By encrypting files they are no longer readable without the unique key or password, which keeps the information locked for others who don't have access to the key or password. But be careful applying encryption: when the unique key or password is lost, the files can no longer be decrypted!
Encrypting an e-mail attachment
It is safer to encrypt confidential files before they are send by e-mail because
there is a risk the e-mail is read by someone who picked up the e-mail before it
was delivered. It is possible that the e-mail is read by someone else because
the password of the mailbox is known by others. For these reasons, it is better
to encrypt the confidential files to make sure they can't be read by someone you
don't know or someone you don't want to read the attachment.
TIP: Especially when a big confidential file is send with a service like http://free.mailbigfile.com, it is wise first to encrypt it. Also think of encrypting files which are carried on an USB-stick!
Using AxCrypt for encryption
The free tool AxCrypt (download:
www.axantum.com/AxCrypt)
uses two different ways to encrypt a file: using a password (passphrase) or a
key-file.
Because AxCrypt is integrated in the Windows Explorer, encrypting is done easily
by right clicking a file and to select AxCrypt.
|
|
The first option (Encrypt) encrypts the file by replacing it (the file extension of the original file is changed to AXX). Because the original file is overwritten, there is a risk that the file can not be restored in case something went wrong while encrypting the file. For this reason it is better to use the second option (Encrypt a copy) to create an encrypted copy (with the file extension AXX as well) of the original file. The third option encrypts a copy of the original file to an executable file (EXE). When this encrypted EXE file is send by e-mail doesn't have to install the program, the passphrase is enough to decrypt the file. When the receiving person has installed the program (and has received the key-file), it is better to use the option Encrypt a copy. The encrypted file will be a lot smaller then the original, which makes zipping no longer needed. Encrypting files this way, makes exchanging file a lot safer!
TIP: When the original file is overwritten with AxCrypt and the passphrase of key-file is lost, the file can no longer be decrypted. Furthermore, it is wise to save a copy of the installation files! When the website is no longer online after reinstalling Windows, decrypting the files is no longer possible!
ATTENTION: The security rules of Outlook Express (XP), Windows Mail (Vista) and Outlook make it difficult (almost impossible) to open attached executable files (EXE). To get access to the executable file in Outlook Express and Windows Mail, click the button to forward the e-mail. This work around does not work for Outlook but getting access to the unsecure attachments is done easily with the free add-on Outlook Attachment Options (download: www.slovaktech.com/attachmentoptions.htm). This add-on is available in Outlook: Tools, Options, tab Attachment Security & Options. For security reasons it is wise to use this option only when the attached files are secure for sure.
The Windows Encrypted File System (EFS)
Both
Windows XP Pro and Windows Vista are able to encrypt files as well. This
encryption method is known as Encrypted File System (EFS) and is only
available for partitions with the NTFS file system. Encrypting a file with EFS
is done by right clicking it and to select Properties, button Advanced,
and to activate the option Encrypt contents to secure data.
Decrypting the files can only be done with the same user account which encrypted the files. As long as the user account can be logged on, access to the encrypted files is still possible. Because the same user account is needed to decrypt the files, there is a risk of loosing your data in case the user account is no longer accessible. So, be careful applying EFS, before you know your files can no longer be accessed!
Copying the unique Encrypted File System-key to a safe location
By
saving the unique EFS-key to a disk or USB-stick, the encrypted files can be
read later on using a different computer or user account. Saving the key is done
in the Internet Explorer, Tools, Internet Options, tab Content,
button Certificates, tab Personal or by the
sub User Accounts in the
Control Panel, task Manage your file encryption certificates (Windows Vista).
Save the certificate to a
safe location, which is not 'encrypted' ;-).
© 2001-2022 - Menno Schoone - SchoonePC - Rotterdam - The Netherlands