During the course of my various research projects, investigating stories of corporate and government corruption, there are plenty of situations when I need to send someone a sensitive file that I don’t want anyone else intercepting and reading.
There are actually plenty of other circumstances people may need to send an encrypted file, such as academic researchers sharing highly-sensitive information with each other over the Internet, corporate communications, or just friends that are discussing very private matters.
The great thing about sending messages, images or videos using some form of encryption is that it doesn’t matter if you’re using a public network to transfer the file; unless you have the password and/or the key file to decrypt the file – you can’t open it.
There are plenty of apps that will open up encrypted connections, such as Tim’s article on encrypting IM chats, or Danny’s article on encrypting Dropbox data, but really the most secure way to communicate information or send data is by encrypting the file on your computer, and having the recipient decrypt it on theirs. One of the easiest and fastest utilities for doing this is AxCrypt.
Encrypting Files Right from Windows Explorer
The beauty of AxCrypt is that it installs as sort of a Windows Explorer plugin – and works as part of the right-click context menu. Just right click on a file, and you’ll see the AxCrypt menu as one of the many options. You can choose one of the encrypt options, create a key-file as part of the encryption process for that file, or shred and delete the file.
By the way, if you ever have the need to permanently delete files from your computer, this is the app to do it. It’s a full wipe of the file, meaning that the file isn’t just deleted from the Windows file system. The application will actually write erroneous data over the memory addresses where the file is stored, before wiping the deleted file from the Windows file system. This makes it virtually impossible to recover the file through most standard computer forensics methods for file recovery.
When you choose to encrypt the file, you have several options. You can encrypt the file itself, you can create an encrypted copy of the file that requires the recipient have AxCrypt installed on their computer to decrypt it, or you can encrypt it as an executable, which includes the AxCrypt decryption utility – so the recipient doesn’t need to install anything at all, they just need to know the passphrase.
If you choose to encrypt a copy, it’ll create a new file with the default extension .axx. The recipient will open this file with AxCrypt by typing in the correct passphrase to open it.
If you choose to encrypt it as an executable, you can just send over the exe file to any recipient, and they just have to double click on the file itself, enter the password, and the file will open.
This is perfect if you’re sending sensitive info to someone that you don’t usually communicate with, as they will likely not have AxCrypt installed. They’ll need need the correct password to DeCrypt the file. On the receiving end, the same screen will open when the user tries to open the file – it always asks for the passphrase and the Key-File. If you only set a passphrase when you encrypted the file, that’s all the user needs to enter. If you’ve also created a key-file, then they’ll need to browse to that file as well, or they won’t be able to decrypt.
When you create a key-file as part of the encryption process, it’s important to save it to removable storage media. This turns a USB stick or portable hard drive into a sort of hard “key” to open the file. So you could email someone the encrypted file, and then send them the USB stick. Only the person with the correct passphrase and that USB stick that has the key-file will be able to decrypt the original file. This is one of the most secure methods for transferring information to someone, and is nearly impossible to hack.
On the recipient end, if the person has AxCrypt already installed, decrypting a file is as simple as right clicking on the file and clicking “Decrypt”. AxCrypt recognizes whether a file is encrypted or not, and will change the context menu accordingly. The recipient can also do a full “Shred and Delete” of the received file after reading it, so that no record of the file remains anywhere.
Another nice feature of AxCrypt is that it comes with a standard set of command-line parameters. You can run the “axcrypt” command either from the application directory, or you can set the Windows PATH environment variable to the AxCrypt directory so that you can run the “axcript” command straight from the command prompt without going to the AxCrypt directory first.
Through the command line, from a Windows Script or from your own program, you can run the axscript command to either encrypt or decrypt files. In the example above, I’ve encrypted a file called file1.txt, and renamed the encrypted file as “securefile”. There is a fairly long list of parameters you can use to do some pretty cool things in script with this utility.
So, if you ever have the need for transferring sensitive information in a safe way, give AxCrypt a try and let us know what you think. Is its integration with Windows convenient enough, or are there other features you’d like to see included? Share your thoughts in the comments section below.
Image Credit: Robert Linder
No comments:
Post a Comment
[Please do not advertise, or post irrelevant links. Thank you for your cooperation.]