Pls recommend encryption software

[Silent]

I'm looking for software that is able to encrypt and decrypt all files in a folder structure (several layers deep). I want a tool that encrypts the individual files and not just the folder so I can copy/move the files without decrypting them and if wanted decrypt them individually.

 

A bit of background: To improve security against loss I want to create a backup in the cloud but don't really trust that the files are not shared and/or the service is not hacked. Though the material is not highly sensitive I still want to add an extra layer of protection. I prefer the files to be encrypted individually instead of an archive as that would make it a lot easier to use the backup as a repository while traveling.

 

Any software out there that can do this? If there's choice I prefer a free open source solution.

[mikelove]

VeraCrypt (https://veracrypt.codeplex.com/) should meet your needs - open-source successor to the now-discontinued TrueCrypt.

[lechuan]

Mac OS? Or Windows? Or ?

[Silent]

@lechuan: For now Windows will do. There is a chance that in the future I like to expand to linux or android.

 

@mikelove: My first impression is that veracrypt works on entire volumes, not on the individual files. Is this correct? I'll have a better look tomorrow.

[makochan]

AxCrypt? http://www.axantum.com/AxCrypt/

 

I've never used it but seen it on Lifehacker.

[mikelove]

@Silent - yes, but the volume can be virtual - a file instead of an actual disk. The app mounts this virtual volume in Windows just like a real disk (which is a good thing - much more reliable / consistent interface than a third-party, app-specific GUI) but in the end it's just a flat binary file and so can be backed up / moved around just like any other file.

[Silent]

@mikelove: you're right, but that makes it hard to use the cloud backup as a repository while on the move. It would mean downloading the entire volume over often poor connection and then extracting the file I want. That's at best time consuming if possible at all. If it works on individual files I can download the file I want, I would only download a few MB's or less versus downloading a few GB's

 

@makochan: That looks great I've downloaded it and will check it out further.

[renzhe]

If you're comfortable with a command line utility and want to encrypt files individually, GPG will be one of the easiest and safest options.

To encrypt: gpg --symmetric -e filename

To decrypt: gpg -d filename.gpg

It supports a large number of cyphers, including AES, CAST5, and also does asymmetric encryption, keyrings and all that stuff if you want to get fancy.

TrueCrypt, LUKS and the like are for the case when somebody physically steals or confiscates your hard drive, not really for cloud storage. In the case of cloud-based backup, I agree with you -- encrypt it locally, upload the encrypted file.

[Silent]

All thanks for the suggestions!

Axcrypt seems to do an excellent job, it not only encrypts, but also compresses a little. I'm in the process of setting it up that way.

 

gpg looks good too and may offer a better prospect of automating the process. My scheduled backup process however generates archive files. So in order to make that work the way I want I've to redesign it.

 

Again, thanks for the suggestions!

[renzhe]

It shouldn't be hard. You can encrypt the archive, or you can archive the encrypted files, gpg does not care what type of files you feed it.

[m000gle]

I'm not sure that you will find a single tool which will satisfy all your requests; but if you break things down a bit, and make use of 2-3 tools, it shouldn't be difficult to have a safe, robust and flexible workflow that more than meets your needs.

 

Before doing any of this, though, please remember a few caveats:

• If you lose your keys, your data is gone.  If this isn’t the case, then the service/tool is probably broken by design.

• While the tools and workflow listed are perfectly legal/acceptable anywhere with some semblance of the rule of law and right to privacy, this may not be the case in all jurisdictions and this may be something to consider while travelling.

• While this will keep you very safe from unauthorized and/or unlawful access to your data, this in no way exempts you from warranted lawful access, in jurisdictions where such laws exists (i.e. you can still be compelled to disclose keys).

• The previous two points are especially true when passing through customs, as even jurisdictions with personal privacy provisions often toss them out the window when entering/exiting the country.

1. Full Disk/Filesystem Encryption

 

Full disk/filesystem encryption is one part of the equation.  In essence, this ensures all of the data on your device is encrypted, requiring you to enter your key at boot (please, use a strong passcode!).  From this point on, your device functions as normal, despite the fact that anything written/read to/from the disk will be encrypted.  The options built in to Windows 7 ("BitLocker"), Mac OSX ("File Vault 2"), Linux ("LUKS" etc), iOS/Android etc are more than adequate for your use case; they're easy, and will prevent unauthorized access to your data, should the device be lost.

 

To be honest, given the amount of data on our easily lost mobile phones and computers, everyone should already be doing this.

 

2. Secure "Cloud" Storage

 

For this part of the equation, I would recommend a service like tarsnap (http://www.tarsnap.com/). This service: Is cross-platform (Windows, Mac, Linux, BSD, and pretty much anything other UNIX-like environment); implements de-duplication, saving bandwidth and storage costs; uses strong encryption, something I assume is important to anyone asking this question; is encrypted at the client side, meaning only you have the key and nobody but yourself can access the data (remember: lose the key, and even those who run the service can't get your data back!).

 

I've never really done this step, as I've never felt the need; however, if secured and encrypted "cloud" storage is what you need, something like this is really your only option.

 

3. File/Archive Encryption

 

I put this as a separate category as, if you're doing the above-mentioned two steps, this one isn't really necessary, and doesn't provide much additional security beyond another layer of abstraction.  GPG is a great option, as described by renzhe already; but I can't speak for the other software mentioned.

 

TL;DR

 

Encrypt your filesystem, and make sure your cloud storage is encrypted at the client side.  If you really need more than that (eg. diplomat), then there are added measure you can use (invisible partitions, self destruct keys etc); however, your use case in no way needs these, and if it did you wouldn't be asking how to secure your data here

[imron]

+1 for Tarsnap, but just be aware you need to compile it from source (the author doesn't distribute binaries).  Also, although saying it runs on Windows is true, it's also going to be complicated exercise and might be too much for some people.