Download the program for encrypting folders. Random numbers and strong passwords

Probably, each of us has folders and files that we would like to hide from prying eyes. Especially when not only you, but also other users work at the computer.

To do this, you can, of course, put it or place it in an archive with a password. But this method is not always convenient, especially for those files with which you are going to work. For this, the program is more suitable for file encryption.

1. Program for encryption

In spite of a large number of paid programs(for example: DriveCrypt, BestCrypt, PGPdisk), I decided to stop in this review on a free one, the capabilities of which are enough for most users.

http://www.truecrypt.org/downloads

An excellent program for encrypting data, whether it be files, folders, etc. The essence of the work is to create a file that resembles a disk image (by the way, new versions of the program allow you to encrypt even an entire partition, for example, you can encrypt a flash drive and use it without fear that someone anyone other than you can read information from it). This file is not so easy to open, it is encrypted. If you forget the password for such a file - you will never see your files that were stored in it ...

What else is interesting:

Instead of a password, you can use a key file (a very interesting option, no file - no access to the encrypted disk);

Several encryption algorithms;

Ability to create a hidden encrypted disk (only you will know about its existence);

Ability to assign buttons for fast disk mounting and unmounting (shutdown).

2. Create and encrypt disk

Before proceeding with data encryption, we need to create our disk, on which we will copy the files that need to be hidden from prying eyes.

To do this, run the program and press the "Create Volume" button, i.e. Let's start creating a new disk.

Select the first item "Create an encrypted file container" - the creation of an encrypted container file.

Here we are offered a choice of two options for the container file:

1. Normal, standard (the one that will be visible to all users, but only those who know the password will be able to open it).

2. Hidden. Only you will know about its existence. Other users will not be able to see your container file.

Now the program will ask you to specify the location of your secret disk. I recommend choosing a drive on which you have more space. Usually such a drive is D, because. drive C is the system drive and it usually has Windows installed.

An important step: specify the encryption algorithm. There are several in the program. For an ordinary uninitiated user, I will say that the AES algorithm that the program offers by default allows you to protect your files very reliably and it is unlikely that any of the users of your computer will be able to hack it! You can select AES and click on next - "NEXT".

In this step, you can choose the size of your disk. A little lower, under the window for entering the desired size, the free space on your real hard drive is shown.

Password - several characters (recommended at least 5-6) without which access to your secret disk will be closed. I advise you to choose a password that you will not forget even after a couple of years! Otherwise, important information may not be available to you.

If you want to use strong password, we recommend that you use the generator to create it. The best choice will become a platform that will also answer the question “is my password strong”: https://calcsoft.ru/generator-parolei.

After some time, the program will inform you that the encrypted container file has been successfully created and you can start working with it! Fine…

3. Working with an encrypted disk

The mechanism is quite simple: choose which container file you want to connect, then enter the password for it - if everything is “OK”, then you have new disk and you can work with it as if it were a real HDD.

Let's consider in more detail.

Right-click on the drive letter that you want to assign to your container file, select "Select File and Mount" in the drop-down menu - select a file and attach it for further work.

When it comes to highly sensitive data, encryption adds another layer of protection, ensuring that only the creator of the file can read it. If any other user - even those with administrator privileges - tries to open such a file, they will see either a meaningless character set or nothing at all. In other words, your encrypted data cannot be read unless you are logged into the system under your own account.

ENCRYPTING A WHOLE DISK WITH BITLOCKER

Encrypting files and folders in Windows 7 is a convenient way to protect sensitive data, but storing encrypted and unencrypted data on the same drive can lead to unpredictable results, as described in the "File Encryption" section. However, the owners Windows versions 7 Ultimate and Enterprise can solve this problem by taking advantage of the BitLocker Drive Encryption tool.

BitLocker puts all the data on a drive into one huge archive and accesses it like a virtual hard drive. V Windows Explorer you access BitLocker-encrypted files like any other data - Windows performs encryption and decryption behind the scenes background. The big advantage of BitLocker is that it encrypts Windows files and all system files, and this makes it much more difficult for your password to be cracked and unauthorized access into the system. Also, when the entire drive is encrypted, there is no need to encrypt files individually.

To encrypt a drive, open the BitLocker Drive Encryption page in Control Panel. If a TPM not found error is displayed (TPM was not found), check if there is a TPM-enabled BIOS update for your computer.

TPM, Trusted Platform Module (Trusted Platform Module), is a chip based on motherboard, which stores the BitLocker encryption key. Thanks to it, the computer can boot from an encrypted disk. If the BIOS does not support TPM, then a regular USB disk can be used as such a microcircuit. Open Local Editor group policy(Group Policy Object Editor) (to do this, click on the Start button and run the command gpedit.msc), and then expand the Computer Configuration\Administrative Templates\Windows Components\ BitLocker Drive Encryption). In the right pane, double-click the Control Panel Setup: Enable advanced startup options entry, click Enabled, select the Allow BitLocker without a compatible TPM check box, and click OK .

BitLocker can be used if the hard drive has at least two partitions (more on this in Chapter 4): one for operating system and the second, "active" section with a size of 1.5 GB or more - to boot the computer. If your drive is configured differently, run the BitLocker Drive Preparation Tool (BdeHdCfg.exe) and follow the instructions on the screen to prepare. When the drive is ready, open the BitLocker Drive Encryption page in the Control Panel and click the Turn on BitLocker link.

Hint: if you have a different edition of Window 7 than Windows 7 Ultimate installed, FreeOTFE (http://www.freeotfe.org) and TrueCrypt (http://www.truecrypt.org) utilities offer similar functionality. Both are free and compatible with all editions of Windows 7.

You need to read data from a BitLocker-encrypted drive in Windows Vista or XP? Use the Microsoft BitLocker To Go Reader tool, which is a free download from http://windows.microsoft.com/en-US/windows7/what-is-the-bitlocker-to-go-reader.

You only mark the file as intended for encryption. Windows encrypts and decrypts files in the background when the creator of the file writes it or views it, respectively. True, in Windows 7 encryption on the fly can sometimes surprise, and security is not an area in which you can rely on chance.

Encryption is a feature of the NTFS file system (discussed in the Choose the Right File System section) that is not available on any other file system. This means that if you copy an encrypted file to, say, a memory card, USB drive, or CD, it will not be possible to decrypt it, because these devices file system NTFS is not supported.

How to encrypt a file:

1. Right click click on one or more files in Explorer and select Properties from the context menu.

2. On the General tab, click Advanced.

3. Select the Encrypt contents to secure data check box, click OK, then close the window by clicking OK again.

Whether the file is encrypted or not, you work with it as usual. You will never have to manually decrypt a file to view its contents. For more information on how to quickly encrypt or decrypt a file, see Adding Encrypt and Decrypt Commands to Context Menus on p. 458.

If you decide that you will encrypt files, then you should remember the following:

About Encrypting Folder Contents

When you encrypt a folder that contains files or other folders, Windows asks you if you want to encrypt the contents. In most cases, you simply agree. If you click on the No button in this window, the current contents of the folder will remain unencrypted, but new files will be encrypted. For more information about this, see the "Secrets of Folder Encryption" section on p. 457.

o Encrypted forever?

There is no way to guarantee that an encrypted file will remain encrypted forever. For example, some applications, when editing and saving data, delete the original files, and then create new ones in the same place. If the application does not know that the file needs to be encrypted, the protection disappears. To prevent this from happening, you need to encrypt the parent folder, not just the file itself.

o Protected from other users?

If you change the owner of an encrypted file (as described in the "Setting permissions for files and folders" section), then only the previous owner

The creator of the file will be able to decrypt and view it, even though the file no longer belongs to him. This means that in some cases no user is able to read the file.

About System File Encryption

Because all users need access to certain folders, such as \Windows and \Windows\System, file encryption, system folders and root directories of any drives is prohibited. Therefore, the only way to encrypt such objects is to use full-disk encryption, as described in the sidebar "Whole-disk encryption with BitLocker" on p. 452.

About Encryption and Compression

Compression is another feature of file NTFS systems- allows you to reduce the amount of space that files and folders take up on the disk. The principles of compression are very similar to those of encryption. However, you cannot use both encryption and compression on an object at the same time; turn on one option in the Properties window and the second one will automatically turn off.

Any person has such information on the computer that he would not like to share with others. For example, personal information, important business and financial documents. However, as a result of unforeseen circumstances or deliberate actions, your data can easily fall into the hands of other people, especially if many users work at the computer. In this case, you need to download a folder encoding program that will protect you from any unpleasant situations. The choice of application is very large, users can, who are equally good at their functions. This article will focus on free apps to encrypt and encode folders.

At maximum speed, download the program for encoding folders and files for free

• AES encryption, key length 256 bits.
• Hiding files and folders.
• File encryption (by creating virtual disks - safes) on the fly.
• Online backup.
• Create secure USB/CD/DVD discs.
• Attachment Encryption Email.
• Creation of encrypted "wallets" that store information about credit cards, accounts, etc.

It would seem that the program has enough opportunities, especially for personal use. Now let's look at the program at work. At the first start, the program asks to set a master password, which is used to authenticate the user in the program (Fig. 1). Imagine this situation: you hide files, and someone else runs the program, sees which files are hidden, and gains access to them. Agree, not very good. But if the program asks for a password, then this "someone" will not succeed - in any case, until he picks up or finds out your password.

Rice. 1. Setting a master password on first start

First of all, let's see how the program hides files. Go to section Lock Files, then either drag files (Fig. 2) and folders to the main area of ​​the program or use the button Add. As shown in fig. 3, the program allows you to hide files, folders and drives.

Rice. 2. Drag the file, select it and click the button lock

Rice. 3. Button Add

Let's see what happens when we press the button lock. I tried hiding the C:\Users\Denis\Desktop\cs.zip file. The file has disappeared from Explorer, Total Commander and others file managers, even if display is enabled hidden files. The hide file button is called lock, and the section Lock Files. However, these UI elements should be named Hide and Hide Files respectively. Because in fact the program does not block access to the file, but simply "hides" it. Look at fig. 4. I, knowing the exact file name, copied it to the cs2.zip file. The file copied smoothly, there were no access errors, the file was not encrypted - it unpacked as usual.

Rice. 4. Copy a hidden file

By itself, the hiding function is stupid and useless. However, if you use it together with the file encryption function - to hide the safes created by the program - then the effectiveness of its use will increase.
In chapter Encrypt Files you can create safes (Lockers). A safe is an encrypted container that, after mounting, can be used like a regular disk - the encryption is not simple, but transparent. The same technique is used by many other encryption programs, including TrueCrypt, CyberSafe Top Secret, and others.

Rice. 5. Encrypt Files Section

Click the button Create Locker, in the window that appears, enter a name and select the location of the safe (Fig. 6). Next, you need to enter a password to access the safe (Fig. 7). The next step is to choose the file system and size of the safe (Figure 8). The size of the safe is dynamic, but you can set a maximum limit. This allows you to save disk space if you do not use the safe "to the eyeballs". You can optionally create a fixed size safe, which will be shown in the Performance section of this article.

Rice. 6. Name and location of the safe

Rice. 7. Password to access the safe

Rice. 8. File system and safe size

After that, you will see the UAC window (if it is enabled), in which you will need to click Yes, then a window with information about the created safe will be displayed. In it, you need to click the Finish button, after which the Explorer window will open, displaying the mounted container (media), see fig. 9.

Rice. 9. Virtual disk created by the program

Return to section Encrypt Files and select the created safe (Fig. 10). Button Open Locker allows you to open a closed safe, Close Locker- close open, button Edit Options calls up a menu containing commands for deleting/copying/renaming/changing the password of the safe. Button Backup Online allows you to back up the safe, and not just anywhere, but to the cloud (Fig. 11). But first you have to create an account Secure Backup Account, after which you will receive up to 2 TB of disk space, and your safes will be automatically synchronized with online storage, which is especially useful if you need to work with the same safe on different computers.

Rice. 10. Operations on the safe

Rice. 11. Create a Secure Backup Account

Nothing just happens. You can find storage fees for your safes at secure.newsoftwares.net/signup?id=en . For 2 TB you will have to pay $ 400 per month. 500 GB will cost $100 per month. To be honest, it's very expensive. For $50-60, you can rent a whole VPS with 500 GB "on board", which you can use as storage for your safes and even create your own website on it.
Note that the program can create encrypted partitions, but unlike PGP Desktop, it cannot encrypt entire disks. In chapter Protect USB/CD you can protect your USB/CD/DVD drives as well as email attachments (Figure 12). However, this protection is carried out not by encrypting the medium itself, but by writing a self-decrypting safe to the corresponding medium. In other words, a truncated portable version of the program will be written to the selected media, allowing you to “open” the safe. As such, this program does not have support for mail clients either. You can encrypt an attachment and attach it (already encrypted) to an email. But the attachment is encrypted with a normal password, not PKI. I don't think it's worth talking about reliability.

Rice. 12. Protect USB/CD section

Chapter Make Wallets allows you to create wallets containing information about your credit cards, bank accounts, etc. (Fig. 13). All information, of course, is stored in encrypted form. With all responsibility, I can say that this section is useless, since there is no function for exporting information from the wallet. Imagine that you have many bank accounts and you have entered information about each of them into the program - account number, bank name, account owner, SWIFT code, etc. You then need to provide account information to a third party to transfer money to you. You will have to manually copy each field, paste it into the document, or email. The presence of the export function would greatly facilitate this task. As for me, it is much easier to store all this information in one common document, to be placed on the generated by the program virtual disk- safe.

Rice. 13. Wallets

Benefits of Folder Lock:

• Attractive and clear interface, which will appeal to novice users who speak English.
• On-the-fly transparent encryption, creating virtual encrypted disks that can be handled like regular disks.
• Possibility of online backup and synchronization of encrypted containers (safes).
• Ability to create self-extracting containers on USB/CD/DVD drives.

Program disadvantages:

• There is no support for the Russian language, which will complicate the work with the program for users who are not familiar with English.
• Questionable functions Lock Files (which just hides, not "locks" files) and Make Wallets (ineffective without exporting information). To be honest, I thought that the Lock Files function would provide transparent encryption of a folder / file on a disk, as CyberSafe Top Secret or the file system does.
• Inability to sign files, verify digital signatures.
• When opening the safe, does not allow you to select the drive letter that will be assigned to the virtual drive that corresponds to the safe. In the program settings, you can only choose the order in which the program will assign a drive letter - ascending (from A to Z) or descending (from Z to A).
• No integration with mail clients, there is only the option to encrypt the attachment.
• The high cost of the cloud Reserve copy.

PGP Desktop

Rice. 14. Context menu PGP Desktop

Also, access to the program functions can be obtained through the system tray (Fig. 15). Team Open PGP Desktop opens the main program window (Fig. 16).

Rice. 15. System tray program

Rice. 16. PGP Desktop window

Program sections:

• PGP Keys- key management (both own and imported from keyserver.pgp.com).
• PGP Messaging- management of messaging services. During installation, the program automatically detects your Accounts and automatically encrypts AOL Instant Messenger communications.
• PGP Zip- management of encrypted archives. The program supports transparent and non-transparent encryption. This section just implements opaque encryption. You can create an encrypted Zip archive (PGP Zip) or a self-extracting archive (Figure 17).
• PGP Disk is an implementation of the transparent encryption function. The program can, how to encrypt the entire hard section disk (or even the entire disk) or create a new virtual disk (container). There is also a Shred Free Space feature that allows you to overwrite free disk space.
• PGP Viewer- here you can decrypt PGP messages and attachments.
• PGP NetShare- a tool for "sharing" folders, while the "balls" are encrypted using PGP, and you have the ability to add / remove users (users are identified based on certificates) that have access to the "ball".

Rice. 17. Self decrypting archive

As for virtual disks, I especially liked the ability to create a dynamically sized virtual disk (Figure 18), as well as choosing a non-AES algorithm. The program allows you to select the drive letter to which the virtual disk will be mounted, and also allows you to automatically mount the disk at system startup and unmount it when idle (by default, after 15 minutes of inactivity).

Rice. 18. Create a virtual disk

The program tries to encrypt everything and everything. It monitors POP/SMTP connections and offers to secure them (Figure 19). The same goes for instant messaging clients (Figure 20). It is also possible to protect IMAP connections, but it must be enabled separately in the program settings.

Rice. 19. SSL/TLS connection detected

Rice. 20. PGP IM in action

It's a pity that PGP Desktop doesn't support popular modern programs like Skype and Viber. Who uses AOL IM now? I think there are few of them.
Also, when using PGP Desktop, it is difficult to set up mail encryption, which works only in interception mode. But what if the encrypted mail has already been received, and PGP Desktop was launched after receiving the encrypted message. How to decrypt it? You can, of course, but you have to do it manually. In addition, already decrypted letters in the client are no longer protected in any way. And if you configure the client for certificates, as is done in the CyberSafe Top Secret program, then letters will always be encrypted.
The interception mode does not work very well either, since the message about mail protection appears every time for every new mail server, and gmail has a lot of them. You will get tired of the mail protection window very quickly.
The program also does not differ in stability (Fig. 21).

Rice. 21. PGP Desktop stuck...

Also, after installing it, the system worked slower (subjectively) ...

Benefits of PGP Desktop:

• A complete program used to encrypt files, sign files, and verify electronic signature, transparent encryption (virtual disks and whole partition encryption), email encryption.
• Keyserver support keyserver.pgp.com.
• The ability to encrypt the system hard drive.
• PGP NetShare feature.
• The possibility of overwriting free space.
• Tight integration with File Explorer.

Program disadvantages:

• Lack of support for the Russian language, which will complicate the work with the program for users who do not know English.
• Unstable operation of the program.
• Poor program performance.
• There is support for AOL IM, but no support for Skype and Viber.
• Emails that have already been decrypted remain unprotected on the client.
• Mail protection works only in interception mode, which you will quickly get tired of, since the mail protection window will appear every time for each new server.

CyberSafe Top Secret

Rice. 22. CyberSafe Top Secret Program

However, we still pay attention to some points - the most important. The program contains tools for managing keys and certificates, and the presence in CyberSafe of its own key server allows the user to publish his public key on it, as well as receive public keys other employees of the company (Fig. 23).

Rice. 23. Key management

The program can be used to encrypt individual files which was shown in the article. As for encryption algorithms, the CyberSafe Top Secret program supports GOST algorithms and a certified CryptoPro provider, which allows it to be used in government agencies and banks.
The program can also be used to transparently encrypt a folder (Fig. 24), which allows it to be used as a replacement for EFS. And, given that the CyberSafe program turned out to be more reliable and faster (in some scenarios) than EFS, then it is not only possible, but also necessary to use it.

Rice. 24. Transparent encryption of the C:\CS-Crypted folder

The functionality of the CyberSafe Top Secret program resembles the functionality of the PGP Desktop program - if you notice, the program can also be used to encrypt email messages, as well as to electronically sign files and verify this signature (section Email digital signature, see fig. 25).

Rice. 25. Section Email digital signature

Like PGP Desktop, CyberSafe Top Secret can create virtual encrypted disks and fully encrypt . It should be noted that CyberSafe Top Secret can only create virtual disks of a fixed size, unlike Folder Lock and PGP Desktop. However, this disadvantage is neutralized by the possibility of transparent encryption of the folder, and the size of the folder is limited only by the size free space on the hard drive.
Unlike PGP Desktop, CyberSafe Top Secret cannot encrypt system HDD, it is limited only to encryption of external and internal non-system drives.
But CyberSafe Top Secret has the possibility of cloud backup, and, unlike Folder Lock, this opportunity absolutely free, more precisely, the cloud backup function can be configured for any service - both paid and free. You can read more about this feature in the article.
Two important features of the program should also be noted: two-factor authorization and a system of trusted applications. In the program settings, you can either set up password authentication or two-factor authentication (Fig. 26).

Rice. 26. Program settings

On the tab Allowed. applications you can define trusted applications that are allowed to work with encrypted files. By default, all applications are trusted. But for greater security, you can specify applications that are allowed to work with encrypted files (Figure 27).

Rice. 27. Trusted Applications

Benefits of the CyberSafe Top Secret program:

• Support for GOST encryption algorithms and a certified CryptoPro provider, which allows the program to be used not only by individuals and commercial organizations, but also by government agencies.
• Support for transparent folder encryption, which allows you to use the program as a replacement for EFS. Given that the program provides, such a replacement is more than justified.
• Ability to sign files electronically digital signature and the ability to verify the signature of a file.
• Built-in key server that allows you to publish keys and access other keys that have been published by other employees of the company.
• Ability to create a virtual encrypted disk and the ability to encrypt the entire partition.
• Ability to create self-decrypting archives.
• The possibility of free cloud backup that works with any service - both paid and free.
• Two-factor user authentication.
• A system of trusted applications that allows you to restrict access to encrypted files only to certain applications.
• The CyberSafe application supports the AES-NI instruction set, which has a positive effect on program performance (this fact will be demonstrated later).
• The CyberSafe program driver allows you to work over a network, which makes it possible to organize.
• Russian-language interface of the program. For English-speaking users, it is possible to switch to English.

Now about the shortcomings of the program. The program has no special shortcomings, but since the task was set to honestly compare the programs, the shortcomings still have to be found. If you really find fault, sometimes in the program (very, very rarely) non-localized messages like “Password is weak” “slip through”. Also while the program does not know how to encrypt system disk, but such encryption is not always necessary and not for everyone. But all this is trifles compared to the PGP Desktop freeze and its cost (but you don't know about it yet).

Performance

• The virtual disk size is 2048 MB.
• File system - NTFS
• Drive letter Z:

1. Seq - sequential write/sequential read test (block size = 1024KB);
2. 512K - random write/random read test (block size = 512KB);
3. 4K - the same as 512K, but the block size is 4 KB;
4. 4K QD32 - random write/read test (block size = 4KB, Queue Depth = 32) for NCQ&AHCI.

Let's start with a regular hard drive, so that there is something to compare with. The performance of the C: drive (and this is the only partition on my computer) will be considered a reference. So, I got the following results (Fig. 28).

Rice. 28. Hard drive performance

Now let's start testing the first program. Let it be Folder Lock. On fig. 29 shows the parameters of the created container. Please note: I'm using a fixed size. The results of the program are shown in fig. 30. As you can see, there is a significant decrease in performance compared to the benchmark. But this is normal - after all, the data is encrypted and decrypted on the fly. Performance should be lower, the question is how much.

Rice. 29. Folder Lock Container Options

Rice. 30. Folder Lock Results

The next program is PGP Desktop. On fig. 31 - parameters of the created container, and in fig. 32 - results. My feelings were confirmed - the program really works more slowly, which was confirmed by the test. But when this program was running, not only the virtual disk “slowed down”, but even the entire system, which was not observed when working with other programs.

Rice. 31. PGP Desktop Container Options

Rice. 32. PGP Desktop Results

It remains to test the CyberSafe Top Secret program. As usual, first - the parameters of the container (Fig. 33), and then the results of the program (Fig. 34).

Rice. 33. CyberSafe Top Secret Container Options

Rice. 34. Results of the CyberSafe Top Secret program

I think the comments will be superfluous. The performance rankings were as follows:

1. CyberSafe Top Secret
2. Folder Lock
3. PGP Desktop

Price and conclusions

Table 1. Programs and functions

Tags:

• data encryption
• data protection

• AES encryption, key length 256 bits.
• Hiding files and folders.
• File encryption (by creating virtual disks - safes) on the fly.
• Online backup.
• Create secure USB/CD/DVD discs.
• Encryption of email attachments.
• Creation of encrypted "wallets" that store information about credit cards, accounts, etc.

It would seem that the program has enough opportunities, especially for personal use. Now let's look at the program at work. At the first start, the program asks to set a master password, which is used to authenticate the user in the program (Fig. 1). Imagine this situation: you hide files, and someone else runs the program, sees which files are hidden, and gains access to them. Agree, not very good. But if the program asks for a password, then this "someone" will not succeed - in any case, until he picks up or finds out your password.

Rice. 1. Setting a master password on first start

First of all, let's see how the program hides files. Go to section Lock Files, then either drag files (Fig. 2) and folders to the main area of ​​the program or use the button Add. As shown in fig. 3, the program allows you to hide files, folders and drives.

Rice. 2. Drag the file, select it and click the button lock

Rice. 3. Button Add

Let's see what happens when we press the button lock. I tried hiding the C:\Users\Denis\Desktop\cs.zip file. The file has disappeared from Explorer, Total Commander and other file managers, even if the display of hidden files is enabled. The hide file button is called lock, and the section Lock Files. However, these UI elements should be named Hide and Hide Files respectively. Because in fact the program does not block access to the file, but simply "hides" it. Look at fig. 4. I, knowing the exact file name, copied it to the cs2.zip file. The file copied smoothly, there were no access errors, the file was not encrypted - it unpacked as usual.

Rice. 4. Copy a hidden file

By itself, the hiding function is stupid and useless. However, if you use it together with the file encryption function - to hide the safes created by the program - then the effectiveness of its use will increase.
In chapter Encrypt Files you can create safes (Lockers). A safe is an encrypted container that, after mounting, can be used like a regular disk - the encryption is not simple, but transparent. The same technique is used by many other encryption programs, including TrueCrypt, CyberSafe Top Secret, and others.

Rice. 5. Encrypt Files Section

Click the button Create Locker, in the window that appears, enter a name and select the location of the safe (Fig. 6). Next, you need to enter a password to access the safe (Fig. 7). The next step is to choose the file system and size of the safe (Figure 8). The size of the safe is dynamic, but you can set a maximum limit. This allows you to save disk space if you do not use the safe "to the eyeballs". You can optionally create a fixed size safe, which will be shown in the Performance section of this article.

Rice. 6. Name and location of the safe

Rice. 7. Password to access the safe

Rice. 8. File system and safe size

After that, you will see the UAC window (if it is enabled), in which you will need to click Yes, then a window with information about the created safe will be displayed. In it, you need to click the Finish button, after which the Explorer window will open, displaying the mounted container (media), see fig. 9.

Rice. 9. Virtual disk created by the program

Return to section Encrypt Files and select the created safe (Fig. 10). Button Open Locker allows you to open a closed safe, Close Locker- close open, button Edit Options calls up a menu containing commands for deleting/copying/renaming/changing the password of the safe. Button Backup Online allows you to back up the safe, and not just anywhere, but to the cloud (Fig. 11). But first you have to create an account Secure Backup Account, after which you will receive up to 2 TB of disk space, and your safes will be automatically synchronized with online storage, which is especially useful if you need to work with the same safe on different computers.

Rice. 10. Operations on the safe

Rice. 11. Create a Secure Backup Account

Nothing just happens. You can find storage fees for your safes at secure.newsoftwares.net/signup?id=en . For 2 TB you will have to pay $ 400 per month. 500 GB will cost $100 per month. To be honest, it's very expensive. For $50-60, you can rent a whole VPS with 500 GB "on board", which you can use as storage for your safes and even create your own website on it.
Note that the program can create encrypted partitions, but unlike PGP Desktop, it cannot encrypt entire disks. In chapter Protect USB/CD you can protect your USB/CD/DVD drives as well as email attachments (Figure 12). However, this protection is carried out not by encrypting the medium itself, but by writing a self-decrypting safe to the corresponding medium. In other words, a truncated portable version of the program will be written to the selected media, allowing you to “open” the safe. As such, this program does not have support for mail clients either. You can encrypt an attachment and attach it (already encrypted) to an email. But the attachment is encrypted with a normal password, not PKI. I don't think it's worth talking about reliability.

Rice. 12. Protect USB/CD section

Chapter Make Wallets allows you to create wallets containing information about your credit cards, bank accounts, etc. (Fig. 13). All information, of course, is stored in encrypted form. With all responsibility, I can say that this section is useless, since there is no function for exporting information from the wallet. Imagine that you have many bank accounts and you have entered information about each of them into the program - account number, bank name, account owner, SWIFT code, etc. You then need to provide account information to a third party to transfer money to you. You will have to manually copy each field, paste it into a document or email. The presence of the export function would greatly facilitate this task. As for me, it is much easier to store all this information in one common document that needs to be placed on a virtual disk created by the program - a safe.

Rice. 13. Wallets

Benefits of Folder Lock:

• Attractive and clear interface that will appeal to novice users who speak English.
• On-the-fly transparent encryption, creating virtual encrypted disks that can be handled like regular disks.
• Possibility of online backup and synchronization of encrypted containers (safes).
• Ability to create self-extracting containers on USB/CD/DVD drives.

Program disadvantages:

• There is no support for the Russian language, which will complicate the work with the program for users who are not familiar with English.
• Questionable functions Lock Files (which just hides, not "locks" files) and Make Wallets (ineffective without exporting information). To be honest, I thought that the Lock Files function would provide transparent encryption of a folder / file on a disk, as CyberSafe Top Secret or the EFS file system does.
• Inability to sign files, verify digital signatures.
• When opening the safe, does not allow you to select the drive letter that will be assigned to the virtual drive that corresponds to the safe. In the program settings, you can only choose the order in which the program will assign a drive letter - ascending (from A to Z) or descending (from Z to A).
• There is no integration with email clients, there is only the ability to encrypt the attachment.
• The high cost of cloud backup.

PGP Desktop

Rice. 14. PGP Desktop context menu

Also, access to the program functions can be obtained through the system tray (Fig. 15). Team Open PGP Desktop opens the main program window (Fig. 16).

Rice. 15. System tray program

Rice. 16. PGP Desktop window

Program sections:

• PGP Keys- key management (both own and imported from keyserver.pgp.com).
• PGP Messaging- management of messaging services. When installed, the program automatically detects your accounts and automatically encrypts AOL Instant Messenger communications.
• PGP Zip- management of encrypted archives. The program supports transparent and non-transparent encryption. This section just implements opaque encryption. You can create an encrypted Zip archive (PGP Zip) or a self-extracting archive (Figure 17).
• PGP Disk is an implementation of the transparent encryption function. The program can either encrypt an entire hard disk partition (or even an entire disk) or create a new virtual disk (container). There is also a Shred Free Space feature that allows you to overwrite free disk space.
• PGP Viewer- here you can decrypt PGP messages and attachments.
• PGP NetShare- a tool for "sharing" folders, while the "balls" are encrypted using PGP, and you have the ability to add / remove users (users are identified based on certificates) that have access to the "ball".

Rice. 17. Self decrypting archive

As for virtual disks, I especially liked the ability to create a dynamically sized virtual disk (Figure 18), as well as choosing a non-AES algorithm. The program allows you to select the drive letter to which the virtual disk will be mounted, and also allows you to automatically mount the disk at system startup and unmount it when idle (by default, after 15 minutes of inactivity).

Rice. 18. Create a virtual disk

The program tries to encrypt everything and everything. It monitors POP/SMTP connections and offers to secure them (Figure 19). The same goes for instant messaging clients (Figure 20). It is also possible to protect IMAP connections, but it must be enabled separately in the program settings.

Rice. 19. SSL/TLS connection detected

Rice. 20. PGP IM in action

It's a pity that PGP Desktop doesn't support popular modern programs like Skype and Viber. Who uses AOL IM now? I think there are few of them.
Also, when using PGP Desktop, it is difficult to set up mail encryption, which works only in interception mode. But what if the encrypted mail has already been received, and PGP Desktop was launched after receiving the encrypted message. How to decrypt it? You can, of course, but you have to do it manually. In addition, already decrypted letters in the client are no longer protected in any way. And if you configure the client for certificates, as is done in the CyberSafe Top Secret program, then letters will always be encrypted.
The interception mode doesn't work very well either, because the message about mail protection appears every time on every new mail server, and gmail has a lot of them. You will get tired of the mail protection window very quickly.
The program also does not differ in stability (Fig. 21).

Rice. 21. PGP Desktop stuck...

Also, after installing it, the system worked slower (subjectively) ...

Benefits of PGP Desktop:

• A complete program used for file encryption, file signing and electronic signature verification, transparent encryption (virtual disks and encryption of the entire partition), email encryption.
• Keyserver support keyserver.pgp.com.
• The ability to encrypt the system hard drive.
• PGP NetShare feature.
• The possibility of overwriting free space.
• Tight integration with File Explorer.

Program disadvantages:

• Lack of support for the Russian language, which will complicate the work with the program for users who do not know English.
• Unstable operation of the program.
• Poor program performance.
• There is support for AOL IM, but no support for Skype and Viber.
• Emails that have already been decrypted remain unprotected on the client.
• Mail protection works only in interception mode, which you will quickly get tired of, since the mail protection window will appear every time for each new server.

CyberSafe Top Secret

Rice. 22. CyberSafe Top Secret Program

However, we still pay attention to some points - the most important. The program contains tools for managing keys and certificates, and the presence in CyberSafe of its own key server allows the user to publish his public key on it, as well as receive public keys of other company employees (Fig. 23).

Rice. 23. Key management

The program can be used to encrypt individual files, which was shown in the article “Electronic signature: practical use of the CyberSafe Enterprise software product in an enterprise. Part one" . As for encryption algorithms, the CyberSafe Top Secret program supports GOST algorithms and a certified CryptoPro provider, which allows it to be used in government agencies and banks.
The program can also be used to transparently encrypt a folder (Fig. 24), which allows it to be used as a replacement for EFS. And, given that the CyberSafe program turned out to be more reliable and faster (in some scenarios) than EFS, then it is not only possible, but also necessary to use it.

Rice. 24. Transparent encryption of the C:\CS-Crypted folder

The functionality of the CyberSafe Top Secret program resembles the functionality of the PGP Desktop program - if you notice, the program can also be used to encrypt email messages, as well as to electronically sign files and verify this signature (section Email digital signature, see fig. 25).

Rice. 25. Section Email digital signature

Like PGP Desktop, CyberSafe Top Secret can create virtual encrypted disks and encrypt entire hard disk partitions. It should be noted that CyberSafe Top Secret can only create virtual disks of a fixed size, unlike Folder Lock and PGP Desktop. However, this shortcoming is neutralized by the possibility of transparent encryption of the folder, and the size of the folder is limited only by the amount of free space on the hard disk.
Unlike PGP Desktop, CyberSafe Top Secret cannot encrypt the system hard drive, it is limited to encrypting external and internal non-system drives.
But CyberSafe Top Secret has the ability to cloud backup, and, unlike Folder Lock, this feature is absolutely free, or rather, the cloud backup function can be configured for any service - both paid and free. You can read more about this feature in the article Encrypting backups on cloud services.
Two important features of the program should also be noted: two-factor authorization and a system of trusted applications. In the program settings, you can either set up password authentication or two-factor authentication (Fig. 26).

Rice. 26. Program settings

On the tab Allowed. applications you can define trusted applications that are allowed to work with encrypted files. By default, all applications are trusted. But for greater security, you can specify applications that are allowed to work with encrypted files (Figure 27).

Rice. 27. Trusted Applications

Benefits of the CyberSafe Top Secret program:

• Support for GOST encryption algorithms and a certified CryptoPro provider, which allows the program to be used not only by individuals and commercial organizations, but also by government agencies.
• Support for transparent folder encryption, which allows you to use the program as a replacement for EFS. Given that the program provides the best level of performance and security, such a replacement is more than justified.
• The ability to sign files with an electronic digital signature and the ability to check the signature of a file.
• Built-in key server that allows you to publish keys and access other keys that have been published by other employees of the company.
• Ability to create a virtual encrypted disk and the ability to encrypt the entire partition.
• Ability to create self-decrypting archives.
• The possibility of free cloud backup that works with any service - both paid and free.
• Two-factor user authentication.
• A system of trusted applications that allows you to restrict access to encrypted files only to certain applications.
• The CyberSafe application supports the AES-NI instruction set, which has a positive effect on program performance (this fact will be demonstrated later).
• The driver of the CyberSafe program allows you to work over the network, which makes it possible to organize corporate encryption.
• Russian-language interface of the program. For English-speaking users, it is possible to switch to English.

Now about the shortcomings of the program. The program has no particular shortcomings, but since the task was set to honestly compare the programs, the shortcomings still have to be found. If you really find fault, sometimes in the program (very, very rarely) non-localized messages like “Password is weak” “slip through”. Also, while the program does not know how to encrypt the system disk, but such encryption is not always necessary and not for everyone. But all this is trifles compared to the PGP Desktop freeze and its cost (but you don't know about it yet).

Performance

• The virtual disk size is 2048 MB.
• File system - NTFS
• Drive letter Z:

1. Seq - sequential write/sequential read test (block size = 1024KB);
2. 512K - random write/random read test (block size = 512KB);
3. 4K - the same as 512K, but the block size is 4 KB;
4. 4K QD32 - random write/read test (block size = 4KB, Queue Depth = 32) for NCQ&AHCI.

Let's start with a regular hard drive, so that there is something to compare with. The performance of the C: drive (and this is the only partition on my computer) will be considered a reference. So, I got the following results (Fig. 28).

Rice. 28. Hard drive performance

Now let's start testing the first program. Let it be Folder Lock. On fig. 29 shows the parameters of the created container. Please note: I'm using a fixed size. The results of the program are shown in fig. 30. As you can see, there is a significant decrease in performance compared to the benchmark. But this is normal - after all, the data is encrypted and decrypted on the fly. Performance should be lower, the question is how much.

Rice. 29. Folder Lock Container Options

Rice. 30. Folder Lock Results

The next program is PGP Desktop. On fig. 31 - parameters of the created container, and in fig. 32 - results. My feelings were confirmed - the program really works more slowly, which was confirmed by the test. But when this program was running, not only the virtual disk “slowed down”, but even the entire system, which was not observed when working with other programs.

Rice. 31. PGP Desktop Container Options

Rice. 32. PGP Desktop Results

It remains to test the CyberSafe Top Secret program. As usual, first - the parameters of the container (Fig. 33), and then the results of the program (Fig. 34).

Rice. 33. CyberSafe Top Secret Container Options

Rice. 34. Results of the CyberSafe Top Secret program

I think the comments will be superfluous. The performance rankings were as follows:

1. CyberSafe Top Secret
2. Folder Lock
3. PGP Desktop

Price and conclusions

Table 1. Programs and functions

Tags: Add tags