USB drives for a long time were king when it came to moving large amounts of data. This is primarily because the USB drive is universally compatible, lightweight and portable, and has no special minimum power requirements, meaning it can work with mobile devices as well as laptops or desktops. But with easy portability comes the ability to easily misplace or misplace tiny flash drives or other USB drives. This is where USB encryption software can make your life a lot easier.
If you don't want your sensitive data to fall into the wrong hands, it is recommended to protect your vital USB drives with a password and encryption. There are plenty of options to help you achieve this for free or at a cost, and whether you're an average Joe or a secret spy, encrypting USB drives is a smart measure to protect your data. In this article, we will show you the 7 best USB encryption software that you can use to encrypt your USB drive to protect the data you carry with you everywhere.
Best USB Encryption Software to Protect Your Flash Drives in 2019
1.VeraCrypt
Picking up where the extremely popular (but now defunct) TrueCrypt left off, VeraCrypt It is an extremely feature-rich encryption tool. Although it is primarily designed for encrypting hard drives, VeraCrypt works equally well with USB drives and is one of the best USB encryption software on the market.
VeraCrypt basically works by creating password-protected disk volumes that encrypted with standard encryption algorithms such as AES, Serpent and Twofish. It also allows you to further protect encrypted volumes with passwords and key files. All you need to do is connect the flash drive and follow the steps in the Volume Creation Wizard. You can create an encrypted volume of a specific size on a flash drive, or you can encrypt the entire volume. An encrypted USB device (and the data on it) encrypted in this way can only be retrieved by connecting it via VeraCrypt, after you have entered the specified password and/or keyfile.
If you're looking for USB encryption software that includes top-notch encryption prowess and is completely free, go to VeraCrypt. However, it is worth noting that using VeraCrypt does involve a bit of a learning curve.
Platform Availability: Windows 10, 8, 7, Vista and XP; Mac OS X 10.6 and higher, Linux.
Price: Free.
Download
2.EncryptStick
EncryptStick allows you to encrypt USB drives and create password-protected virtual vaults or folders. EncryptStick provides one of the most secure mechanisms for encrypting a flash drive or any other hard drive on Windows, Mac or Linux computers with interoperability capabilities. The software supports up to 1024-bit AES encryption, which is more difficult to decrypt than the 256-bit encryption that most common software that allows you to encrypt USB drives or drives offers.
Besides promising impenetrable data encryption, EncryptStick USB encryption software allows you to encrypt your flash drive with an easy-to-use interface. The interface makes it easy to copy-paste and drag-and-drop, allowing you to easily select the files or USB drives you want to prevent from being sabotaged. In addition, every time you forget after switching windows, the program will ask you to enter your password, and ten incorrect attempts to block intruders.
The only caveat is that to access encrypted drives or files from another computer, you need to install software. But you can also install it and run it from the disk itself, without installing it separately on the system. With EncryptStick you will receive 14 days trial period, after which you will need to pay $19.99 and you can use the same license on three devices. For a limited time, the price has been reduced to $14.99, which is a good buy if you want to protect your USB drives with strong security features.
Platform Availability: Windows, Mac, Linux
Price: Licensing for the paid version starts at $19.99, which is currently $14.99; 14 days trial version disabled.
Download
3. Rohos Disk Encryption
Not only does it have all the bells and whistles you'd expect from an excellent software USB encryption, Rohos Disk Encryption also contains some really nice extras that make it even more amazing.
The main functionality of Rohos Disk Encryption is centered around the creation of encrypted volumes. When you connect a USB drive, it automatically determines the optimal size of the encrypted volume (container) to be created on it. Of course, it's also easy to specify a custom volume size along with other parameters such as the encrypted volume container file location and mount point letter. Once created, data stored on encrypted volumes can be easily accessed by mounting them.
Rohos Disk Encryption allows you to dynamically increase the size of encrypted volumes according to your requirements. Not only that, you can also encrypt installed programs And custom folders on your computer so that they are only accessible if you have a USB flash drive with an encrypted volume and an automatically configured portable device. Rohos Mini Disk companion application is connected. Then there is the option to hide encrypted drives in media container files (eg AVI, MP3). Dope, right?
In a nutshell, Rohos Disk Encryption is a lightweight USB encryption solution that also adds some extremely useful benefits. Compared to VeraCrypt and DiskCryptor, it is also quite easy to use. However, it only supports one encryption algorithm, namely AES 256.
Platform Availability:
Price: Licensing for the paid version starts at $35, with a 30-day trial available.
Download
4. Gilisoft USB Stick encryption
Featuring a pretty cool user interface, complete with glossy buttons and a brushed metal finish, Gilisoft USB Stick Encryption definitely a spectator. But good looks are only part of the picture, complemented by simple yet effective encryption features.
Gilisoft USB encryption software is ridiculously easy, Just plug in the flash drive and it will be detected automatically. After that, all you have to do is specify the size of the protected (or encrypted) area you want to create on the drive (using a handy slider), along with the encryption password, and the app will take care of the rest. Secure Sections encrypted using the AES 256 algorithm, and are available after mounting through the program. There aren't too many unnecessary extras here, just excellent encryption quality. If the Secure Access companion app on an encrypted USB drive is accidentally deleted, it can also be easily restored. So there's nothing to worry about!
If all you want is hassle-free USB encryption software that doesn't come with too many extra options, Gilisoft USB Encryption is what you need. But it does have some drawbacks, such as a 10-time use limit for the free trial and an annoying pop-up screen that appears more often than it should.
Platform Availability: Windows 10, 8, 7, Vista and XP.
Price: Paid version costs $59.95, but is currently available for $49.95, with a trial limit of 10 times.
Download
5.DriveCrypt
If you often deal with some highly sensitive information, DriveCrypt can be a universal solution that guarantees file security in any way. DriveCrypt comes in handy when you want to encrypt USB and fixed drives, and in addition, it even allows you to encrypt files selectively. The software disguises encrypted files as music files or fake discs, without any keywords or information indicating the presence of any encryption or security. This can be considered digital camouflage, and if that's not enough, the software comes with password protection features that prevent Trojan files or hackers from finding out your DriveCrypt password.
In addition to protecting your data with a password, you can use external devices, such as USB security keys or fingerprint scanners, for access authentication. Finally, DriveCrypt promises 1344-bit military grade encryption.
Platform Availability: Windows 10, 8.1, 8, 7, Windows Server 2012, 2008, 2003
Price: Licensing for the paid version starts at €69.95 (~$80), which is currently €39.95 (~$46); 30-day trial
Download
6. Kakasoft USB Security
It's easy to get fired Kakasoft USB Security as just another run-of-the-mill USB encryption software, considering it small size and a (rather) limited feature set. But if that's what you're looking for and don't care about other flashy features, it's hard to go wrong with this one.
Like LaCie Private-Public, Kakasoft USB Security is also is completely self-contained on a USB flash drive and can be used anywhere. The utility is installed on the USB drive itself and can be configured to automatic start every time you connect the drive. Like similar applications, it also supports other flash memory devices such as memory cards and external drives. All you have to do on your end is provide an encryption password and Kakasoft USB Security will encrypt the entire drive as well as any data stored on it. Encrypted drives are accessible using the same unlocking and connecting method through the app.
The only problem I have with this USB encryption software is that it doesn't explicitly mention the encryption algorithms it uses to protect data. If you can live with it, you'll love it.
Platform Availability: Windows 10, 8, 7, Vista and XP.
Price: The paid version costs $35.90 for two USB drives and $47.90 for six USB drives; A trial version with limited functionality is available.
Download
7. BitLocker To Go
Want reliable and functional USB encryption software, but don't want to use third-party software? No problem how BitLocker To Go you covered.
BitLocker To Go, built into certain versions of Windows, is an extremely convenient encryption utility that makes it easy to protect the data stored on your USB drives. It can be set up in seconds using the BitLocker Drive Encryption applet in Control Panel. USB flash drives are encrypted using the AES 256 encryption algorithm. Additionally, if you forget your unlock password, you can recover it using an automatically generated recovery key, which itself can be saved to a file or synchronized with your account Microsoft.
Overall, BitLocker To Go is an extremely secure method of encrypting USB drives if you don't want to mess with any additional software. But this is only available in certain Windows versions, so that's a bit of a shame.
Notes: If you have chosen operating system Mac OS X, no worries. You can use the built-in FileVault utility to encrypt USB drives. FileVault also uses the AES algorithm to encrypt drives, using the login password as the encryption password.
Platform Availability: Windows 10, 8.1, 8 and 7 (Pro and Enterprise versions).
Price: Free.
Bonus: Hardware encrypted USB drive
Apricorn Aegis Secure Key
Although software for encrypting or decrypting USB drives is cheap and readily available, these software methods there is still a possibility of failure. Keeping hackers at bay requires not only keeping your software updated, but also their knowledge of potential attacks. In addition, software encryption may be limited to those users who have sufficient knowledge of computers.
Relatively easier to use and safer option using USB sticks or disks that can be physically encrypted, for example, using a password - as is the case with Apricorn Aegis Secure Key. Apricorn Aegis has numeric keypad and allows for 7 to 16 digit keys and works in any software ecosystem including Windows, Mac, Linux, etc. It is also IP58 certified for dust and water resistance. The USB drive has military-grade 256-bit encryption and read-only mode to ensure you or anyone else doesn't accidentally or want to delete critical files.
Buy Apricorn Aegis Secure Key 30 GB: (128,18 $)
Part I General issues cryptography
Still, cautious optimism seems justified.
Almost every lecture on cryptography to the general public begins with a very plausible story. Like, even Gaius Julius Caesar, who did not trust his messengers, encrypted letters by simply replacing A with D, B with E, and so on throughout the Latin alphabet. With such encoding, the combination XYZ would be written as ABC, and the word “key” would turn into the indigestible “nob” (direct code N+3). There is also reason to believe that hundreds of years before the Great Dictator, secret writing was used by the Egyptian pharaohs and Jews during the Babylonian captivity. Does it really matter when it all started? Since ancient times, people have not trusted each other.
Cryptography. This word from the world of spy passions tickles the nerves. Private computer user often believes that this area of knowledge is inaccessible to him. To the vast majority, the very idea of “computer secret writing” seems meaningless. Of course, this thing can be useful to intelligence services, law enforcement agencies and the military, as well as those in power with their eternal “secrets of the Madrid court.” Who else? Well, of course, to hackers. Although these people should rather be concerned not with the problem of protecting messages from prying eyes, but with the development of scenarios for hacking such protection. Yes, I shouldn’t forget to mention big businessmen who always imagine that someone is sniffing out their trade secrets. Is that the whole list of interested parties? No, the circle is much wider. Participants may want to hide almost any discussion or just personal correspondence from prying eyes. In addition, computer cryptography allows you to “key lock” not only a text message, but also an arbitrary file or group of files of any type.
Cryptography begins with several difficult-to-translate terms (see Table 1).
|
Description |
||
| plaintext (cleartext) | explicit (pure) text | open data, readable without the use of special tools |
| encryption | encryption | open data masking method |
| ciphertext | ciphertext | unreadable gibberish, a consequence of disguise |
| decryption | transcript | translation of the above gibberish into human language |
Table 1. Basic terms in cryptography
Confused? Take a look at the picture. It's easier to remember that way.
The principle is well known: the deeper you hide, the longer it takes to dig. In the recent past, whenever determining the required degree of data protection, it was necessary to remember the party for whom the information was intended. With the development of software, this problem is gradually losing relevance. The complexity of the cryptographic algorithm has virtually no effect on the time of “authorized opening” of data if both parties use software packages type PGP. As for true security during data transmission, it depends not only on the “coolness” of the algorithm used, but also on the elementary ability of a particular program to reliably hide the key.
A complete cryptographic system (cryptosystem) consists of three parts: the algorithm itself, all kinds of keys, and data transfer protocols. So-called "conventional" cryptography involves using the same key for both encoding and decoding data. The archaic “Caesar method” described above is the simplest example of “conventional” cryptography. This method and others like it have one significant drawback: to open all messages, it is enough to intercept the key once. Paradoxical as it may seem, the salvation from this scourge can be to display the encryption key for everyone to see (public key - public or open key). Thus, it can be used by anyone who wants to send you a coded message. But you open the message with a completely different key (private or secret key), which you do not share with anyone. Such keys are generated simultaneously. In the future, the private key is used by you to sign messages and files addressed to others, as well as to decrypt incoming correspondence. Outgoing mail is encrypted with public keys and the authenticity of digital signatures of correspondents is verified. In fact, the public key does not encrypt the message itself, it only encrypts a temporary key (session key), which the recipient then decrypts with his public key. You also use your private private key to create a digital signature, the authenticity of which the recipient can verify by having a copy of your public public key. This method was developed in detail by British intelligence in the early 70s.
The PGP program uses a hybrid cryptographic system. Encoding and decoding occur in several stages (see Table 2).
|
Coding |
- compression of plaintext data intended for transmission (which increases transmission speed and reduces the likelihood of using hacked text fragments to decode the entire packet); encrypted data cannot be subjected to additional compression,
- creating a session key - a secret one-time key (the key is generated by the program as a derivative of random mouse movements and data typed on the keyboard),
- data encryption using a secret session key,
- encryption of the session key itself using a public key,
- transmission of ciphertext and encrypted session key to the recipient
Decoding
- the recipient uses its own private key to decode the session key used by the sender,
- the ciphertext is opened with the session key,
- unpacking data compressed upon sending (plaintext)>
Table 2. Basic stages of encoding and decoding in PGP
Confused again? It's OK. Firstly, because if just one description of the main stages of data encryption makes you look at the text for a long time, then subconsciously the user of the described cryptographic package begins to trust the developer. And secondly, it is absolutely not necessary to remember all the stages of encoding and decoding. Let's move on.
One can try to classify the keys used in cryptography. However, let's not waste time on this. Just remember that a cryptographic key is a large or very large number, measured in bits or, in other words, digits. The larger the key, the more secure the encrypted data (ciphertext) is. Although, of course, a lot depends on the algorithm used. Remember also that the hypothetical power of a secret private key and a public key is different. Let's say an 80-bit private key is equivalent in strength to a 1024-bit public key, and a 128-bit private key is equivalent to a 3000-bit public key. When choosing a key size, it is recommended to first evaluate the time during which the information must be reliably protected. If you, say, lock the door at night, you shouldn’t put a hundred locks on it; there’s a chance you’ll be busy until the morning. Be prudent and listen to the advice of experts. Of course, with the development of computer technology and advanced hacker thought, no matter how cunning cryptographic algorithms “decay.” But to date, no one has yet managed to “defeat” a secret private key larger than 56 bits. Tomorrow this may already seem funny, nothing stands still (in the meantime, people are gathering in teams to crack the 64-bit RC5 key). PGP stores the public and private keys in encrypted form in two different files on your computer's hard drive; it is recommended that you save them on a floppy disk as well. These files are called “keyrings”. Don't lose them. Be especially careful when handling your keychain with your personal keys.
When creating a private key, it is customary not to trust a one-word password; they usually resort to using the so-called “key phrase” (passphrase). A passphrase has two advantages over a regular password. It is both easier to remember and more difficult to guess (of course, the word “guess” hides a very complex algorithm for illegal hacking). How so? Very simple. Tell me, which password would you prefer to keep in mind: option 1 - “AU63Db35”, option 2 - “keep the money in a savings bank” (even if written down on translit)? Practice shows that 90% prefer the second option simply because it is impossible to forget such a password even if you want to. Now imagine how many lives it will take some famous foreign hacker to crack this second type password. Although lately one has to be extremely careful when choosing a key phrase, a library of the most popular quotes in all languages has already been created and is constantly being updated. Therefore, it is advisable, for greater security, to choose something more original as a password than phrases like “do you sell a Slavic cabinet?” or the sample shown above. However, you can get by with a regular password. Just try not to use words that are easy to find in the dictionary, names, or memorable dates.
Digital signatures, which were already mentioned above, also play an important role in cryptography. Some even believe that the main focus when developing cryptographic algorithms should be on the impossibility of forging a personal digital signature, and not on highly complex private keys. Apologists for this concept are right in some ways. After all, is it really so important that someone became aware of, for example, my next bank deposit? It is much more important that the deposit was accepted by a real bank employee, and not by someone who managed to forge his digital signature. The main task of a digital signature is to confirm the authenticity of the origin of information. In addition, the safety of the digital signature means that the information reached the recipient undamaged. Here the reader may and should have a fair question: “Is it really so difficult to forge a digital signature if you have a sample of it?” Yeah, it's not easy. After all, of course, a digital signature is not transmitted in the form of open data. To encode it, so-called “hash functions” are used; hash (English) - mishmash, minced meat). For English-speaking users, the word “hash” or “khash” evokes special confidence, since “hash”, written as hush, corresponds to the Russian “shh!”, and the double “hush-hush” denotes information closed to prying ears and eyes. A “hash function” modifies open data of any size into a compact “digest” of a fixed length. A digital signature is a derivative of a “digest” and a private key, which guarantees its absolute uniqueness. A traditional digital certificate, which includes a name, nickname, email address and some other personal data, also plays an important role in confirming the authenticity of the sender’s identity. For greater security, the sender's identification must be signed by the recipient (such is the bureaucracy).
Confirming the authenticity of other people's public keys is also practiced. Let's say you accidentally ran into N at an exhibition of national economic achievements, and N personally gave you his key. He may ask you to publish your public key on the server with your signature, so that people who know you will have more confidence in this key. Trust in a key and trust in its owner are by no means the same thing. When you sign someone else's public key, you are only vouching for the authenticity of the fingerprint, and you should not be tormented by doubts about whether the owner is a good citizen. You are not responsible for the veracity or, if you like, the presentability of someone else’s information, you only guarantee its authenticity, that is, it belongs to the pen of this author.
Yes, it is not easy to live in a virtual world of total mistrust. Therefore, if you have to work in a certain team in an environment of increased secrecy, it is recommended to allocate an intelligent employee to ensure information security or even create an entire service for this purpose. Let specially trained people have a headache on this topic. Yes, you will have to follow the instructions they issue, adhere to the rules they introduce, and come to terms with your modest place in the hierarchy of trust, but you will feel absolutely protected from external misfortunes. Under the wing of a true professional, everyone will feel like an eagle. I know one middle-ranking leader who is terribly proud of “what dirty tricks his guys came up with.” They "split" the company's public key into three parts and distributed its parts to the company's employees depending on their hierarchical position in the company. The first part was received only by the director, his deputy and the chief accountant, the second fragment was awarded to the heads of departments, the third part went to all employees admitted to classified information. In most cases, one third of the key is sufficient to release outgoing correspondence, but if interception could cause any significant damage to the company, it is necessary to add any two parts together. Information classified as “secret” could only come out if the “fragments” of the first and second levels were put together. The method is certainly standard. But since it was introduced by a special service, confidence in it increased.
So, the main preliminary (comforting) conclusion: if you want to keep something secret, install the PGP cryptographic program on all computers in the office and in employees’ homes. It is best to entrust the development of the exact usage scenario to professionals, although it would not hurt to understand the program in general terms yourself. And, for heaven's sake, don't write key phrases on colored pieces of paper scattered across your desk. Otherwise, everything is gone.
Uplifting Quote
At this very time, Lieutenant Lukash was studying in his room a code that had just been handed over to him from regimental headquarters with instructions on how to decipher it, and at the same time a secret encrypted order about the direction in which the marching battalion was supposed to move to the Galician border. Deciphering these numbers, Lieutenant Lukash sighed: “Der Teufel soll das buserieren.”*
Jaroslav Hasek, "The Adventures of the Good Soldier Schweik"
*very close to the Russian expression “The devil will break his leg,” although in German it all sounds much ruder.
Several articles on cryptography for advanced users
Part II. Installing PGP
Program Pretty Good Privacy (PGP), as the name suggests, should provide “pretty good secrecy”, however, a lot depends on both the correct initial installation, and from wise use of the program in the future.
Installing the PGP 6.0 program is not much different from similar procedures for installing new software. The stages are:
>Part III. Setting up the program
In order to be able to exchange secret messages with others (who have already installed the PGP program on their computers), you need to generate a pair of keys: public and private. This pair will be used later to create a digital signature. Remember that you can share the public key with anyone, but the private key must be kept secret from everyone.
So, here we go:
However, take your time. The PGP program requires a responsible approach, so the window " PGPkeys"It won't be possible to close it right away.
Insert a blank, formatted floppy disk into the drive and save “keychains” with the public and private keys on it (files pubring.pkr and secring.scr, respectively). Why should you store these files on a floppy disk? Needed just in case backup copy. You never know what can happen to your hard drive. Remember, the loss of key fobs immediately entails the inaccessibility of the information intended for you.
The total weight of the keychains is approximately 5 KB. In a ratio of 3:1 in favor of the public key. Therefore, storing these files on, say, a CD is an insane waste, unless a cunning user has planned to hide his “keychains” in a pile of all sorts of extraneous garbage or simply does not trust fragile floppy disks. Some may consider such actions paranoid. We will not argue with them, but will only strengthen them in this thought with the last recommendation. If theft of some encrypted information is death for you, delete the secring.skr file from your hard drive and keep it only on a floppy disk (or other external media) in a clever safe. You need to open the correspondence, insert the “key floppy disk”. Old-fashioned, but extremely reliable. You can do it differently: arbitrarily rename the secring.skr file and store it away from the PGP folder.
Don't forget to send your public key to all potential recipients of your "secret" correspondence. To do this, you need to mark the line with your key in the PGPkeys window with the mouse and drag (pressing the left mouse button) the line with the key into the window text message your mail program, then send this letter to the recipients.
You can also act in another way: upload your public key to a certain server and indicate the address of this server in the signature of your letter. If correspondence occurs within one large organization, this is what is usually done
The server address might look like this, for example:
http://swissnet.ai.mit.edu:11371/pks/lookup?op=get&search=0x5DC10B44
Last combination<0x5DC10B44>is your key ID. It is written in the section Key Properties(in the window PGPkeys after right clicking on your line select Key Properties), in the window ID In chapter General.
In order to sign your key, after right clicking on your personal line, select menu Sign. A window will open PGP Sign Key with the string you need. After clicking on OK in a new window, indicate (preferably without errors) your key phrase. Another click on OK, and the key is signed.
Useful materials on the Internet (in Russian)
Uplifting Quote
- Where exactly is it taking you? - Vodichka asked after the first glass of good wine. “It’s a secret,” replied Schweik. - but I can tell you, as an old friend...Part IV. Starting the program
There are at least four ways to run a PGP program on your computer.
The first method provides access to the main PGP resources, plus the ability to access supporting documentation and a routine to permanently remove the cryptographic package from your computer. The second method is most often used when it is necessary to encrypt data placed on the clipboard. The vast majority of users prefer the third method, that is, working with encryption in a familiar email program window. Concerning last method, then it is good at least because it is the shortest.
Now let's look at all four methods in more detail.
1st method.
(Start) > Programs (Programs) > PGP.
Let's leave aside the working documentation ( Documentation) and the removal routine ( Uninstall), their purposes are obvious. It is much more important to immediately understand the official powers of other subroutines.
Allows you to build a cryptographic system for an entire organization. Adds the concept of an additional corporate key (Additional Decryption Key - ADK). Remember points 6-8 of Part III (Setting up the program).
In fact, it creates a protected area on your computer’s hard drive, access to which is open only to the owner of the password (passphrase). Even after recovering information on your disk (lost after infection with a virus or formatting the disk), the data from PGPdisk will remain locked with a passphrase.
You can create a new one PGPdisk (New) of the required volume and assign a label to it (if it is not occupied by another partition of the hard disk). After which the logical disk you created is open for storing data ( Mount). It is recommended that, after using it, you close your secret area on the disk ( Unmount). To open again PGPdisk You will need to enter a passphrase. In the disk properties section ( Prefs) you can make additional settings: set the time after which access to the secret area will be closed automatically (by default - 15 minutes), cancel the installation of protection when turning off the computer (it is better to leave it as is), and also select " hotkey" for quick locking with a key.
By selecting this line, you get access to a table of your private and public keys, as well as the public keys of your correspondents. If your keys have not yet been generated, select PGPkeys, you proceed to the key creation procedure (more detailed information see part III).
A full description of this table in the original language can be found in the developer's description ( PGP Manual or Help). We will limit ourselves to as brief a comment as possible.
Main buttons:
Initiating the creation of a new key pair,
Cancellation of this key (you will be able to control its fate, but as a working tool it will be lost to you),
Allows you to sign a selected key,
Destroying the key corresponding to the marked row
Searching for the required key in the list (necessary if this list is large),
Send the public key to the server,
Get the key from the server,
View the key parameters of the key,
Extract the keys from a certain file on the computer,
Add your favorite keys to the file.>
Top menu bar in table PGPkeys provides additional opportunities. For example, you can add new items to the key descriptions ( View): key identifier ( Key ID), trust level ( Trust), creation date ( Creation Date), date of "death" ( Expiration Date), association with an additional key ( ADK). From here you can also access the table of basic PGP properties ( Edit> Preferences), described in more detail below.
Activates the PGP tool table.
Go to the PGPkeys table (see above),
Selecting a file to encrypt,
Selecting a document file “for signature”,
Encrypt the signed file,
Decrypt signed data
Delete so that it cannot be restored,
Creating an unrecoverable area.
Activates the icon if it is not there. Provides an easy way to encrypt information contained in the clipboard. We will consider the launch of this subroutine in more detail when describing the “second method” of accessing PGP.
2nd method.
There is a lock in the lower right corner. Any (right or left) mouse click on this icon leads to the appearance of a new window with a long list of PGP program capabilities.
The most burning interest (and the largest number of questions) on this list is caused by the unfamiliar preference setting line, PGP Preferences.
Let's look at the main options (section General).
Always encrypt to default key
- always encrypt with the key defined as the main one- if this option is enabled, all data encrypted with the recipient's public key will also be encrypted with your primary key; sometimes useful if you want to have access to any encrypted data on your computer.
Faster key generation
- accelerated key generation- as follows from the text, it allows you to save some precious time, although theoretically it reduces the reliability of the key.
Cache decryption passphrases for
- cache password for decryption for specified time- it is useful when reading a huge heap of correspondence to set the caching time longer, then you will not have to retype the key phrase every time after this period has expired, although your security specialists may not like this (and is completely justified!), since for the caching time your the password is susceptible to interception by clever hackers.
Cache signing passphrases for
- cache the decryption signing password for a specified time- similar to the previous one, if documents for signature keep pouring in at you, increase the caching time.
In chapter Files you can change the location of the key fobs. Without much difficulty, the same can be done manually.
Let's take a closer look at the tab for setting preferences when working with email. Email. Here you can change mail settings for programs supported by plugins. If you check all the lines, this will further reduce the list of procedures when working with encrypted email messages by exactly four mouse clicks. Please note that the default is the number of characters in one column of the message being signed. This is because different email programs fold text differently; lack of enforced standardization can destroy the structure of the signed message and make it impossible to verify the signature.
Chapter Servers, as a rule, contains the address of the corporate server on which the public keys of all users of the company are stored. However, in new version PGP any user can arbitrarily add to the list of such servers. In fact, what if you work with several companies at the same time?
Beginner users should not change the settings in the section Advanced. Both encryption algorithms and trust models are selected in an optimal way for you.
All other teams in PGPtray are designed to work with data stored on the clipboard. You can put data into the buffer by selecting it with a mouse marker and simultaneously pressing the " keys on the keyboard Ctrl" And " c", or by selecting from the menu of this program Edit(Edit) and Copy(Copy).
Here is a list of these commands:
Use Current Window
Use selected text in current window,
Clear the clipboard of old content,
Edit Clipboard Text
The simplest text editor (one click and text in the buffer),
Add Key from Clipboard
Pull out the key placed in the buffer,
Decrypt & Verify Clipboard
Decrypt and identify information from the buffer,
Encrypt & Sign Clipboard
Encrypt and sign the data in the buffer,
Sign the message in the buffer,
Encrypt Clipboard
Encrypt the message in the buffer.
3rd method.
As mentioned above, most users access the PGP package directly from the working window of their favorite email program. Since everyone has their own favorite, you will have to consider additional makeup on the faces of those who are most in demand among the masses. Let's name the names of the finalists: old lady Eudora, chubby Outlook, vamp lady named The Bat.
Appeared in the list extra menu PGP. From here there are transitions to the key table ( PGPkeys), preference table ( Preferences) And general description PGP ( Help).>
When you try to create a new message, a series of new buttons appear. Let's list them from left to right: Plugin Selection- selection of additional plugins that will be used by the recipient when decrypting the message, Launch PGPkeys- go to the key table, Use PGP/MIME- support for this standard allows you to decode a message without sending it to the clipboard (used after you make sure that the recipient's program supports this standard), PGP Encrypt- encrypt the message, PGP Sign- sign the message.
It also appears in the menu bar PGP with transitions to PGPkeys And Preferences.
There are only three additional buttons when creating a new message: Encrypt, Sign And PGPkeys. I would like to hope that there is no need to comment on their purpose.
This small but very convenient email program has always been famous for its respectful attitude towards ensuring the privacy of client messages.
All the user really needs to do is help the email program determine which version of PGP will be used ( Tools > PGP > Choose version). In the future, when creating a message, encryption and signing are carried out through the menu Privacy.
4th method.
Please note that now, after right-clicking on any file or folder, the message " PGP". Very comfortably.
Everything is familiar here: Encrypt- encrypt data, Sign- sign the encryption, Encrypt & Sign- do the same thing, but in one action, Wipe- wipe the information so that no one can get to it; Decrypt & Verify- decrypt and confirm authenticity.
Uplifting Quote
One thing is certain: the system that was discussed and which I explained to you is not only one of the best, but, one might say, one of the most incomprehensible. All counterintelligence departments of enemy headquarters can now shut up, they would rather burst than solve our code. This is something completely new. Such ciphers have never existed before.Jaroslav Hasek, "The Adventures of the Good Soldier Schweik"
Part V. Working with the program
Obviously, it is impossible to learn how to use a program without trying it in practice. Some programs, such as Word or Photoshop, require hours of serious preparation from the user. But even with bulky packages, to a first approximation, you can deal with it by solving a couple of standard problems. PGP is a fairly easy-to-use program, although it uses extremely complex mathematical data encryption algorithms. Let's look at how the program works using simple real-life examples.
I installed PGP, generated my key pair and am about to exchange my first messages with an employee of our company who is already using PGP. What are my actions?
Next, right-click on the required line(if you are lucky and the gentleman you are looking for is found) and selecting a team Import to Local Keyring. Now the other person's public key is stored on your key fob. All that remains is to send him your public key and start exchanging encrypted messages.
I use Netscape Messenger for email, which does not support PGP cryptography. I'm used to it and wouldn't want to give it up. Can I exchange PGP encrypted messages with my correspondents?It is hoped that Netscape will also switch to the PGP standard in the foreseeable future. In the meantime, when sending an encrypted message, you will either have to hook ( Attach) an already encrypted file to the letter, or put the text of the message into the buffer (select the text and simultaneously press the keys " Ctrl" And " c"), encrypt it using PGPtray (Encrypt & Sign Clipboard) and then transfer the encrypted message from the clipboard to the text field of the letter (for example, by simultaneously pressing the keys " Ctrl" And " v"). Receiving messages encrypted using PGP will also not be a particular problem. The main thing is, do not forget to exchange public keys with your correspondents. If you receive an encrypted message, select the entire text (simultaneously pressing the " keys) Ctrl" And " a"), after right-clicking the mouse, select the command Copy, click on the lock PGPtray and mark the decryption line ( Decrypt & Verify Clipboard). Both encryption and decryption of a message require an exact password (passphrase), do not forget it and carefully monitor the correct choice of registers (upper/lower, Russian/English, etc.).
When you receive an encrypted file in an email, it is best to first save it somewhere on disk ( Save Attachment As:) and only then decrypt using the PGP package (right click on the file icon *.*.pgp And Decrypt & Verify team).
I encrypted a file, but now I can’t decrypt it, a window like this keeps popping up:
What to do?
Probably, when encoding the file, you did the following: after right-clicking on the file, select PGP > Encrypt(or Encrypt & Sign) and, immediately after the window appears Key Selection Dialog, clicked on OK. If so, then encryption probably occurred only through the “saving” key. That is, you did not use your personal key.
Repeat the encryption procedure when choosing a key ( Key Selection Dialog) adding to the list of recipients ( Recipients) your key from the general list ( Drag Users:). To do this, simply double-click on the desired line. Everything should be fine now.
I played around with PGP and created several keys: one for communicating with colleagues, one for correspondence with loved ones, and one for casual acquaintances. I would like the first key to be used by default. How to achieve this? Which additional settings for the main key would you recommend?Run PGPkeys, mark the key you are interested in with the mouse and select from the menu Keys team Set as Default Key. We have already dealt with the first part of the problem. As for the second question, as a rule, no additional settings are required. If suddenly you want to sign messages with the same key under different names(let's say someone knows you under a pseudonym), mark your key with the mouse, select Keys > Add > Name, enter a new name and email address after clicking on OK enter password.
That's it, the new name is in the list of key owners. Do you want this owner to be recognized as the primary owner? This is done in two steps: right click on the desired name > select Set as Primary Name. In addition, you can decorate the default key with your own portrait: right click on the key > Add > Photo > Select File> find the file with nice image > OK. It is typical that you can attach a picture to the key only if you correctly indicate the required password (passphrase). Here you can also change the key phrase itself ( Change Passphrase). Changing your password periodically significantly increases the reliability of your protection. You can also select from the general list a certain person in whom you have exceptional trust, and appoint him as the main person in charge of canceling your key if something happens: Add > Revoker. Why is such an executor needed? Well, imagine a situation where you forgot your passphrase or lost your private key, then you invent everything in a new way. But what about the old key, which one of the villains can use for all sorts of insinuations? That's it. Therefore, it is worth appointing a trusted person. If you have serious concerns that some attacker has taken possession of your key, you can easily cancel it: Keys > Revoke > Yes > enter password >OK.
So, you have learned the basics of working with the PGP cryptographic package. It is obvious that during real work you may have many additional questions, the answers to which you will not find in this description. You can seek advice from the public PGP support service, the author of the complete translation of the PGP description into Russian and one of the leading Russian information security experts, Maxim Otstavnov, or directly from the creator of this text. If you represent a reputable company, order a full package of services on the website of the PGP seller - Network Associates International. And, of course, don’t be lazy to read Help.
Four cryptographic programs will protect your data and transmitted information.
As soon as you mention the word “cryptography”, the thunder of drums from the main melody of the movie “Mission Impossible” begins to be heard in the ears of many. What if you are transmitting sensitive data over the Internet? And if someone stole your notebook PC, will he be able to gain access to your email, operational reporting, accounts and company secrets? Nowadays we all need to protect our information from prying eyes.
Compared to the simple ciphers of the past, modern cryptography methods rely on complex mathematical algorithms that encrypt data at the bit level. The result is that the file contains a lot of just random characters until the password is entered and the corresponding program decodes the sequence.
The four programs we reviewed—Symantec's Norton Your Eyes Only ($90), PGP for Windows, Business Edition, from Pretty Good Privacy ($149), AT&T's SecretAgent ($180), and RSA's SecurPC for Windows 95 ($129) - uses one of two main methods: symmetric key-based and asymmetric key-based key In systems with a single, or symmetric, key, a password is used that is required by the reader of the encrypted message. Symmetric key systems work best if you can personally hand over the password to the person who will decrypt your document. Otherwise, you will have to provide the password by phone or email, hoping that no one will intercept it.
The problem of transmitting the private key can be avoided by using asymmetric encryption or public key encryption, which involves the use of two keys. To send a secret message to someone, you encrypt it with public key, belonging to this person, and a secret key is used for reading (see illustration). Although both keys are complementary to each other, it is almost impossible to separate the private key from the public key.
Under US federal law, the export of cryptographic products based on symmetric algorithms with a key length exceeding 40 bits or for asymmetric systems - 512 bits, is equivalent to an attempt to export tanks or missiles. According to cryptography experts, this restriction forces firms to refrain from protecting sensitive data. It is expected that next year there will be a fundamental solution to this problem, quite suitable for protecting important data and at the same time authorized by the government.
All products featured in this review are intended for sale only in the United States, but all these companies simultaneously produce versions of their products for export. All four programs are designed to meet increasing corporate security requirements and are based on different cryptographic techniques. If you're interested in email security, check out SecretAgent or PGP. If you are just satisfied with a way to encrypt files without unnecessary hassle, then SecurPC is suitable. Of these programs, Norton Your Eyes Only protects all your PC data, but does not include email protection.
The encryption and decryption speed of test files varied widely. When evaluating performance, we chose the default security settings because that's what most people do. Norton Your Eyes Only and SecurPC turned out to be the fastest for both encryption and decryption, regardless of file type and size.
If you need to protect the information on your PC from spies, you can limit yourself to choosing one of these four cryptographic programs.
Norton Your Eyes Only
With Symantec's Norton Your Eyes Only ($90), protecting your data is as simple as a right-click. Among the programs we reviewed, Your Eyes Only (YEO) turned out to be not only the fastest and most convenient to use, but also provides the most comprehensive data protection, both local and enterprise-scale.
Like SecurPC, the EYO program is presented in the program menu of the section Windows Explorer, called by the right mouse button. To encrypt or decrypt files, right-click on the file or folder icon and select YEO. Unlike products like PGP, YEO is designed to protect personal or business files and storage devices, not email.
After you log in to the system at the beginning of your session and enter your password, encryption and decryption are performed in background without additional requests for a password. Most often, you don't even know that the YEO program is running; The only thing that gives it away is that opening a large file takes several seconds.
The program's SmartLock folders are automatically decrypted when opened and encrypted when closed. We created a directory of encrypted DOC files and accessed them in the environment Microsoft Word without first decrypting them. If anyone tries to view these files without contacting YEO, they will remain locked.
YEO provides a number of features not found in the other packages reviewed here. BootLock prevents unauthorized users from accessing your system by rebooting it from a floppy disk or hard drive. The UnLock Disk emergency feature allows users to access their data after a system crash, even if Windows 95 won't start.
If you are not using your PC for some time specified period time, YEO's ScreenLock function activates screen savers and locks access to files until the password is entered again. YEO provides comprehensive password management with full control over password expiration, password length, periodic password updates, and storage of previous values.
The YEO program audit trail can track events such as logins and logouts, usernames of failed logins and file access attempts, program runs, stages of ScreenLock and Unlock functionality, and any changes to user credentials and access settings. to files. Very useful additional opportunity— customization of messages, allowing you to fully manage events, time interval, sorting, users and fields.
YEO is easy to install and runs with the default settings, although during testing there was a conflict situation associated with an inconsistency between the screen saver setting (which started working with a 10-minute delay) and the PC power management settings, but we resolved this issue got it done quickly. Like SecurPC, YEO was a leader in encryption speed, processing our test files nearly five times faster than its slowest rivals.
If you need complete, fast, and low-maintenance protection for your PC's drive and data, then Norton Your Eyes Only is a good option for you.
Pretty Good Privacy Inc.
PGP for Windows, Business Edition is powerful utility encryption, focused primarily on email protection, but also provides protection for local files. Based on the Pretty Good Privacy program developed by Phil Zimmerman, PGP ($149) combines comprehensive security with management features.
The package includes encryption, digital signature, data verification and key management functions. The program runs under Windows control 95 and Windows NT, but the ability to use long file names will not be implemented until early next year.
When you get started with PGP, you first create a private and public key. When generating a key, you choose the length: from 384 to 2048 bits. You can set the key validity period: either infinite or from 1 to 999 days. In addition, you can specify the key type, providing only encryption-decryption mode, only signature-verification mode, or both. For added security, PGP uses case-sensitive passphrases when creating keys, which can consist of any lowercase or uppercase characters, including spaces.
You can set dozens of different configuration parameters of your choice. Consider, for example, the ability to restrict user access to certain operations, such as adding or subtracting a key, signing or encrypting, or creating new keys. Plus, whether you're working in word processing mode or as an email client, PGP's Enclyptor pop-up toolbar provides encryption, signing, and auditing features. Using this panel, you can work with text on the clipboard (Clipboard), and this is the only one among the four products we reviewed that provides such an opportunity.
When encrypting or decrypting material, the results are written to some temporary file and displayed on the screen by the viewer. The default editor is Notepad, but any text editor is acceptable. Windows editor. To increase the degree of protection, it is necessary to carry out automatic mode file compression. When encrypting a file, PGP creates new file with the ASC extension, and with appropriate instructions received from the user, will delete the original.
If you encrypt a file using a public key, you will no longer be able to access it without the corresponding private key. To get around this problem, PGP provides the ability to encrypt a file with two public keys, allowing you to keep your own working copy of the file.
PGP doesn't have a way to deal with long file names, and it's the only product we reviewed that requires user confirmation for each file when processing files—a rather tedious task.
Although the primary cryptographic method used in PGP is public key encryption, it also implements IDEA symmetric key encryption. When you select the IDEA method, you are prompted to enter another passphrase to encrypt the file. The program's unique security feature, For Your Eyes Only, limits the number of pages displayed on the screen to just one.
In terms of performance, PGP was in last or second-to-last place in the group of programs we reviewed. But the full range of protection options presented in it, combined with the convenience and ease of use, will be an excellent choice for anyone who needs to protect information.
AT&T Business Communications Services
SecretAgent
At $180, SecretAgent is the most expensive program in this review. But it's worth it because you get industry-grade encryption that's good for email and provides a wide variety of PC security techniques.
From the directory and list of files in the main SecretAgent dialog box, you select the files you want to encrypt. Even if files are selected from several directories, after they are encrypted, they are all written to one directory. The program provides four standard encryption protocols, any of which is suitable for most types of work; there is a list on the company's website possible options choice.
To prepare a key in the SecretAgent program, you can enter a user identifier (ID) and password up to 40 characters long. Keys are stored in proprietary PKF files, for combining, editing and deleting which the program has a Key Manager module.
You choose the key length: from 512 to 1024 bits. The program's implementation of the public key method based on the Rivest-Shamir-Adleman (RSA) digital signature algorithm is carried out in two stages. The message is encrypted with a key generated in accordance with the DES (data encryption standard) standard, after which it is encrypted using the public key method using RSA algorithm. The person receiving the message first decodes the result of the RSA encryption using the secret key, and then, using the recovered DES key, decodes the message itself.
You can automatically send encrypted messages via email via VIM or MAPI-compatible clients (VIM - Vendor Independent Messaging - API for transmitting data independently of email providers; MAPI - Messaging Application Programming Interface - API for internal messages and email) . To process protected files in Microsoft environment Word for Windows or WordPerfect can import macros. SecretAgent runs under Macintosh and UNIX, as well as Windows 3.x, but there is no special version of the program for Windows 95. Before encryption, the SecretAgent program compresses the source files to reduce their size, as well as to increase the degree of security; For this purpose, modules are provided that perform compression using LZSS and RLE methods.
SecretAgent provides a variety of prompt, context-sensitive prompts, and available documentation electronic form and in regular paper version - contains detailed description operation of program algorithms; Less experienced users will likely find this level of detail confusing.
When it comes to performance, SecretAgent ranks near the bottom of our list of four programs reviewed, but it makes up for its sluggishness with superior email security, local data protection features, and a wide range of encryption standards.
RSA Data Security
In many corporations, the greatest risk of a security breach comes from staff ignoring existing encryption programs because they are either too complex or too inconvenient to use on a day-to-day basis. RSA's SecurPC for Windows 95 ($129) is a simple, no-nonsense personal encryption system that works seamlessly.
The SecurPC program is prepared based on the asymmetric RC4 algorithm developed by Rivest with a 128-bit key. To make the program easier to use, it is called from Windows folders Explorer, but it does not have its own user interface.
To encrypt a file using SecurPC, you select a file or directory in the Explorer or My Computer folder, right-click on its icon and select Encrypt. In the pop-up dialog box, you will see the names of the file, current directory, and user. The program then asks for a password and encrypts the file; The procedure for decrypting an encrypted file is organized in a similar way.
If you are working with several files, then instead of repeating the password for each of them, you can specify the password expiration date in memory in minutes. In the same way, when you enter a password once, a group of files is decoded. Unfortunately, there is no way to work directly with email messages.
When you encrypt a file, you can choose to keep or delete the original file. If you delete a file, SecurPC clears the area it occupies on your hard drive and automatically destroys all traces of the file, meaning you will never be able to recover it. The program marks all encrypted files with the extension!!!. It does not encrypt already encrypted files, program files, system files in the Windows directory and its own program files.
Unlike other programs we reviewed, SecurPC provides tools for creating self-extracting encrypted files, intended for those who do not have this program on their PC. Once the recipient enters the password, this file is automatically opened.
With the program's Autocrypt function, you specify those files or directories that should be automatically decrypted when Windows starts and automatically encrypted when in the menu Start programs a special stop mode is selected. During testing, the Autocrypt function worked flawlessly, however, we note that we had to resort to a separate stop procedure and use a special password to activate it after Windows startup. Moreover, if you click the Cancel button at startup, the files are not encrypted.
Regarding the needs of corporations, SecurPC emergency situations provides the administrator or person responsible for security with the ability to access user files, if, of course, the Emergency Access function available in the program is running at that moment. The number of passwords required to gain access - one, two or more - you set during installation. In the case of separate passwords, you can specify the number of trusted persons required to decrypt the file, ranging from 3 to 255.
In terms of encryption speed for our test files, SecurPC was on par with Norton Your Eyes Only, but took first place in decrypting them. SecurPC prioritizes speed and ease of use over all other criteria, making it good option choice.
Encryption programs differ from each other in encryption method, algorithms, capabilities, and, importantly, price. Which one to choose? Let's try to figure it out.
About how treacherous and insidious computer viruses nowadays, any Internet user knows. Do not forget that most viruses are created with the goal of stealing your valuable confidential data. So that your data cannot be read by third parties and encryption programs are needed. Let's try to figure it out: which one to choose?
An encryption program designed to protect information in companies and organizations. The system operates on the principle of “transparent” encryption: when creating and editing files, the encryption and decryption processes occur automatically, “on the fly.”
CyberSafe Enterprise provides the ability to protect corporate email communications when working with any mail client(Microsoft Outlook, Thunderbird, The Bat!, etc.), as well as when using mobile devices running iOS and Android. The program includes a cryptoprovider CryptoPRO CSP certified in the Russian Federation and supports encryption standards GOST 28147-89 and GOST R 34.10-2012, thanks to which it can be used in personal data protection systems of classes KS1 and KS2.
5 programs to encrypt hard drives and files in Windows 10
Encryption is a powerful way to protect your files and data from unauthorized access. I recommend five programs for .
1.AxCrypt
AxCrypt is an open source tool for , which only supports 128-bit AES encryption.
2.VeraCrypt
VeraCrypt has advanced security features, supporting AES 256 bit, Serpent encryption ciphers and Two Fish algorithms.
3. DiskCryptor
DiskCryptor is an open source encryption tool that is used to lock disk partitions as well as system partitions. Supports AES-256, Serpent and Twofish algorithms.
4. LaCie Private-Public
Lacie Private-public is an open source program. Supports AES-256 encryption algorithm.
5. Gpg4win
Gpg4win - used to protect your files and securely transfer your emails. Supports all cryptographic standards such as Open PGP and S/MIME (X.509).
Gpg4win contains several free software components:
- GnuPG - Backend; it is the actual encryption tool.
- Kleopatra is a certificate manager for OpenPGP and X.509 (S/MIME) and general cryptographic conversations.
- GpgOL - plugin for Microsoft Outlook - supports MS Exchange Server.
- GpgEX - plugin for Microsoft Explorer (file encryption).
- GPA is an alternative certificate manager for OpenPGP and X.509 (S/MIME).
Thanks for reading! Subscribe to my channel at Telegram And Yandex.Zen . Only there Latest updates blog and news from the world of information technology. Also, read me at in social networks: Facebook , Twitter , VK , OK.
Respect for the post! Thanks for the work!
On this moment there is an opportunity to become cartridge to support the blog with a monthly donation, or use
Loading...
