I frequently get asked how to encrypt a file. Tools like 7-zip and
TrueCrypt, my most common recommendations, are designed to work on
collections of files. AxCrypt, on the other hand, encrypts single files quickly
and easily.
In this video excerpt from an Ask Leo! webinar, I'll
walk through using AxCrypt.
]]>
Transcript
A question I get fairly often is people wanting to encrypt a single file. Tools like 7-zip, WinZip and so forth are all targeted at encrypting collections of files, zip file archives of multiple files. And tools like TrueCrypt are actually designed to also encrypt not just a few files but an entire virtual disk drive's worth of files - so what we'll look at in this video is to use a tool called AxCrypt which is designed to do exactly what people are asking for.
I'm just going to have the search engine search for AxCrypt; it's much easier than remembering where it comes from. Axantum software is the source. I happen to be running a Win32 version of Windows 7 here. So that's what I'm going to download and go ahead and have it run.
Go ahead and install the application; accept the licensing agreement; go ahead and accept the default installation and let it install. It should throw a User Access Control dialog here in a moment...and we'll say 'yes' to that. And the utility is installed and we do want to go ahead and start it.
Now you'll notice (let's see)... they're going to ask us for email; if you want to give them your email address that's fine - go ahead; if you don't, that's also fine you can still use the tool. I'm going to cancel, they've already got me multiple times.
Now, 'Where's the tool?' you might ask? Since we did say run it. Well, that is how AxCrypt works. So we will open Windows Explorer and I am going to go ahead and open up my 'My Documents' folder where I have a secret document. I'm going to encrypt that document. Right now if you take a look at it, it's a text file, it has some meaningless text in it right now.
The way AxCrypt works is you right-click on the document you want to encrypt and say 'Encrypt'. Now, you can encrypt it in place; you can encrypt it to a copy which will leave the original document behind; you can encrypt it to a copy that is a self-extracting .exe file which means that what you end up with is a .exe program that when run will ask for a password to decrypt it. But let's just encrypt it in place because I think that's what most people are interested in. I'm going to use a very simple passphrase I suggest that you use something significantly more complex and by passphrase that can mean multiple words, space separated to make it easier to remember...and we hit 'ok'.
So what's happened here is that this is now an encrypted file. And, in fact, if we go to folder options and make sure that we do not hide extensions for known file types, we find that this has become secret_document-txt.axx. 'Axx' being the AxCrypt encrypted file extension. In other words, we've encrypted a single file. To decrypt it, you can double-click on it; it will ask you for the passphrase and it opens up whatever the document is. If you want to decrypt it in place...'poof' now it's back to its back to its original secret_document.txt.
Again, this uses industrial strength encryption, good encryption. The weakest link you will find will almost certainly be the password that you choose. A four-character password as I have chosen here is trivial to crack. You want something that is significantly longer.
The other thing to note or to at least be aware of is when I encrypt this file, and I'll do it here again just to show you...when I hit 'ok', we don't really know what happens and by that I mean it may be possible to find out from AxCrypt exactly what steps they go through to encrypt the file but the problem is even if we did know we shouldn't rely on it. The thing we care about, the piece that I'm concerned about here is that encrypting in place may not be 'encrypting in place'. For example, they may encrypt 'Secret Document'...let me go back to the original.
Let's say instead, we encrypt a copy...1234...oops, I just revealed my password. Now you have both files. We can delete the original and we're left with only the encrypted file but as we know, when we delete a file on Windows it leaves traces; it's very possible that the deleted file could be recovered; you could move it to your Recycle Bin which is easily recoverable; you can empty your Recycle Bin and then some extra tools might then be necessary to recover the file.
What we don't know is if we ask AxCrypt to just encrypt this file in place, is it doing the same thing? In other words is it first creating the encrypted document as a copy and then deleting the original? And if it does delete the original, do we know how it deletes the original. Is it anything like a secure delete? My guess is they probably are doing something smart but I don't want to rely on that and I don't think anybody should rely on those kinds of activities regardless of what encryption tool you use. So the correct thing to do here would be to fire up some kind of secure delete utility or a free space wiper or any kinds of those file shredding utilities to make sure that not only has the original unencrypted document been removed and you only have your encrypted document left but that all traces of the unencrypted document have been removed. That includes the copy of the file that may have been in this folder. It's possible that encryption utilities could be using your temporary folders so you might find surprisingly a copy of the original document there. I'm not saying that this tool does that, no way, and I'm pretty convinced that they're doing things smart but when it's important that a document be encrypted and not be accidentally found in its unencrypted form, you do need to take the extra step of emptying your Recycle Bin and shredding your free space using a secure delete utility to do that to make sure that there aren't any traces of the originally unencrypted file left.
The one last thing I want to show here then (let me decrypt this back to its original form) here is secret_document.txt. I'm going to go ahead and encrypt it to .exe file. Now we have secret-document-txt.exe. As I understand it, this is now a file that you can give to somebody else who does not have Ax Crypt installed. In other words, they do not to install special software in order to be able to decompress your document. All they need to do is run this executable file, supply the password that you've put on the contents and they would get the results - the unencrypted file - available to them.
So that's it; that's AxCrypt in a nutshell. It's a nifty little utility. I like it a lot. I don't use it as often as things like 7-zip or as you know I use TrueCrypt almost continually for most important things but it's another one of these handy-dandy utilities for being able to share documents in an encrypted form or keep individual files encrypted on your hard drive safe from prying eyes.
This is 128 bit encryption. Isn’t 256 bit, which is fairly common and easy to use, billions of times more secure? I’m not a super-user. I’m just wondering whether it’s as good as some others. I certainly like the ease-of-use part of AxCrypt.
14-Sep-2011
Only thing of concern to me is that AxCrypt uses AES-128. I prefer other algorithms to AES, such as Twofish or Serpent, that aren’t associated with the U.S. government; and when AES is used, I prefer AES-256, simply because it is stronger. Why bother using AES-128, when AES-256 is available?! (And please don’t tell me its because today’s computers lack the required computational power!)
Thank you for this suggestion, Leo.
Before coming across this, I had been using TrueCrypt to create a virtual encrypted disk for single files. I then had to create batch files for each volume so it would automatically mount the volume and open the contained file within it when I entered the correct password. The batch file would also need to wait until I closed the containing file before automatically dismounting the volume.
This was time consuming, because I would need to create a different batch file for each encrypted file, as well as buggy, since there were time when the batch file would not always automatically dismount the volume when I exited the contained file.
While I still use TrueCrypt for encrypting multiple files, AxCrypt is A LOT easier when dealing with single files.
Thanks again!!
Hi Leo,
I installed Axcrypt on a win.7×64 and opened the axcrypted file (microsoft Word) fine, but after I closed it (exited Axcrypt) if I tried to reopen it then I have problem: ” the process can not access the file because it’s being used by other process, you or someone else have it opened already” Do you want to open… as a read only instead…” I have no above problem in my desktop win.XP (I am not familiar with win.7)
Can you help
Thanks
@Tony
There are utilities such as Unlocker Assistant that can release a file which is being used by another process But if AxCrypt lets you open it as a read only file, the simplest thing would be to open a read only version and when you open it in Word or whichever program you use, you can simple save it by using the Save As command and give it another name.
Hi Mark,
Because this program got a high rave and since I am not familiar with win7
I though I may setup something not correctly in windows (systemically) . Thank you for the suggestion.
Tony