If you’re not familiar with the details of encryption, it may seem like an arcane art, something practiced by security geeks in the depths of the computer lab. But really, encryption is all around you. Most webmail suppliers encrypt your messages. Your smartphone is encrypted well enough that even the FBI can’t get at its contents without a huge amount of effort. If you’re willing to put in a bit of study, Advanced Encryption Package can further protect your privacy by encrypting your most sensitive files and folders. But be warned—while it offers more than more feature-wise, its interface is dated, and a bit peculiar.
For a one-time fee of $49.95, you can use Advanced Encryption Package indefinitely. That’s a common model for encryption products. Those that charge an ongoing fee typically do so because the product requires server-side resources. For example, CertainSafe Digital Safety Deposit Box splits up your encrypted files into little pieces and stores them securely on a raft of different servers. AxCrypt Premium also expends server resources to provide you with its encryption services.
What Is Encryption?
In World War I, British forces kept their communications secret by encoding them with the Playfair Cipher, while the Germans encoded messages using only of the letters A, D, F, G, V, and X. A French cryptanalyst cracked the ADFGVX cipher; Playfair has been solved as well. But in their day, these ciphers served their respective countries well.
Modern encryption algorithms are nothing like old-fashioned ciphers, which could often be cracked by such tricks as charting letter frequencies. Their output bears no visible relationship to the data that went in, and cracking a modern encryption algorithm would take an impossibly long time. The US Government’s official encryption algorithm is Advanced Encryption Standard (AES). Bruce Schneier’s Blowfish algorithm is popular with the security cognoscenti.
AES, Blowfish, and many common encryption algorithms are symmetric, meaning the same key is used to encrypt and decrypt data. If you want to share an encrypted file, you must securely transmit the key to the recipient. Public Key Infrastructure (PKI) cryptography avoids that problem. In a PKI system, if I want to send you a file, I look up your public key and encrypt the file with it. You use your private key to decrypt the file. Conversely, if I want to prove to you that a document comes from me and hasn’t been modified, I encrypt it with my private key. The fact that you can decrypt it with the public key proves its legitimacy. Yes, that’s how digital signatures work.
Getting Started With Advanced Encryption Package
This product’s speedy installer didn’t install any desktop icons on my test system. I launched the program by tapping the Windows key and typing its name.
The main window is dominated by a file/folder tree, with a host of buttons and controls to the right and below it. There are six buttons at top right: Encrypt, Decrypt, SFX (for self-extracting), ZIP, Delete, and E-mail. Below those is a dock-able panel titled Encryption, with a number of detailed options. Below the file/folder tree there are options to filter what file types are shown and define the output folder for encryption activities. There’s also a log of recent activity.
I gazed at all those settings for quite a while, poked at the buttons, entered passwords, all without figuring out how on earth to make the program do anything. As with CryptoExpert, the Help system didn’t launch when I chose Help from the menu. I managed to launch the CHM-format help system manually.
I learned that all the controls I could see were there to set the parameters of the encryption action, and that to actually take action, I should press the large, green button labeled Start. The fact that no such button showed up in the window puzzled me for a moment. Then I resized the window, giving it more height. There still was no large green Start button, but a grey Encrypt Now! button appeared, previously hidden behind the dockable Encryption panel.
Before going further, I need to say something about the program’s appearance. Several of the programs in this arena look a bit dated. Not AxCrypt; it’s ultramodern. But a few of the others have that ten-year-old look, too.
Advanced Encryption Package has the rest beat as far as outmoded bits and pieces. The FAQ reports that the program is Y2K compliant, meaning it doesn’t suffer from a kerfuffle that happened 20 years ago. Other FAQs refer to problems downloading with Netscape Navigator (discontinued in 2007 after a long decline) and Netscape Communicator (dropped in 2006). The main window itself looks partially like a very old version of OS X, with a horizontally striped title bar and a round bead button in the top left corner.
Of course, a program’s appearance may have nothing to do with its performance. With modern design tools it’s a snap to create a beautiful user interface that does absolutely nothing.
Once I found the Encrypt Now! button, the program’s interface made sense. Clicking the six buttons at top right changed the Encryption panel to display controls appropriate to the selected mode. To encrypt the files or folders selected in the tree, you enter a password, re-enter it, and optionally add a password hint. If you’re concerned about keyloggers, you can launch a virtual keyboard for password entry. You can check a box to compress the files before encryption, and another to securely delete the originals.
Next there’s the drop-down list of available encryption algorithms—17 of them! All the usual suspects are there: AES, Blowfish, and Triple DES, as well as the Soviet government’s GOST algorithm, and many more. It turns out that you should select your algorithm (AES is recommended) before trying to enter a password, because the number of characters you are permitted enter varies depending on the algorithm.
As you type, the password quality meter fills up and changes from red to blue. You can control this feature in the Options dialog. By default, it stays red for passwords found in the dictionary and for passwords that are too weak; a slider lets you set how aggressively it defines weak. You can also set it to refuse dictionary words and weak passwords. In testing, though, I found that plenty of dictionary words were accepted.
Once you’ve set all the options and selected the files, you click the big Encrypt Now! button. Encrypted files get the extension .AEP, but the filename portion remains the same. CryptoForge has the interesting ability to encrypt filenames as well, since sometimes just the name of a file is something you wouldn’t want others to see. AxCrypt can do this as well, but it’s a separate operation.
Decrypting one or more files is simpler than encrypting. Select the files, click the Decrypt button, enter the password, and click Encrypt Now! That’s it.
The SFX button creates a self-decrypting archive of the files you’ve selected. It’s a bit simpler than the full encryption process. You don’t get a choice of algorithm; it always uses AES. You do still enter your password and hint, of course. You also have the option to compress the files, shred the originals, or both. But the controls for this last pair of settings are completely different from the same-purpose controls for straight encryption.
Since the program already has the ability to compress source files before encryption, it’s no surprise that it offers ZIP compression without encryption. You can also securely delete files, or email them as attachments using your default email client.
There’s not a lot of point in creating encrypted copies of your files if you leave the unencrypted originals lying around, and merely deleting them, even if you bypass the Recycle Bin, leaves them open to forensic recovery. That’s where secure deletion comes in. Overwriting the file’s data before deletion foils forensic recovery.
Cypherix SecureIT lets you choose to overwrite file data up to 20 times, while CryptoForge offers an over-the-top 99 passes. Advanced Encryption Package defaults to a quick one-pass wipe, which should be sufficient to prevent all but the most advanced, hardware-based recovery.
Digging into the program’s options, you’ll find that there are a ton of choices for secure deletion, 18 in all. Several are government standards, defined by the US Department of Defense, the Royal Canadian Mounted Police, and NATO, among others. The list tops out with the 35-pass algorithm devised by Peter Guttmann.
But that’s not all! Like CryptoForge, this tool can wipe all traces of the filename from the file system, and it can process NTFS Alternate Data Streams and other NTFS-specific elements. By default, it wipes the entirety of the last data cluster allocated to the file, not just the in-use part.
Public Key Encryption
So far, I’ve been talking about symmetric encryption, meaning that the same password serves to encrypt a file and to decrypt it. Advanced Encryption Package also supports public key encryption. To use this mode, you’ll need to get the public key file from anyone you want to share data with, and give them your public key. Hey, it’s public! Decryption uses the private key, which you should guard carefully.
Creating a new key pair is a simple matter of launching the Keys Manager. By default, you get the longest available key, 2048 bits. I’m not sure why you would choose a shorter length. Here’s a nice touch; you can encrypt your private key, so it’s not exposed when not in use. When you go to decrypt a received file, the program decrypts your private key and applies it.
Keys Management is also the place to import any key files you’ve received from others. PKI support is uncommon. AxCrypt is the only other of the current group that supports it. It’s especially useful for exchanging data securely.
On the Tools menu you’ll also find an option to invoke the Password Generator, but be warned—it’s funky. To start with, the default settings create a five-character all-uppercase password. That’s just too weak. You can add lowercase letters, digits, punctuation marks, and special characters.
I didn’t see a maximum length reported, so I entered 99,999. An unhelpful error message advised me to enter a length greater than four. When I entered 999, the program hung completely, forcing me to kill and re-launch it. The same happened when I entered 99.
On closer examination, I realized that the password length was a simple drop-down list, with values from four to 15. Generating a 15-character all-uppercase password still seemed to hang the program temporarily, but it did the job. Adding more character sets made the process go faster. Fortunately, generating passwords isn’t a core feature for an encryption tool.
AxCrypt also includes a password generator, one that you can use just by visiting the company’s website. However, it aims to produce passwords that are memorable but not guessable, and it does so in a trice.
Rummaging through the Options dialog, I found some configuration choices that could substantially change the way the program operates. I’ve already mentioned Password Quality and Secure Deletion settings options; there’s more to see on the Interface page.
Remembering a different password for every file and folder would be tough, so I’m sure many users just apply the same password to every operation. If you’re doing that anyway, you can protect Advanced Encryption Package as a whole with one master password, and optionally use that password for every encryption and decryption operation. AxCrypt, CryptoForge, and CryptoExpert also have the ability to keep a master password in memory, but they also employ some kind of timeout, after which the master password must be reentered.
In this dialog you can also set the product to keep a log, to refrain from masking passwords, and to launch its Tray Agent at startup. That was the first I had seen of the Tray Agent, which is the only way to access the Clipboard Encryptor.
Before you can use the Clipboard Encryptor, you must enable its hotkey, which is Ctrl+F12 by default. Done? OK, now select some text, copy it to the clipboard, and press Ctrl+F12. This brings up a window containing the text you copied. Here you can enter a password and optionally cache it for further clipping. By default, the encrypted text goes back to the clipboard, and the wizard closes.
At this point you can copy the block of text into an email message, IM chat, or any text-based medium. The recipient will, of course, need a copy of the program in order to decrypt the block of gibberish.
If the clipboard contains a block of encrypted text, pressing Ctrl+F12 brings up a decryption window. As with encryption, by default the decrypted text goes back to the clipboard.
CryptoForge also lets you encrypt text, but it goes a bit beyond. It displays a WYSIWYG text editor, capable of importing RTF files. You can drop files into your document. The output is still a block of plain text that you can use to, say, send files to an email account that doesn’t accept attachments.
Advanced and Missing Features
IT experts and crypto hobbyists will love the fact that this product can be controlled from the command line. This feature makes it possible to perform repetitive encryption tasks using batch files. Admittedly, most of the products I’ve reviewed recently include command-line control. CertainSafe doesn’t, and Cypherix requires an upgrade to get the command-line option.
According to the help system and website, I should be able to add a USB drive as a second authentication factor, just as I could do with CryptoExpert. However, I couldn’t find that feature anywhere, and the screenshots in the help system didn’t resemble the current product at all. The help system also states that it “has user privacy tool removing all Internet traces…” This, too, proved elusive.
One for the Experts
There is no question that Advanced Encryption Package offers more choices of encryption and secure deletion algorithms than the rest of the apps we’ve reviewed. None of them come close. Its support of PKI also impresses. However, it’s also more complex than the rest, and the user interface is dated and at times confusing. Crypto experts will have a field day with this one.
Average users should probably pick something else. If you have a serious need for security, CertainSafe Digital Safety Deposit Box is surely the best choice. Just getting into your account requires a multistep handshake, and since your files aren’t stored in one place, there’s no way one data breach could expose them. AxCrypt Premium is pretty much the opposite of Advanced Encryption Package as far as ease of use, and yet it’s the only other one of the current group that offers public key encryption. Folder Lock brings a broad collection of security features in a much more palatable package. These three are our current Editors’ Choice products for consumer-accessible encryption.
Advanced Encryption Package Specs
|Public Key Cryptography||Yes|
|Rate Password Strength||Yes|
|Create Encrypted Storage||No|
|Create Self-Decrypting EXE||Yes|
|Secure Deletion of Originals||Yes|