Thursday, 27 October 2011

File Encryption

Introduction
Do you ever worry that someone might see your most important data, that they may learn your most intimate secrets? If you save your sacred files on a USB flash drive and lose it, maybe a stranger or even an enemy will get to discover those secrets! Maybe if you store files using a cloud based service such as Google Docs or Microsoft Skydrive, it worries you that these corporations can read your important work at their leisure? 

There is a solution, you can use file encryption. Encryption scrambles a file so it is unreadable. You must use a password to unscramble (decrypt) the file so you may read the data as usual. There are many solutions and in this article I'll be explaining some of them.


What's your goal?
There are some different ways to encrypt files and different tools you can use. Which tool you use depends on what your ultimate goal is. Here are three common examples of common encryption scenarios:
  • Encrypt files on a USB flash drive
  • Encrypt some files stored on a network share
  • Encrypt files some files on my hard disk drive (C: drive)
  • Encrypt an entire local drive (C:, D:, etc)
  • Encrypt files for sending as e-mail attachments 
The above are very common scenarios that we can break down into the following:
  1. Encrypt a drive
  2. Encrypt a file(s)
  3. Encrypt a file(s) for transport
I've numbered them in order of flexibility. Let's look at each one in turn:


1. Encrypt a drive
To encrypt a whole drive means that any file copied or saved to that computer will be encrypted 'on-the-fly' (automatically). This can be great, you don't need to think about encryption, you just use your computer normally and the files are secure. The down side is that if there's a problem, Windows crashes and can't start up properly for example, it might mean that you will be unable to recover any of your files. Another common problem is that because the computer is having to encrypt and decrypt files all the time, even system files, it may slow down. Of course encrypting a whole drive is not going to be appropriate if your goal is only to protect files you send by e-mail. 

I would recommend you think long and hard about encrypting any drive before you do it. Make sure you have a good back up of your data at all times.

To encrypt a whole drive there are many tools, Windows 7 BitLocker can do this, TrueCrypt and others. 


2. Encrypt a file(s)
A more flexible approach is to encrypt only the files you want to protect, not your entire drive. For example, with a program like TrueCrypt you can create a special file that acts like a container. It can appear as a virtual drive on your computer, in other words the container is represented by a drive letter. This can be handy, you can easily save files to it and as you do they are encrypted 'on the fly'. You could also create one of these 'container' files on a USB flash drive and when you copy files to it, they are encrypted. 

The advantage of this method over encrypting the entire drive is that you could even copy that encrypted files somewhere else, onto another USB flash drive, to a DVD, to Google Docs, where ever. The disadvantage is that with programs like TrueCrypt, when you create an encrypted file, a 'container', you have to specify the size from the beginning no matter what is stored inside. For example, you may only have two megabytes of files but the container encrypted file maybe ten megabytes in size.


3.  Encrypt a file(s) for transport
If you want to sent a file or files as e-mail attachments but you want to protect them in case the e-mail is intercepted along the way, you may need to use a different kind of encryption method. In this scenario you need the most flexible solution because the person receiving the file may not have the same software as you, asking them to install something can be a pain.

The solution is to use a program such as WinZip or 7-Zip to make a compressed file and put a password on the file. For example, you can create a file called "important.zip" and add a file or files to it. Inside WinZip or 7-Zip use the Encrypt option to add a password. AES encryption is recommended - more about this later in the article.

One downside of this method is that files are not encrypted 'on the fly'. Every time you add a file you must add a password. Every time you want to extract a file you have to enter the password. You would need to manage many passwords. The file names are also visible even when encrypted. This may not be a big deal but in some cases you don't want that. The saving grace of this method is that it is the most flexible and ideal for securing files you are going to e-mailing.


Tools
Microsoft BitLocker. This is great, it allows you to encrypt your entire hard drive or USB flash drive. But it only comes with Windows 7 Ultimate or Enterprise editions. 

TrueCrypt is a good alternative. It's open source, free, powerful yet relatively easy to use. For the techies out there, it can even be run from the command line. TrueCrypt can use many different encryption methods including the reliable AES encryption.

WinZip or 7-Zip - WinZip is shareware, it has a good interface but eventually you should buy it. 7-Zip is open source, free, it can open zip, rar and it's very own 7z format files. Both WinZip and 7-Zip can encrypt with AES encryption. 

There are other programs like WinZip and 7-zip, like WinRAR for example. Most of these work in a similar way. I'm talking about WinZip and 7-zip here just as examples. If you prefer something else, that's fine.


Encryption Strength
When using WinZip and 7-Zip there's a standard zip encryption called "Zip 2.0 encryption". I do not recommend this. 

Always use AES encryption. The higher the bit number the better. For example, AES 256-bit is stronger than 128-bit. What does 'stronger' mean? Well it means the higher the bit rate, the longer it would take for a hacker to discover your password. AES is very secure, it's used by the US government.


Conclusion
For anyone who wants to encrypt some files with the least bother, use WinZip, 7-zip or similar. It's also flexible enough to use anywhere and even to send as an e-mail attachment. 

If you want something more sophisticated but free, try TrueCrypt. It has an option to encrypt an entire drive but I would recommend you start with only using the encryption 'file containers'. That's the most flexible option.

BitLocker is should be considered primarily by enterprises. 


Reference

Bitlocker at Microsoft.com

TrueCrypt

WinZip

7-Zip

AES Encryption


Post a Comment