakage risk is still higher, the more files need to be wiped, the easier it is something can go wrong (ie computer crash leaving files decrypted before they have been erased).

ProtectOrion is the living example of why just because certain encryption software is using an unbreakable cipher like AES256 does not mean it is secure, how encryption is implemented needs to be considered too.

Note: The free version of this software is limited to 100 files and 5 passwords, a popup window invites you to upgrade your version when you open the software.

Visit Protectorion Data Safe homepage

0 Comments

Use PGP encryption on a Mac computer with GPGTools

/ 30 October, 2011 / Encryption Software / Permalink

Apple Mac OS X email encryption

GPGTools is an open source free alternative to PGP, this OpenPGP port for Mac OS X computers includes MacGPG2, GPGMail, GPG Key Chain and Mozilla Enigmail for Thunderbird all in a single .dmg package, you can use the software to exchange encrypted messages with any computer user, including Windows and Linux users. A mobile version of GPGTools works in any mobile device which Internet browser is based on WebKit and has javascript enabled, this includes the iPhone&iPad (Safari) and Android (Chrome).

Like PGP, GPGTools encrypts and digitally signs your data before sending it over the Internet, if you know how public/private encryption key works it will only take you a couple of minutes to master GPGTools, it provides you with a nice front end for GnuPG and bells and whistles like the Enigmail plugin. You will need to understand the concepts behind digital signatures and public/private encryption keys before using it, a well worth time investment for anyone who cares about computer privacy and security.

GPGTools Apple Mac email encryption

GPGTools Apple Mac email encryption

You don’t have to use Thunderbird for encrypting emails, Apple Mail works with GPGMail to decrypt and encrypt messages, which one you use is up to you. GPGKey Chain Access lets you store and edit encryption keys, essential to create key pairs, GPGTools is very similar to GPG4Win, another open source OpenPGP implementation for Windows users only.

The expensive business focused PGP software sold by Symantec includes full disk encryption and secure data wiping, home users can get all of those features without spending a dime by using three different tools, GPGTools to encrypt/decrypt email, Truecrypt to fully encrypt your Mac computer hard disk and EdenWaith Permanent Eraser to securely shred your private files.

Visit GPGTools homepage 

0 Comments