Thursday, 16 August 2007
Encrypting Files in MS Windows (2)
AXCrypt
Using the context menu, I first tried to encrypt a copy of a directory - this seemed to be doing something - but I'd no idea where it put the encrypted file!
I then tried encrypting in place - the program seemed to stop at shredding the first file.
Eventually it dawned that the program does not created archives - it was encrypting each file in the directory.
In use, it does what its suppoed to. As with 7zip it uses a temporary directory to store the unencrypted file. In some circumstances it seems to have problems deleting the file when the application is finished with it - but it does promise to delete it the next time the computer is started up. This seems to be related to an existing process opening the file (start up MS Excel, open another doc, then open a axx doc).
Saving a modified file caused errors, but subsequently reopening the file from axcrypt it kept the changes.
Its ugly, but fairly fool proof.
CryptonIt
CryptonIt uses asymmetric encryption - and we have no PKI infrastructure. But looks like a worthy successor to the delisted WinCrypt freeware (still available from other sources on the internet).
LockDisk
LockDisk looks interesting but the developers are very vague about the licence and the algorithm.
BladeBox
BladeBox creates a virtual drive (no temp files?) the site claims AES encrpytion but licence terms are not published. Variously listed as shareware and freeware.
CryptoExpertLite
CryptoExpertLite is another virtual drive - nice gui but no dynamic sizing of the drive.
I should point out that I was just joking about the CamelCase thing in my previous post - it seems to be coincidence that all the products which seem to come close to matching my brief
have CamelCase names.
Using the context menu, I first tried to encrypt a copy of a directory - this seemed to be doing something - but I'd no idea where it put the encrypted file!
I then tried encrypting in place - the program seemed to stop at shredding the first file.
Eventually it dawned that the program does not created archives - it was encrypting each file in the directory.
In use, it does what its suppoed to. As with 7zip it uses a temporary directory to store the unencrypted file. In some circumstances it seems to have problems deleting the file when the application is finished with it - but it does promise to delete it the next time the computer is started up. This seems to be related to an existing process opening the file (start up MS Excel, open another doc, then open a axx doc).
Saving a modified file caused errors, but subsequently reopening the file from axcrypt it kept the changes.
Its ugly, but fairly fool proof.
CryptonIt
CryptonIt uses asymmetric encryption - and we have no PKI infrastructure. But looks like a worthy successor to the delisted WinCrypt freeware (still available from other sources on the internet).
LockDisk
LockDisk looks interesting but the developers are very vague about the licence and the algorithm.
BladeBox
BladeBox creates a virtual drive (no temp files?) the site claims AES encrpytion but licence terms are not published. Variously listed as shareware and freeware.
CryptoExpertLite
CryptoExpertLite is another virtual drive - nice gui but no dynamic sizing of the drive.
I should point out that I was just joking about the CamelCase thing in my previous post - it seems to be coincidence that all the products which seem to come close to matching my brief
have CamelCase names.
Encrypting files in MS Windows
I'm currently looking for a product for encrypting files within MS-Windows.
The contents of the file are to be available only to a select number of individuals. The obvious approach was one based on symmetric encryption or quorum type encryption. Although it would be possible to have a system publishing versions encrypted using the individuals public keys this seems overkill.
XP Encryption
Based on previous experience in disaster recovery scenarios my initial thought was to look at facilities built in to the operating system. However even before digging in to the details of the implementation (based on their implementation of pptp and Office password protection, I thought it best to check) I came across a major stumbling block - users in the domain with admin privileges can access the encrypted files. It's not that I'm trying to subvert our security model - quite the opposite; not everyone in the admin group should have access.
7zip Encryption
We are already using 7zip widely but until I started doing some digging on the topic, I was not aware that it also supported encryption. Despite the weaknesses in the implementation (described here for WinZip, most of which applies equally to 7zip) it seemed ideal for our purposes. However when I tried it out, I found that the ergonomics were so bad that it would be unusable for our needs.
I was a bit surprised at this as, for compression purposes I had found the user interface to be very well designed.
Because of the Byzantine procurement process here it is a painful experience to actually buy software - and my experience is that it is always better to try before you buy - hence FOSS software is particularly attractive.
So I'm off to have a look at:
The contents of the file are to be available only to a select number of individuals. The obvious approach was one based on symmetric encryption or quorum type encryption. Although it would be possible to have a system publishing versions encrypted using the individuals public keys this seems overkill.
XP Encryption
Based on previous experience in disaster recovery scenarios my initial thought was to look at facilities built in to the operating system. However even before digging in to the details of the implementation (based on their implementation of pptp and Office password protection, I thought it best to check) I came across a major stumbling block - users in the domain with admin privileges can access the encrypted files. It's not that I'm trying to subvert our security model - quite the opposite; not everyone in the admin group should have access.
7zip Encryption
We are already using 7zip widely but until I started doing some digging on the topic, I was not aware that it also supported encryption. Despite the weaknesses in the implementation (described here for WinZip, most of which applies equally to 7zip) it seemed ideal for our purposes. However when I tried it out, I found that the ergonomics were so bad that it would be unusable for our needs.
- Although not a show stopper, it uses a temp directory on the local machines physical hard disk to store the unencrypted file. It does clean this up after the application using the file is closed, but could provide a new avenue for accessing the encrypted document.
- Under normal operations, when a file within an archive is edited, 7zip automatically puts it back into the archive when the application is exited. It just gives an error when you try this using an encrypted file.
- The password for encryption is set when the archive is created. If you try to add additional files later, these are added unencrypted with no warning.
I was a bit surprised at this as, for compression purposes I had found the user interface to be very well designed.
Because of the Byzantine procurement process here it is a painful experience to actually buy software - and my experience is that it is always better to try before you buy - hence FOSS software is particularly attractive.
So I'm off to have a look at:
Wednesday, 15 August 2007
Joining the blogging generation
Sooner or later I knew I'd end up getting a blog somewhere. Previously I'd published a journal on my NTL homepage - but with only HTML available it was a pain to maintain it (even with PushSite). Since everyone is entitled to my opinion I thought I'd get me a proper blog account somewhere which handles all those cool things like trackbacks and RSS and other such gobbledygook.
Don't expect regular postings or wisdom or much in the way of entertainment - but plenty of ranting and general complaining.
Don't expect regular postings or wisdom or much in the way of entertainment - but plenty of ranting and general complaining.
Subscribe to:
Posts (Atom)