Menu
homeFiles and folders

File encryption - EFS. File encryption programs: Which ones are better to choose?

Hello to blog site readers who suddenly urgently need to set a password for some of their personal files and folders! After reading this article, you will not only password-protect your personal data, but also encrypt it in such a way that even the FSB will not be able to decrypt anything :-). I did not exaggerate about the Security Service, but to make sure of this, read the instructions below.

Everyone probably has certain files or even entire folders of files that others should not see. And it doesn’t matter what they are - pictures, music files, photos, text documents. And today there are many ways to protect them. For example, some versions of Windows 7 and Windows 8 Pro have the “BitLocker” encryption function, but I immediately abandoned it, since it can only work on Windows, and even then only on certain versions.
If you have a WinRar archiver, then you can set a password for the folder and files in the archive. At the same time, all file names (my_passwords.txt, prohibited_video.avi, secret_world_capture_plan.txt, etc.) will be visible to everyone. In addition, there are now freely available programs that easily select archive passwords. For this reason, I think that this method is just a child’s prank, and since we are serious people, we need serious tools to encrypt our data
I've been using the free and easy-to-use TrueCrypt program for a long time to set passwords on files. With this program you can not only password protect folders, but also hide their contents. The visitor will not see the names of the files or their number.
To download the program, go to the official website www.truecrypt.org. It is better to immediately download the latest version. Installation is standard. After installation and launch, we will see the following window:


At first glance, everything is very complicated and unclear. But this is only for the first time. After installing the program, look at the weight of the files on which you want to put a password. We will need this to create a file container.
TrueCrypt works as follows: we need to create a file container of the size we need (from several megabytes to several gigabytes), where we will place all the secret files. TrueCrypt will encrypt all these files and folders on the fly using the AES 256 encryption algorithm. This algorithm is the default, but it can be replaced with another. But I categorically do not recommend that you do this, since AES is by far the most crypto-resistant (undecipherable).
As if to prove this, AES 256 is used by the US government and military forces.
So what do we need to do? As mentioned above, TrueCrypt does not encrypt files and folders directly, but with its help we can create a file container where we can upload confidential materials.
1. Go to the “Volumes” item and click “Create a new volume”:


In the window that opens, we see some of the capabilities of TrueCrypt:


a) Create an encrypted file container;
b) Encrypt the entire disk (and even a flash drive). In the near future, developers plan to encrypt CDs.
c) Completely encrypt the system disk with Windows. This function is often used in small enterprises that use pirated software, so that inspection authorities cannot find out the version and authenticity of the OS.
But we are now interested in the first possibility. Leave the checkbox on the first item and click “Next”.
2. In the “TrueCrypt Volume Creation Wizard” window, the program prompts us to select the volume type:


Of course, ordinary users who are not hunted by intelligence agencies choose the first option. Then the program will create a seemingly ordinary file in which we will store secret data.
The second option is more secretive. TrueCrypt will create a hidden volume. That is, in a regular volume (file container), another “hidden” one will be created. It will be hidden and outsiders will not even be able to know whether it exists or not. Only you will have access to it.
Therefore, if they torture you with a soldering iron and demand a password, then with a clear conscience you should provide the password to an ordinary volume that contains all sorts of harmless files - photos from your birthday, 50 books of the Collected Works of V. Lenin in .dox format, etc. And all truly secret data will be in the same container, but in a hidden volume, the existence of which only you know.
Personally, I select a regular volume and click on the “Next” button. In the next window, the program asks us to select the file in which the volume will be created:


Attention! Select (or create) a new empty file. The file name should not attract attention to itself. For example, among a bunch of text documents with the works of Pushkin, Lermontov, etc., create, for example, the document Ruslan-i-Lydmila-Pushkin.txt. Then click “Select File” in the program window and add the newly created file.
After your selection, Trucrypt will ask you about replacing the document:


Click “Yes”. Then “Next”.
In the “Encryption Settings” window, the program gives you the opportunity to select an encryption and hashing algorithm. I recommend not changing anything:


In the next step, we are kindly asked to indicate the size of the future TrueCrypt container:


I advise you to take a little extra. If your data weighs 200 MB, then it is better to set the size to 250 MB. — you never know if you have to add something.
For example, I set the size to 2 MB.
The next step is probably the most important. We will set a password and more:


I won’t rant too much about the fact that the password should be complex. Of course, it must consist of letters, numbers and symbols @#$%)(^&**(!”;%:?**). Otherwise, why need a password if it can be guessed by brute force.
In addition to the password, you can select the so-called “Key files”. These are ordinary files (photos, videos, text documents), without which it will be impossible to open our encrypted folder. Of course, we are not forced to choose “keywords” - but this is a very good security measure. Even if an attacker can guess the correct password, he will still need to select the correct key file, otherwise access to your data will be denied.
You can even select not one, but several key files, so that no one can gain access. Moreover, the program does not show how many key files the user has specified - 1 or 10. The attacker will have to guess for himself.
I recommend using photographs as key files. Everyone has entire photo albums on their computer. And from this photo album with hundreds of photos, select 2 and set them as “keywords”:


The main thing is to remember them or write down their names, otherwise without them you will not get to the encrypted folder. Remember also that something might happen to the computer or someone at home might delete the folder with “keywords” - then this will be a real disaster for you. Therefore, in addition to your computer, write them down to a flash drive and/or to cloud storage - or .
By the way, you don’t have to set a password to open a container, but open it only using key files. That's exactly what I did.
Next, we need to randomly move the mouse cursor inside the new window:


According to the developers, the cryptographic strength of the container will be even more reliable due to these mouse manipulations. After a few minutes of moving the cursor in the window, click “Place” and TrueCrypt will create an encrypted container:


Depending on the size of the container file, it will take from a few seconds to a few minutes to create the volume. We just have to wait for this time.
The volume has been created, exit the program:


Now we go into this software again and look for our file (in my case it is Ruslan-i-Lydmila-Pushkin.txt) and click on the “Mount” button:


Enter the password, if you set one, and the key files, if you set them. I didn’t set a password for this container, but set only “keywords”:


I press “OK”. That's it, the volume is mounted. Now I go to Windows Explorer and see that a new disk has appeared there:


I can safely throw all confidential files and folders into it. After copying, go to the program interface and click “Unmount”. Now let's try to open this file without TrueCrypt. Here's what we'll see:


This is what we need! Now we have encrypted all our secret files and folders and set a password with key files. Truly impenetrable protection! You can create as many file containers as you like, the program does not limit us in this.
I hope you found the article useful. I say goodbye to you for today and wish you success! See you again!

Category: .

Encrypting files and folders in Windows 8.1, how EFS encryption works, archiving and restoring the EFS key, working with encrypted files. The question of encrypting files and folders in Windows 8.1 most often comes down to the encrypting file system (EFS). Which can encrypt both individual specific files and entire folders. In fact, EFS has been available in Windows for quite some time, and in combination with several encryption systems based on the Advanced Standard (AES), it provides overall computer security.

To encrypt an individual file/folder (or a selected group), follow these steps:

  • Right-click on the item(s) that need encryption. In the options that appear, select " Properties».
  • In chapter " Attributes» click the « button Other».
  • Check the box " Encrypt content to protect data».
  • To start encryption, click OK.

The encryption process, depending on the number of files and folders involved, may take some time.

Do not try to close the dialog box that appears on the screen, because this will cancel the entire process. You can decrypt the necessary files and folders in the same way, on the contrary, by unchecking the option to encrypt contents.

How the EFS encryption system works.

EFS is directly linked to your Windows user account. Every time you log into Windows with your user account, you can automatically read, write, and modify EFS-protected files. However, if you sign in to your system using a different account, or reinstall Windows 8.1 and then sign in with your previously used username and password, these files will no longer be available to you. To access them you will need to import an EFS key. After importing the appropriate key, you will again be able to work on your files.

Archiving and restoring an EFS key.

When you encrypt your files or folders using Windows EFS, a warning will appear on the taskbar prompting you to back up the EFS key. Backing up this key and keeping it in a safe place away from your computer is extremely important. To protect the EFS key, you will be prompted to set a password for it.

In Windows 8.1, you can back up your EFS keys and restore them if necessary by entering the word “encryption” in the search field on the start screen and then selecting “ Managing file encryption certificates" Click on the “Next” button in the “ EFS file system" will launch the creation wizard.

This wizard-based tool is extremely simple and easy to use. By the way, you can set the EFS file system so that it allows access to files only when using a smart card (of course, provided that your computer is equipped with a reader). If you change the EFS key, say you're going to change your computer, you can update the file encryption used.

Working with EFS-encrypted files and folders.

In practice, there are several good reasons why EFS encryption is difficult to recommend. The first and most important is that, although this method encrypts the contents of files, access to the files and folders themselves and viewing all file names for other users still remains open, which, of course, can give them important information.

There is one more significant drawback. Unjustifiably, files or entire folders are often lost. Also, keep in mind that since individual files and folders are encrypted, not an entire volume, they will still remain encrypted even if you copy them or move them to another location.

So if you have an automated backup set up that copies files to an external hard drive or network attached storage device, the backup files will also be encrypted.

Unfortunately, EFS encryption requires NTFS-formatted hard drives to work, and some external hard drives, especially NAS devices, are often formatted using other methods. In these cases, you may encounter the fact that your backups will be completely unreadable when you try to restore them.

If you are a fan of the Windows command line, you can manage encryption of files and folders using EFS there. To do this, use the command in the format cipher [\folder-or-file-1] [\folder-or-file-2].

In the modern world, they are a necessary measure to increase confidentiality. And so far there are no universal means of protecting personal data, which means there is and will be a possibility of information leakage. In matters of security, as in war, all means are fair...

Creating a hidden folder with a password

The Microsoft operating system contains a wide range of tools that are fully accessible within the means of . And thanks to executable files, it is possible to compile any sequence of actions. This is exactly what we will do below.


Note! Never store the "lock.bat" executable file in the same folder as the "Myfolder" directory. As you may have noticed, the password is stored in clear text, which makes the task easier for an attacker. Be guided by the fact that the “key” should not be near the lock!

Instead of an afterword

It is also important that such a solution cannot be detected by ordinary browsing. This means that your confidential data is not so easy to find.
We hope that you also managed to implement this tricky idea with a hidden folder. And if difficulties arise at the stage of creating “lock.bat”, then we suggest downloading and using a ready-made one.

Probably, each of us has folders and files that we would like to hide from prying eyes. Moreover, when not only you, but also other users work at the computer.

To do this, you can, of course, install or archive it with a password. But this method is not always convenient, especially for the files you are going to work with. A program for this is more suitable file encryption.

1. Encryption program

Despite the large number of paid programs (for example: DriveCrypt, BestCrypt, PGPdisk), I decided to focus in this review on the free one, the capabilities of which are sufficient for most users.

http://www.truecrypt.org/downloads

An excellent program for encrypting data, be it files, folders, etc. The essence of the work is to create a file that resembles a disk image (by the way, new versions of the program allow you to encrypt even an entire partition, for example, you can encrypt a flash drive and use it without fear that anyone - other than you, will be able to read information from it). This file cannot be opened so easily; it is encrypted. If you forget the password for such a file, it is unlikely that you will ever see your files that were stored in it...

What else is interesting:

Instead of a password, you can use a key file (a very interesting option, no file - no access to the encrypted disk);

Several encryption algorithms;

The ability to create a hidden encrypted disk (only you will know about its existence);

Ability to assign buttons for quickly mounting a disk and unmounting it (disconnecting it).

2. Disk creation and encryption

Before we start encrypting data, we need to create our disk, onto which we will copy the files that need to be hidden from prying eyes.

To do this, launch the program and press the “Create Volume” button, i.e. Let's start creating a new disk.

Select the first item “Create an encrypted file container” - create an encrypted container file.

Here we are offered two options for a container file:

1. Normal, standard (one that will be visible to all users, but only those who know the password will be able to open it).

2. Hidden. Only you will know about its existence. Other users will not be able to see your container file.

Now the program will ask you to specify the location of your secret drive. I recommend choosing a drive on which you have more space. Usually this drive is D, because Drive C is the system drive and Windows is usually installed on it.

An important step: specify the encryption algorithm. There are several of them in the program. For the average uninitiated user, I will say that the AES algorithm, which the program offers by default, allows you to protect your files very reliably and it is unlikely that any of the users of your computer will be able to hack it! You can select AES and click on “NEXT”.

In this step you can select the size of your disk. Just below, under the window for entering the desired size, the free space on your real hard drive is shown.

Password - several characters (at least 5-6 are recommended) without which access to your secret disk will be denied. I advise you to choose a password that you will not forget even after a couple of years! Otherwise, important information may become inaccessible to you.

After some time, the program will inform you that an encrypted container file has been successfully created and you can start working with it! Great…

3. Working with an encrypted disk

The mechanism is quite simple: select which container file you want to connect, then enter the password for it - if everything is “OK” - then a new disk appears in your system and you can work with it as if it were a real HDD.

Let's take a closer look.

Right-click on the drive letter that you want to assign to your file container, select “Select File and Mount” from the drop-down menu - select the file and attach it for further work.


After you have worked with the disk, you need to close it so that others cannot use it. To do this, you need to press just one button - “Dismount All”. After this, all secret drives will be disabled, and to access them you will need to enter the password again.

By the way, if it’s not a secret, who uses what kind of programs? Sometimes, there is a need to hide a dozen files on work computers...

File encryption programs

Encrypt everything!

Every time information leaks onto the Internet about a scandal involving important documents being leaked somewhere, I ask myself why they were not encrypted? Document security should be everywhere, after all.

Encryption algorithms

The encryption algorithm is like a black box. A dump of the document, image or other file you upload into it is what you get back. But what you see seems crazy.

You can turn this gibberish back into a normal document through the window with the same password that you entered during encryption. This is the only way you will receive the original.

The US government has recognized the Advanced Encryption Standard (AES) as a standard, and all products that are collected here support the AES encryption standard.

Even those who support other algorithms generally recommend using AES.

If you are an encryption expert, you may prefer another algorithm, Blowfish, and perhaps even the Soviet government's GOST algorithm.

But this is completely for fans of extreme entertainment. For the average user, AES is simply an excellent solution.

Public Key Cryptography and Exchange

Passwords are important and you should keep them secret, right? Well, not when using public key infrastructure (PKI), which is used in cryptography.

If I want to send you a secret document, I simply encrypt it with the public key. Once you receive it, you can use it to decrypt the document. It's simple!

Using this system in reverse, you can create a digital signature that verifies that your document came from you and has not been altered. How? Just encrypt it with your private key.

The fact that your public key decrypts it is proof that you have the right to edit it.

PKI support is less common than support for traditional symmetric algorithms.

Many products allow the creation of self-decrypting executable files.

You may also find that the recipient can use a certain tool for free only for decryption.

What's better?

There is now a huge selection of products available in the encryption space.

Everyone simply has to choose a solution that will be convenient in terms of functionality, practical and stylish from the point of view of the interface of the main program window.

A CertainSafe digital safe goes through a multi-step security algorithm that identifies you to the site. You will have to go through multiple authentication checks each time.

Your files are encrypted; if someone tries to hack them, they will fall apart and no one will be able to recreate them. In this case, there is a certain risk, but at the same time, the level of reliability is very decent.

Each piece of the file is then stored on a different server. A hacker who was able to hack one of the servers will not be able to do anything useful.

A lock can encrypt files or simply lock them so that no one can open them. It also offers encrypted lockers to safely store personal confidential information.

Many other useful features include shredding, free space shredding, secure online backup, and self-decrypting files.