GPG4Browsers Merged with OpenPGP.js a Javascript implementation of OpenPGP that can be used to encrypt and decrypt webmail, at the moment it is only available as a Google Chrome extension and it only works with Gmail, using HTML5 for local storage of public and private encryption keys, OpenPGP.js supports all encryption ciphers (AES, Twofish, TripleDES, CAST5, Blowfish) and hashing algorithms (SHA, MD5, RIPEMD160) supported by OpenPGP specifications (except IDEA). It can be used to digitally sign messages using standard public/private RSA, DSA or ElGamal asymmetric cryptography, however it can not create signing keys, you will have to import them. OpenPGP.js is not available in the Chrome Web Store, it needs to be manually installed following the instructions in Recurity Labs website
OpenPGP.js webmail OpenPGP encryption
Its main features are encryption and description of messages, signing and verifying of message signatures, and the importing and exporting of certificates. Unlike GnuPG, it can not compress data, this can be a problem to create messages compatible with GnuPG, the whole idea of using standard OpenPGP encryption is that it does not matter what software people is using to encrypt and decrypt email as long as they use OpenPGP specifications they should be able to communicate. The developers advise that to create a GnuPGP compatible messages you add the option –compress-algo none in settings.
Although lacking features and restricted to Gmail encryption right now, being an open source project open to everyone for improvements this applications has the earmarks of being promising, if someone can manage to port it to other Internet browsers and support other webmail providers it should be quickly adopted, a GPG Javascript tool like this one can be used in portable browsers, and it does not require administrator rights or installing anything in your computer which is a big bonus.
ProtectOrion Data Safe is an user friendly file encryption software made by an Austrian company, after installing it you will be prompted to create a masterpassword, a password strength meter will let you know how secure your password is, the user is forced to enter a password made up of a combination of letters and numbers or special characters, otherwise it will be rejected for being too weak.
ProtectOrion main window is very informative, a toolbar above lets you know the full file path where data is being stored in Windows, and below you are shown the remaining free hard disk space and encrypted database size. Through the interface you can create folders where to classify your encrypted data (files and folders), just like you would do working on your operating system but with the data encrypted, a wastebin securely keeps any files you erase in case you change your mind.
ProtectOrion file encryption software
A Windows widget, called SafePad, holds over your desktop at all times if you choose so, it can be used to drag and drop files or full folders for automatic encryption with the AES256 cipher (used by many government agencies and banks), after dragging a file you can choose in what encrypted folder you would like to place it, ProtectOrion options allow you to specify if the original file should be securely wiped after encryption or only copied, leaving the original file intact, the software can be set to autolock after a preset time or manually locked if you need to go away from your computer, the encrypted database can easily be backed up anywhere you like and restored.
Another feature is a password manager where you can create groups of passwords, usernames and URLs, all nicely put together, you can paste passwords to the clipboard with a single click, for security, the passwords are automatically erased from the clipboard after 15 seconds. There is a portable version of this software that can be installed on a USB thumbdrive with ProtectOrion ToGo (7MB), encrypted passwords can be synchronized in between the desktop and USB thumbdrive.
Most of the software functions are intuitive but a complete well structured PDF manual is included anyway, my main concern with this software is the existence of temporary files when you open them, a common Windows problem is that the operating system can create automatic unencrypted backups of photos or documents you are viewing in hard to find places.
Freeware encryption ProtectOrion
Protectorion Data Safe claims to securely wipe files after adding them to the encrypted database but besides the fact that it stops data recovery software, they do not mention anywhere what method and how many wipes they use.
I think this could a good program for people who want something very easy to use with no learning curve, an eye candy interface and have very low security needs, if your opponent is someone well funded stay away from this encryption software, I saw decrypted temporary files created on the hard disk while the safe was open, once you close the encrypted safe the temporary files vanish, but I don’t know if they are securely wiped or not, there is no information about this anywhere.
Other encryption programs (Safetica, DiskCryptor, etc) create encrypted virtual drives where to store the data, that appears to me a far more secure solution than encrypting and decrypting every single file when you view them, even if they were wiped, the data leakage risk is still higher, the more files need to be wiped, the easier it is something can go wrong (ie computer crash leaving files decrypted before they have been erased).
ProtectOrion is the living example of whyjust because certain encryption software is using an unbreakable cipher like AES256 does not mean it is secure, how encryption is implemented needs to be considered too.
Note: The free version of this software is limited to 100 files and 5 passwords, a popup window invites you to upgrade your version when you open the software.
GPGTools is an open source free alternative to PGP, this OpenPGP port for Mac OS X computers includes MacGPG2, GPGMail, GPG Key Chain and Mozilla Enigmail for Thunderbird all in a single .dmg package, you can use the software to exchange encrypted messages with any computer user, including Windows and Linux users. A mobile version of GPGTools works in any mobile device which Internet browser is based on WebKit and has javascript enabled, this includes the iPhone&iPad (Safari) and Android (Chrome).
Like PGP, GPGTools encrypts and digitally signs your data before sending it over the Internet, if you know how public/private encryption key works it will only take you a couple of minutes to master GPGTools, it provides you with a nice front end for GnuPG and bells and whistles like the Enigmail plugin. You will need to understand the concepts behind digital signatures and public/private encryption keys before using it, a well worth time investment for anyone who cares about computer privacy and security.
GPGTools Apple Mac email encryption
You don’t have to use Thunderbird for encrypting emails, Apple Mail works with GPGMail to decrypt and encrypt messages, which one you use is up to you. GPGKey Chain Access lets you store and edit encryption keys, essential to create key pairs, GPGTools is very similar to GPG4Win, another open source OpenPGP implementation for Windows users only.
The expensive business focused PGP software sold by Symantec includes full disk encryption and secure data wiping, home users can get all of those features without spending a dime by using three different tools, GPGTools to encrypt/decrypt email, Truecrypt to fully encrypt your Mac computer hard disk and EdenWaith Permanent Eraser to securely shred your private files.
DiskCryptor download is a tiny 750Kb, after installing it you will need to reboot the computer, you might notice that its 64bit drivers come signed by the ReactOS foundation a non for profit organization assisting open source projects not able to acquire an expensive signing certificate to distribute Windows 64bit drivers.
Encrypting my Windows 7 Home Premium 64bit OS, with a fairly powerful Intel i5 2200Hz (quad core) absorbed very low CPU, a steady 7% of the available resources, it took me 20 hours to encrypt a 1TB hard drive, it would have been considerably quicker using just the AES algorithm instead of the cascade algorithm I selected.
DiskCryptor lets you know how long it will take to encrypt your operating system, you can still work with your computer while it is being encrypted, I advice you to temporarily disable power management in Windows and set it to always on, Windows will not notice the hard disk being encrypted and send the OS into hibernation mode believing the computer is inactive, if this happens full disk encryption will stop and only resume once you switch the computer back on, I have found this problem to occur with both DiskCryptor and Truecrypt, more of a Windows problem than to do with the full disk encryption software.
Diskcryptor lets you benchmark the encryption ciphers (Tools>Benchmark) if you have a low spec CPU and are in a hurry you can choose the cipher that performs best in your system, AES was the quickest for me, by quite a lot of difference in contrast with Twofish and Serpent, once the OS has been encrypted it doesn’t matter what cipher you used to encrypt it, performance will be the same. You can benchmark ciphers in Truecrypt too but since only AES can be used for full disk encryption there is no point in doing it.
DiskCryptor encryption keyfile
Truecrypt will ask you to enter your password after rebooting your computer before encrypting your operating system, DiskCryptor will not, it assumes you entered the passphrase correctly twice as asked and did not make any mistake. When using special signs in your password be aware that in booting up your computer the keyboard has a US layout that will not correspond with a non US keyboard, I searched for a photograph of US keyboard layout on the Internet to make sure there would be no mistakes about what keys to pres.
Unlike Truecrypt, DiskCryptor bootloader is highly configurable, I have my own (Ascii) logo at logon and I instructed DiskCryptor to time out after 30 seconds of inactivity at which point the computer reboots, other options like halt and exit to BIOS are possible. Using DiskCryptor keyfile for full disk encryption is something possible and not supported by Truecrypt, a keyfile will thwart dictionary attacks on your passphrase but this keyfile can not consist of anything it has to be a 64 byte file generated by DiskCryptor.
Windows 7 FDE specific problem
Unlike Vista, XP and lower Windows versions, when you use a whole disk encryption product on Windows 7, or installing a dual boot, you will notice that Windows 7 automatically creates a 100MB system reserved partition, 24MB contains actual data the rest is there for future use like Bitlocker or system restore, this partition is hidden by Windows and only visible using a live CD or through DiskCryptor or Truecrypt interface.
Windows 7 100MB hidden system partition
Windows 7 system reserved partition contains some necessary boot files, do not attempt to encrypt Windows 7 system reserved partition like I did because the computer will not boot! There are hacks around to merge that partition with the main Windows 7 operating system, I managed to do it partioning the hard disk with PartedMagic before installing Windows 7 and ignoring Windows installation DVD asking me to create the system reserved partition, everything worked fine until I fully encrypted Windows 7 without the system reserved space and the computer refused to boot.
If you would like to use whole disk encryption in Windows 7 there is no choice but to give in and allow Windows to create the unencrypted 100MB system partition, this shouldn’t be a problem regarding data leakage, you can view the files it contains with a live CD, I managed to see a bootsect.bak file, bootmgr, and System Volume Information folder and a few others with no obvious danger.
Truecrypt vs DiskCryptor comparison table
TRUECRYPT
DISKCRYPTOR
Open source license
Truecrypt own license
Standard Linux GPL license
Forces you to burn a recovery CD
YES
NO (optional)
Works with RAID volumes
YES
YES
Hidden operating system
YES
NO (pseudo)
Cross platform (Windows, Linux and MAC)
YES
NO
Option of cipher for full disk encryption
AES,Twofish,Serpent & cascades
AES,Twofish,Serpent & cascades
Supports keyfiles for full disk encryption
NO
YES
Can place bootloader on external device
NO
YES
Can create single encrypted containers
YES
NO
Portable mode
YES (admin rights)
NO
Encryption of external devices (USB,etc)
YES
YES
Plausible deniability
DiskCryptor does not support the hidden operating system feature that Truecrypt has but allows you to install the bootloader on an external device, ie. USB thumbdrive or CD-Rom, that is where the files giving away that the operating system has been encrypted and what software has been used for that are stored, if anyone seized your hard drive it would be possible to claim that it has been wiped clean as no identifiable information can be extracted from the HDD other than random data and there is no boot loader.
Plausible deniability appears more sound than Truecrypt hidden operating system, if you give away the password for the non hidden OS in Truecrypt, the timestamps and las activities could give away that the computer has not been used for a long time.
DiskCryptor full disk encryption
A computer with no operating system and a wiped hard disk will look very suspicious, claims that it was wiped the day before would be held with incredulity but hard to prove it didn’t happen. Even better, I came across a thread in DiskCryptor forums to have a dual OS system where one of the Windows OS will only boot with the USB thumbdrive plugged in and when not present the other OS will boot, this set up makes one of the partitions look like random data and not like 2 operating systems on one hard disk.
Conclusion Truecrypt vs Diskcryptor
If you have a tablet or netbook without a CD-drive go for DiskCryptor because Truecrypt forces you to burn a recovery CD (there is a work around using CD-drive virtualization software, i.e. Alcohol 120% or using the command line /noisocheck).
If you would like to be able to open encrypted external devices using Linux or MAC go for Truecrypt as DiskCryptor is a Windows only program, if you want to create single encrypted containers go for Truecrypt as DiskCryptor can’t do that.
Something in which Truecrypt beats DiskCryptor is in documentation, Truecrypt manual is very complete and DiskCryptor consists of an incomplete online Wiki, DiskCryptor can make up for this showing off the ‘Blue Screen’ feature, a way to quickly crash your fully encrypted computer allowing you to set the quick emergency shutdown to any hotkey shortcut you like.
Security wise, both Truecrypt and DiskCryptor have the same credentials with their source code open to scrutiny and none of them reviewed by any qualified cryptographer, overall, DiskCryptor has more configuration features than Truecrypt, and Truecrypt is better at cross platform compatibility.
Secure Archive is a file encryption, data compression and file wiping utility suitable for individuals and businesses alike, it is simple and easy to use with right click integration and drag and drop, unlike other compression programs with encryption, like WinZip or WinRar, Secure Archive allows for high customization of encryption, you can choose to secure your files with Advanced Encryption System (AES), aka Rijndael, Blowfish, a patent free encryption algorithm, or NASCLL which appeared to be a proprietary encryption cipher of which the help file did not included any information at all, you will be better off using one of first two ciphers as they are tried and tested.
This free file encryption program options allow you to choose by how much data should be compressed (none, low,high), I failed to see its usefulness as I would imagine everyone wants it set at a high compression, the default setting, but no harm in including that. When you encrypt a file Secure Archive will let you know the password key strength in bits as you type together with a message saying if it is an acceptable password or not, in advanced options you can select what metadata should be saved together with the encrypted file, for example, time stamps, file attributes, CRC file integrity, you can choose to wipe the original file after encryption too.
Secure Archive encryption file utility
The only shortcomings I found in Secure Archive is that the help manual failed to mention anything about their NASCLL encryption method, the secure wipe window could not be resized and it did not have a progress bar, it puzzled me that the developers claim that file wiping is being implemented using the standard US Department of Defense 5220. 22-M method which consists of a three wipe pass, but Secure Archive data wiping window indicates a single secure delete pass by default, my wild guess here is that it could mean a 1 time US DoD 5220.22-M data wiping pass but I can’t really be sure.
Secure Archive encrypted file properties
Secure Archive can be a good alternative to AxCrypt, useful for anyone in need of a free program to secure single files before emailing them, the .SAef file extension will confuse the other end, you both will have to be using the same software unless you create an encrypted self-extracting file which Secure Archive can do, data compression appeared to perform well, it managed to reduce my the seize of my WordPerfect document by 70%, I compressed the same file using WinZip .zip method and it compressed it by 71%, pretty much the same result.
If you are afraid that someone can guess your password using a brute force attack, Secure Archive lets you create what they call a HardKey, called keyfile in other software like Truecrypt, you can secure your compressed file with a password and a HardKey needing both to open it, something you know and something you have, but this HardKey can not be anything you like, it needs to have been created with the Secure Archive and anyone coming across it will know what it is for but it can enhance your security when emailing confidential documents if these happen to get intercepted or end up in the wrong inbox.
This open source cross platform program will encrypt text messages using a wide range of algorithms to choose from, AES, Blowfish, ARC2, CAST, 3DES or RSA using your own public encryption key, text compression with Zlib or Bz2 can be performed before encryption.
Scramble-Egg has a portable version to take it with you in a USB thumbdrive, needing 20MB of space, the software doesn’t need any administrator rights or special plug ins to run, it is an ideal portable encryption tool, the resulting encrypted text can be saved as XML, Json, UU or a .png image, a “No tags” option can be turned on and off depending on if you want the receiving end to know algorithm combination has been used leaving an attacker intercepting the encrypted message wondering what kind of file it is as it doesn’t have any identifying sign giving away what tool has been used for encryption, in order for someone to decrypt the message, besides the password, they will also need to know the cipher combination, if you eliminate tags you will have to inform the receiver about the used combination.
You can copy the ciphered text and send it by email, paste in a document or post it to a Usenet group, encryption is performed in real time slowing down your computer as you type with the CPU load spiking implementing the encryption algorithm, as soon as you add a character or change some setting you will see the resulting ciphered text straight away on the second pane.
Scrambled Egg text encryption software
For covert communications you could easily embed a small encrypted text message in a webpage HTML code and in the event that anyone looked at the source code, which few people do, they would not be able to work out what the message says or what has been used to cipher it, the advantage of embedding an encrypted message on a website as opposed to sending it is that if the website has lots of traffic, it becomes impossible to know who received/read it.
The help file is very basic and it could be improved, Scrambled Egg is easy to use but it appears to assume that people using it already understand what each one of the compression and encryption algorithms mean as the instructions do not explain anything about them, I would recommend you use AES for encryption as it is a standard algorithm widely reviewed by cryptographers and regularly tested for weaknesses. My favourite feature is that Scrambled Egg works in Windows, Linux and Mac, this makes it easy for your friends to use this encryption tool regardless of their operating system.
This small free open source software will encrypt single files using using Windows context menu, it uses AES256bit algorithm for encryption and it is very easy to use. You only need to select a file, or multiple files, right click and select “Encryt” or “Decrypt” from the context menu, you can also decrypt a file by double clicking on it.
Lazar Crypter Windows file encryption
Lazar Crypter will save encrypted files with its own file extension, .icr, encryption of multiple files at once is possible, but no multiple file decryption, this could be because each single file should have its own unique password. This program is lightweight on resources, only 400Kb in size, there is no help file and you don’t need one, encryption can not get any easier than this, if you know how to copy and paste a file then you know how to encrypt and decrypt.
Lazar Crypter could come in handy to email an encrypted file to someone who also has the program but it is not very useful to store encrypted files in your hard disk because temporary and original data is not wiped, you will need a data wiper if you are going to use this program to guard stored files in your hard disk from unwanted eyes.
