In days of yore, if you wanted to keep a document secret, you had two main choices. You could consult your cipher book and write out an enciphered version (and then burn the original). Or you could lock your document in a safe. Using Cypherix Cryptainer PE is like locking up your secure documents. It creates secure volumes that behave just like disk drives when open, but that you can lock to prevent all access. The concept nice and simple, so simple that quite a few security suites toss in this encryption technology as just another security feature. On that basis, Cryptainer’s price is rather high.
Cryptainer comes in several editions: LE, ME, PE, 14.0, and SE. Cryptainer LE is free, with limited tech support and a maximum vault size of 100MB. Cryptainer PE, which is what I tested, cost $45 and lets you create vaults up to 32GB. Cryptainer 14.0 and Cryptainer SE both permit creation of vaults up to 10TB; the main difference between the two is that SE includes a password recovery module and command line processing. The SE edition, meant for enterprises, can also include the corporate license key as part of the volume locking mechanism, meaning that even with the password nobody outside your organization can open a locked volume.
Your $45 purchase gets you a perpetual license to use Cryptainer PE; there’s no yearly subscription. That’s a common model for encryption utilities. The same is true of Cypherix SecureIT, which is a more traditional file- and folder-encryption utility from the same company.
What Is Encryption?
In World War I, British forces kept their communications secret by encoding them with the Playfair Cipher, which enciphers letters two at a time, while the Germans created encoded messages using only the letters A, D, F, G, V, and X. A French cryptanalyst cracked the ADFGVX cipher, and Playfair has since been broken. But in their day, these ciphers served their respective countries well.
Modern encryption algorithms are light-years beyond old-fashioned ciphers. Their output bears no visible relationship to the data that went in, and cracking a modern encryption algorithm would take an impossibly long time. The US Government’s official encryption algorithm is Advanced Encryption Standard (AES). Bruce Schneier’s Blowfish algorithm uses a longer key than AES, so in theory it’d be even harder to crack.
AES, Blowfish, and many common encryption algorithms are symmetric, meaning they use the same key to encrypt and decrypt data. If you want to share an encrypted file, you must find a way transmit the key to the recipient without any possibility of interception. Public Key Infrastructure (PKI) cryptography avoids that problem. In this system, if I want to send you a file, I look up your public key and encrypt the file with it. You use your private key to decrypt the file. Conversely, if I want to prove to you that a document comes from me and hasn’t been modified, I encrypt it with my private key. The fact that you can decrypt it with the public key proves its legitimacy.
Quick and Easy
At the end of the quick installation process, Cryptainer starts the process of creating its primary encrypted volume. You enter a size, up to 32GB, along with the desired volume label. If 32GB isn’t enough, you’ll have to upgrade to one of the advanced versions that supports volumes up to 10TB.
The software offers a default location for the file representing the encrypted volume, but suggests that you may want to customize the name. Next, you enter your password, which can be from eight to 100 characters in length. Like SecureIT, Cryptainer offers a choice between Blowfish and AES algorithms.
Cryptainer displays a strength rating as you type your password, but it’s not reliable. It considers “password” to be a strong password! You get much better advice by launching the Password Quality Meter for a detailed report on your password’s strength. It warns about bad password habits such as including dictionary words and offers advice for improvement such as adding numbers.
The next step may confuse some users. Cryptainer offers you the choice of formatting the volume now or waiting until the first time you try to access it. Here’s the difference. If you let Cryptainer format the drive, it can only use the antiquated FAT (File Allocation Table) file system, which supports drive sizes only up to 2GB. If you hold off and let Windows do it, you can choose the modern NTFS format. That’s the way to go. An instructional popup tells you exactly what settings to use in the format dialog. After the format finishes, another popup reminds you to take note of the filename representing this volume.
Cryptainer’s display resembles that of Windows Explorer, with a folder tree at left, a file list at right, and a toolbar and menu above. If you prefer, you can click a button to view the encrypted volume in Windows Explorer itself.
Using Encrypted Volumes
New since my last review, you can configure Cryptainer to use a virtual keyboard for password entry. That way no hardware or software keylogger can capture the password. A separate “privileged mode” option isolates the password entry process, whether you use the physical or virtual keyboard.
When you unlock an encrypted volume, it looks like a disk drive. You can move files into and out of it, edit them, or delete them. You can do anything that you could do on a regular drive. But when you lock the volume, it completely disappears from Windows Explorer. All that’s visible is the file that holds the encrypted volume’s data, and there’s no way to extract the encrypted volume’s contents from that file.
Cryptainer identifies the first volume you create as the primary volume. This is the one that you see when you launch the program and enter the volume’s password. You can create as many additional volumes as you want. However, these secondary volumes don’t load automatically. The program warns that it’s up to you to remember these filenames, saying, “To safeguard your privacy, Cryptainer does not retain this information.” This notion of primary and secondary volumes adds complexity to an otherwise simple system.
Loading a secondary volume is far from difficult, as long as you remember where to find the file. Click the Additional Volume button, click Load a Volume, select the file, and enter your password.
Note that this encrypted volume technology appears as a feature in some high-end security suites, and it’s typically easier to use than Cryptainer. Kaspersky Total Security offers encrypted vaults for your files and includes a secure deletion tool for wiping the originals. The same is true of Bitdefender Total Security, Trend Micro Maximum Security, and others. Of course, you pay for these suites every year, while Cryptainer is a one-time purchase.
By default, Cryptainer mounts an encrypted volume using the first available drive letter. If you want each volume to always have the same letter, start with Z: and work down. You can also open a volume as read-only, or open it so it’s only visible to the current Windows user account. Secure vaults in InterCrypto’s CryptoExpert offer similar options.
It’s possible to share an encrypted volume with others. They don’t have to buy the program; the free Cryptainer LE will let them view and interact with the volume. Be sure to convey the password securely, perhaps using an encrypted messaging program.
Here’s a clever trick. Install Cryptainer Mobile on a USB drive, and keep it in your pocket when not in use. Now there’s no sign of the program’s presence on your PC, other than a file or two with the extension CXP.
A button titled Secure Email suggested email integration to me, but I was wrong. Clicking it lets you encrypt a file or folder exactly as you would with SecureIT. It’s up to you to email the resulting attachment. You can also use Cryptainer to decrypt files you’ve received via email. The recipient must install the free Cryptainer LE, unless you choose to make the file into a self-decrypting EXE.
When you copy a file into Cryptainer, you haven’t really secured its contents. For full security you must delete the unsecured original. Many encryption tools offer a secure deletion component that both deletes the file and prevents forensic recovery. Seeing an icon marked Shred, I assumed Cryptainer offers such a component. I assumed wrong.
For whatever reason, you can only shred files that are already stored in an encrypted volume. That seems a strange design decision. The point is to secure your sensitive files by shredding the unencrypted originals.
By contrast, Folder Lock makes it easy to shred those originals, foiling even hardware-based forensic recovery. Still more impressive, it can securely overwrite all unused disk space, effectively applying secure deletion to all files you deleted previously.
As noted, CryptoExpert works in much the same way Cryptainer does. Advanced security suites like Bitdefender Total Security, Kaspersky Total Security, and McAfee Total Protection include this functionality as just one of their many features.
Folder Lock covers a wide range of encryption features, including creation of encrypted volumes. It can also simply hide files and folders from view, without encryption. Other features include secure storage of credit card data and other personal data, a history cleaner, and an extra-cost secure backup system.
CertainSafe Digital Safety Deposit Box keeps your encrypted files in the cloud, tearing them into little encrypted bits for storage on different servers. AxCrypt Premium doesn’t work in precisely the same way, but it gets a similar effect by encrypting all files in secured folders any time you sign out of your account.
CryptoForge and InterCrypto’s Advanced Encryption Package stick to the file and folder encryption model. Both can also encrypt arbitrary text which can then be inserted in email, IM, or any kind of message.
Like Folder Lock, Steganos Safe includes a comprehensive secure deletion component. You can protect its encrypted containers using two-factor authentication, hide the very existence of a container, or create a container that occupies an entire disk partition.
NordLocker protects all your lockers with one master password, so you’ll want to use a strong one. Sharing an encrypted locker with another NordLocker user couldn’t be easier.
Expensive for What It Does
Cypherix Cryptainer PE aims to keep your files safe inside its encrypted volumes. It does the job, though its secure deletion tool can’t scrub away traces of the unencrypted originals. The problem is that doing this job doesn’t merit the product’s price, even as a one-time fee. As noted, popular high-end security suites include this functionality as just one of a wealth of features.
AxCrypt Premium is amazingly easy to use and has a very modern appearance. Under that slick exterior, it uses public key cryptography. If you have dangerously sensitive documents to protect, CertainSafe Digital Safety Deposit Box is the way to go. Its multistep security handshake ensures nobody else can get in, and because it stores your files in pieces on many servers, a hacker who managed to breach one server would just have a bunch of useless shreds. Folder Lock offers a broader range of encryption features than its competition. These three are our current Editors’ Choice products for consumer-accessible encryption.
Cypherix Cryptainer PE Specs
|Public Key Cryptography||No|
|Rate Password Strength||Yes|
|Create Encrypted Storage||Yes|
|Create Self-Decrypting EXE||Yes|
|Secure Deletion of Originals||No|