The Five Best Tools to Encrypt Files
Keeping your personal data safe doesn’t have to be difficult as long as you keep sensitive data encrypted and under your control. That’s why this week we’re taking a look at five of the best file encryption tools you can use to encrypt data locally, so only you have the key.
Earlier this week, we asked you to list your favorite file encryption tools , and you gave us many great nominations, but as always, we only have room for the top 5.
For the purposes of our review, we focus on desktop file encryption tools – those you use on your own computer to encrypt your personal data, not cloud services that promise to encrypt your data, or business services that claim to offer encryption. … The goal here is to find the best tools you can use to lock your sensitive files – be it photos, financial documents, personal backups, or whatever – and keep them locked so only you have the key. For those unfamiliar with this topic, we have a great guide on how encryption works and how you can use it to protect your data.
So, here are your top five in no particular order:
VeraCrypt (Windows / OS X / Linux)
VeraCrypt is a fork and successor of TrueCrypt that was discontinued last year (more on them later). The development team claims they have fixed some of the issues that were raised during the original TrueCrypt security audit, and like the original, it’s free with versions available for Windows, OS X, and Linux. If you’re looking for a file encryption tool that works like TrueCrypt and reminds you, but not quite TrueCrypt, then here it is. VeraCrypt supports AES encryption ciphers (the most commonly used), TwoFish and Serpent, supports the creation of hidden encrypted volumes within other volumes. Its code is viewable, although it is not strictly open source (since most of its codebase came from TrueCrypt). The tool is also in constant development, with regular security updates and independent audits during the planning stages (according to the developers.)
Those of you who have nominated VeraCrypt praised it for being an on-the-fly encryption tool, as your files are only decrypted when they are needed, while the rest of the time they are encrypted when they are inactive, and primarily for being inactive. that they are spiritual. (if not literally) the successor to TrueCrypt. Many of you have praised them for being powerful, easy to use, and to the point, even if it doesn’t have a pretty interface or a lot of bells and whistles. You also noted that VeraCrypt may not support TrueCrypt files and containers, but it can convert them to its own format, making it easy to switch to. Read more in the nomination thread here .
AxCrypt (Windows)
AxCrypt is a free open source encryption tool licensed under the GNU GPL for Windows that prides itself on its simplicity, efficiency, and ease of use. It integrates nicely with the Windows shell, so you can right-click the file to encrypt it, or even set up “synchronized” executable encryption so that the file is locked for a specified period of time and then decrypted itself later, or when the intended recipient receives it. Files with AxCrypt can be decrypted on demand, or saved decrypted while in use, and then automatically re-encrypted when modified or closed. It’s also fast and allows you to select an entire folder or just a large group of files and encrypt them all with one click. However, it is completely a file encryption tool, which means that creating encrypted volumes or drives is beyond its capabilities. It only supports AES 128-bit encryption, offers protection against brute force attacks, and is extremely lightweight (less than 1MB).
Those of you who have nominated AxCrypt noted that it is really easy to use and easy to integrate into your workflow thanks to its shell support. If you need more options, it also has a variety of command line options, so you can start a command line in Windows and perform more complex actions – or multiple actions at the same time. It may not support the strongest or most diverse encryption methods, but if you want to protect your data from most threats, this is a simple tool that can slightly improve the security of your data – for example, files stored in the cloud in Dropbox. or, for example, iCloud – safe and easy to access at the same time. You can read more on this nomination thread here and here .
BitLocker (Windows)
BitLocker is a full-disk encryption tool built into Windows Vista and Windows 7 (Ultimate and Enterprise) and Windows 8 (Pro and Enterprise) and Windows Server (2008 and newer). It supports AES encryption (128 and 256 bit), and although it is mainly used to encrypt the entire drive, it also supports encrypting other volumes or a virtual drive that can be opened and accessed like any other drive on your computer. … It supports multiple authentication mechanisms, including traditional password and PINs, a USB key, and the more controversial Trusted Platform Module (TPM) technology (which uses hardware to integrate keys into devices), which makes encryption and decryption transparent to the user, but also has many problems of its own. In any case, BitLocker’s integration with Windows (Windows 8 Pro in particular) makes it available to many people, as well as a viable disk encryption tool for people who want to protect their data if their laptop or hard drives are lost or stolen in the event of a breach. computers. , or a business that wants to protect data in the field.
Of course, it goes without saying that the BitLocker assignment was controversial. Many of you have touted the accessibility and ease of use of BitLocker, and many of you have even praised its encryption for its reliability and difficulty in cracking. Many of you noted that you switched to BitLocker after the TrueCrypt developers suggested it. Others, however, have raised a claim made by privacy advocates that BitLocker has been compromised and has backdoors for government security services (from multiple countries) to decrypt your data. While Microsoft has officially stated that this is not true, and claims that there is no backdoor in BitLocker (while keeping the code closed source, but available for verification by its partners, including these agencies), this statement is enough to do more than few of you shy away from. You can read more about criticism and controversy at the Wikipedia link above or in the nomination thread here .
GNU Privacy Guard (Windows / OS X / Linux)
GNU Privacy Guard (GnuPG) is actually an open source implementation of Pretty Good Privacy (PGP). While you can install the command line version on some operating systems, most people choose a variety of frontend and graphical interfaces for it , including official releases that can encrypt everything from email to regular files to entire volumes. All GnuPG tools support multiple types of encryption and ciphers and are generally capable of encrypting individual files one at a time, disk and volume images, or external drives and attached media. Some of you have assigned specific GnuPG interfaces on various threads, like Windows Gpg4Win which uses Kleopatra as its certificate manager.
Those of you who have nominated GnuPG praised it for being open source and available through dozens of different clients and tools, each of which can offer file encryption as well as other forms of encryption such as strong email encryption . The key, however, is finding an interface or client that does what you want and works well with your workflow. Screen shot above was made by a GPGTools , universal solution of GnuPG, which offers management a bunch of keys, as well as encryption of files, e-mails and disks for OS X. You can read more in the subject of his nomination here .
7-Zip (Windows / OS X / Linux)
7-Zip is actually a lightweight file archiver and our favorite archiving utility for Windows . While it is great at compressing and organizing files for easy storage or sending over the Internet, it is also a robust file encryption tool capable of turning individual files or entire volumes into encrypted volumes that only you have the keys to. It’s completely free, even for commercial use, supports 256-bit AES encryption, and although the official download is for Windows only, there are also unofficial builds for Linux and OS X systems. Much of the 7-Zip code is licensed by the GNU LGPL and open to review. Compressed and encrypted .7z archives (or .zip if you prefer) are easily portable and secure, they can be encrypted with passwords and turned into executable files that will self-decrypt when they reach their intended recipient. 7-Zip also integrates with the shell of the operating system you are using, making it unavailable for use. It is also a powerful command line utility.
Those of you who have nominated it noted that it may not have the most reliable user interface, but it gets the job done, and many of you installed it on purpose anyway because of its robust file compression and decompression capabilities. You noted that it is fast, flexible, free and easy to use, and while it may not be the fastest file encryption tool (nor does it support encrypting an entire volume or disk), it gets the job done, especially for encrypting files. which you need. send to someone else and give them access without jumping over too many hoops. Some of you have pointed out that 7-Zip encrypted volumes are flexible – perhaps too flexible since new files added to the encrypted archive are not encrypted (you will have to extract them all and create a new archive to do this), but otherwise a minor jingle … Read more in the nomination thread here .
Now that you’ve seen the top 5, it’s time to put them to a general vote to determine the community favorite.
Honorable mentions
We have two honorable mentions this week. First of all, it is Disk Utility (OS X), which is included with OS X as a disk recovery and management tool. Disk Utility can encrypt disks and volumes as well, and since OS X can create a compressed volume simply by right-clicking a file, series of files, or folder and choosing Compress, Disk Utility makes it much easier to encrypt whatever you want. Plus, it’s built into OS X so you don’t need to install anything. You can read more about this in the nomination thread here .
Second, we must take our hats off to the venerable old TrueCrypt , our old champion, who has actually earned several nominations in the Challenger Challenge thread. We’ve covered the crash of TrueCrypt when it happened when developers abruptly abandoned a project, claiming it was no longer secure, in the middle of their independent security audit. The developers suggested switching to BitLocker and released a new version that many consider to be compromised. However, the older version 7.1a is still widely considered secure , although development has been discontinued and the tool has remained without security updates since then. However, security analysts are divided over whether to trust TrueCrypt or switch to a different encryption utility. Many people support it even if it is a dead project, others have built their own projects around it (see VeraCrypt mentioned earlier) and others continue to use the latest secure version. We can no longer recommend TrueCrypt ourselves, but you can read more in its nominations thread here and Steve Gibson’s TrueCrypt page here .
Do you have anything to say about one of the applicants? Want to substantiate your personal favorite even if it wasn’t on the list? Remember, the Top 5 is based on your most popular nominations from the Call for Applicants thread earlier this week . Don’t just complain about the top 5, let us know which option you like best and justify it in the discussions below.