Keeping your personal data safe doesn't have to be difficult—as long as you keep the sensitive stuff encrypted and under your control. That's why this week we're looking at the five best file encryption tools you can use to encrypt your data locally so only you have the key.
Earlier in the week we asked you for your favorite file encryption tools, and you gave us tons of great nominations, but as always, we only have room for the top five.
Advertisement
Zip Reader For Mac in title. Express Zip Free for Mac Utilities - File & Disk Management, Freeware, $0.00, 741.9 KB. Maverick Swift Launch Utilities, Shareware, $12.50, 1.7 MB. SSL Encryption on the command line. OS X has within its UNIX core the facility to encrypt individual files. You can do this on the command line with the 'openssl' command.
What's The Best File Encryption Tool?
Times have changed, and more than a few tools have come and gone that were designed to encrypt your …
Read more ReadFor the purposes of our roundup, we're focusing on desktop file encryption tools - the ones you use on your own computer to encrypt your own private data, not cloud services that promise to encrypt your data, or business services that say they offer encryption. The goal here is to find the best tools you can use to lock down your sensitive files—whether they're photos, financial documents, personal backups, or anything else—and keep them locked down so only you have the key. For those unfamiliar with the topic, we have a great guide on how encryption works, and how you can use it to keep your own data safe.
Advertisement
A Beginner's Guide to Encryption: What It Is and How to Set it Up
You’ve probably heard the word “encryption” a million times before, but if you still aren’t exactly …
Read more ReadWith that out of the way, here are your top five, in no particular order:
VeraCrypt (Windows/OS X/Linux)
Advertisement
VeraCrypt is a fork of and a successor to TrueCrypt, which ceased development last year (more on them later.) The development team claims they've addressed some of the issues that were raised during TrueCrypt's initial security audit, and like the original, it's free, with versions available for Windows, OS X, and Linux. If you're looking for a file encryption tool that works like and reminds you of TrueCrypt but isn't exactly TrueCrypt, this is it. VeraCrypt supports AES (the most commonly used), TwoFish, and Serpent encryption ciphers, supports the creation of hidden, encrypted volumes within other volumes. Its code is available to review, although it's not strictly open source (because so much of its codebase came from TrueCrypt.) The tool is also under constant development, with regular security updates and an independent audit in the planning stages (according to the developers.)
Those of you who nominated VeraCrypt praised it for being an on-the-fly encryption tool, as in your files are only decrypted when they're needed and they're encrypted at rest at all other times, and most notably for being the spiritual (if not almost literal) successor to TrueCrypt. Many of you praised them for being a strong tool that's simple to use and to the point, even if it's lacking a good-looking interface or tons of bells and whistles. You also noted that VeraCrypt may not support TrueCrypt files and containers, but can convert them to its own format, which makes moving to it easy. You can read more in its nomination thread here.
Advertisement
AxCrypt (Windows)
Advertisement
AxCrypt is a free, open source, GNU GPL-licensed encryption tool for Windows that prides itself on being simple, efficient, and easy to use. It integrates nicely with the Windows shell, so you can right-click a file to encrypt it, or even configure 'timed,' executable encryptions, so the file is locked down for a specific period of time and will self-decrypt later, or when its intended recipient gets it. Files with AxCrypt can be decrypted on demand or kept decrypted while they're in use, and then automatically re-encrypted when they're modified or closed. It's fast, too, and allows you to select an entire folder or just a large group of files and encrypt them all with a single click. It's entirely a file encryption tool however, meaning creating encrypted volumes or drives is out of its capabilities. It supports 128-bit AES encryption only, offers protection against brute force cracking attempts, and is exceptionally lightweight (less than 1MB.)
Those of you who nominated AxCrypt noted that it's really easy to use and easy to integrate into your workflow, thanks to its shell support. If you're eager for more options, it also has a ton of command line options, so you can fire up the command prompt in Windows and perform more complex actions—or multiple actions at once. It may not support the strongest or most varied encryption methods available, but if you're looking to keep your data safe from most threats, it's a simple tool that can lend a little security that your data—like files stored in the cloud on Dropbox or iCloud, for example—are secure and convenient to access at the same time. You can read more in this nomination thread here and here.
Advertisement
BitLocker (Windows)
Advertisement
BitLocker is a full-disk encryption tool built in to Windows Vista and Windows 7 (Ultimate and Enterprise), and into Windows 8 (Pro and Enterprise), as well as Windows Server (2008 and later). It supports AES (128 and 256-bit) encryption, and while it's primarily used for whole-disk encryption, it also supports encrypting other volumes or a virtual drive that can be opened and accessed like any other drive on your computer. It supports multiple authentication mechanisms, including traditional password and PINs, a USB 'key,' and the more controversial Trusted Platform Module (TPM) technology (that uses hardware to integrate keys into devices) that makes encryption and decryption transparent to the user but also comes with a host of its own issues. Either way, BitLocker's integration with Windows (specifically Windows 8 Pro) makes it accessible to many people, and a viable disk encryption tool for individuals looking to protect their data if their laptop or hard drives are lost or stolen, in case their computers are compromised, or a business looking to secure data in the field.
Of course, it goes without saying that BitLocker was a contentious nomination. More than a few of you touted BitLocker's accessibility and ease of use, and many of you even praised its encryption for being strong and difficult to crack. Many of you noted that you switched to BitLocker after the developers of TrueCrypt suggested it. Others, however, brought up the assertion made from privacy advocates that BitLocker is compromised and has backdoors in place for government security agencies (from multiple countries) to decrypt your data. While Microsoft has officially said this isn't true and maintains there's no backdoor in BitLocker (while simultaneously maintaining the code as closed source—but available to review by its partners, which include those agencies), the assertion is enough to make more than a few of you shy away. You can read more about the criticism and controversy at the Wikipedia link above, or in the nomination thread here.
Advertisement
GNU Privacy Guard (Windows/OS X/Linux)
Advertisement
GNU Privacy Guard (GnuPG) is actually an open-source implementation of Pretty Good Privacy (PGP). While you can install the command line version on some operating systems, most people choose from the dozens of frontends and graphical interfaces for it, including the official releases that can encrypt everything from email to ordinary files to entire volumes. All GnuPG tools support multiple encryption types and ciphers, and generally are capable of encrypting individual files one at a time, disk images and volumes, or external drives and connected media. A few of you nominated specific GnuPG front-ends in various threads, like the Windows Gpg4Win, which uses Kleopatra as a certificate manager.
Those of you who nominated GnuPG praised it for being open-source and accessible through dozens of different clients and tools, all of which can offer file encryption as well as other forms of encryption, like robust email encryption for example. The key, however, is finding a front-end or a client that does what you need it to do and works well with your workflow. The screenshot above was taken using GPGTools, an all-in-one GnuPG solution that offers keychain management as well as file, email, and disk encryption for OS X. You can read more in its nomination thread here.
Advertisement
How to Encrypt Your Email and Keep Your Conversations Private
Between constant password breaches and the NSA looking in on everything you do, you've…
Read more Read7-Zip (Windows/OS X/Linux)
Advertisement
7-Zip is actually a lightweight file archiver—and our favorite archive utility for Windows. Even though it's amazing at compressing and organizing files for easy storage or sending over the internet, it's also a strong file encryption tool, and is capable of turning individual files or entire volumes into encrypted volumes that only your have the keys to. It's completely free, even for commercial use, supports 256-bit AES encryption, and while the official download is Windows only, there are unofficial builds for Linux and OS X systems as well. Most of 7-Zip's code is GNU LGPL licensed and open to review. Compressed and encrypted .7z (or .zip, if you prefer) archives are easily portable and secure, and can be encrypted with passwords and turned into executables that will self-decrypt when they get to their intended recipient. 7-Zip also integrates with the shell of the operating system you're using, making it usually a click away from use. It's also a powerful command line utility.
Decrypt For Mac
The Best File Archive Utility for Windows
Windows has a number of good file archiving and unarchiving utilities, and which one you use…
Read more ReadAdvertisement
Those of you who nominated it noted that it may not have the most robust user interface, but it gets the job done, and many of you have it installed anyway specifically for its robust file compression and decompression capabilities. You noted it's fast, flexible, free, and easy to use, and while it may not be the fastest file encryption tool (and it's not capable of whole volume or disk encryption), it gets the job done—especially for encrypting files you need to send to someone else and actually have them be able to access without jumping through too many hoops. Some of you noted that 7-Zip's encrypted volumes are flexible—perhaps too flexible, since new files added to an encrypted archive aren't encrypted (you'd have to extract them all and make a new archive for that), but it's otherwise a minor ding. You can read more in its nomination thread here.
Now that you've seen the top five, it's time to put them to an all-out vote to determine the community favorite.
Advertisement
Honorable Mentions
We have two honorable mentions this week. First and foremost is Disk Utility (OS X), which is bundled with OS X as a disk repair and management tool. Disk Utility can also encrypt drives and volumes, and since OS X can create a compressed volume just by right-clicking a file, series of files, or a folder and selecting 'Compress,' Disk Utility makes encrypting anything you want extremely easy. Plus, it's built in to OS X, so you don't need to install anything else. You can read more about it in its nomination thread here.
Advertisement
Second, we should tip our hats to the venerable old TrueCrypt, our old champion, which actually earned a number of nominations in the call for contenders thread. We covered the meltdown of TrueCrypt when it happened, with the developers abruptly abandoning the project claiming that it's no longer secure, in the middle of their independent security audit. The developers suggested switching to BitLocker, and pushed out a new version that's widely considered compromised. However, the older version, 7.1a, is still widely regarded as safe, even though development on it has been abandoned, and the tool has been left without security updates since then. Even so, security analysts split on whether you should trust TrueCrypt or move on to another encryption utility. Many people stand by it even though it's a dead project, others have built their own projects on top of it (see VeraCrypt, mentioned earlier), and others keep using the last safe version. We can't recommend TrueCrypt anymore ourselves, but you can read more in its nomination thread here, and over at Steve Gibson's page dedicated to TrueCrypt here.
TrueCrypt's Web Site Updates with Ominous Warning, Details Unknown
TrueCrypt, one of our favorite file encryption tools, has abruptly changed its homepage to a…
Read moreDecrypt Zip File Windows
ReadAdvertisement
Have something to say about one of the contenders? Want to make the case for your personal favorite, even if it wasn't included in the list? Remember, the top five are based on your most popular nominations from the call for contenders thread from earlier in the week. Don't just complain about the top five, let us know what your preferred alternative is—and make your case for it—in the discussions below.
The Hive Five is based on reader nominations. As with most Hive Five posts, if your favorite was left out, it didn't get the nominations required in the call for contenders post to make the top five. We understand it's a bit of a popularity contest. Have a suggestion for the Hive Five? Send us an email at tips+hivefive@lifehacker.com!
Advertisement
Title photo by andrey_l (Shutterstock).
Turn on and set up FileVault
FileVault 2 is available in OS X Lion or later. When FileVault is turned on, your Mac always requires that you log in with your account password.
- Choose Apple menu () > System Preferences, then click Security & Privacy.
- Click the FileVault tab.
- Click , then enter an administrator name and password.
- Click Turn On FileVault.
If other users have accounts on your Mac, you might see a message that each user must type in their password before they will be able to unlock the disk. For each user, click the Enable User button and enter the user's password. User accounts that you add after turning on FileVault are automatically enabled.
Choose how you want to be able to unlock your disk and reset your password, in case you ever forget your password:
- If you're using OS X Yosemite or later, you can choose to use your iCloud account to unlock your disk and reset your password.*
- If you're using OS X Mavericks, you can choose to store a FileVault recovery key with Apple by providing the questions and answers to three security questions. Choose answers that you're sure to remember.*
- If you don't want to use iCloud FileVault recovery, you can create a local recovery key. Keep the letters and numbers of the key somewhere safe—other than on your encrypted startup disk.
If you lose both your account password and your FileVault recovery key, you won't be able to log in to your Mac or access the data on your startup disk.
Encryption occurs in the background as you use your Mac, and only while your Mac is awake and plugged in to AC power. You can check progress in the FileVault section of Security & Privacy preferences. Any new files that you create are automatically encrypted as they are saved to your startup disk.
When FileVault setup is complete and you restart your Mac, you will use your account password to unlock your disk and allow your Mac to finish starting up. FileVault requires that you log in every time your Mac starts up, and no account is permitted to log in automatically.
Reset your password or change your FileVault recovery key
If you forget your account password or it doesn't work, you might be able to reset your password.
If you want to change the recovery key used to encrypt your startup disk, turn off FileVault in Security & Privacy preferences. You can then turn it on again to generate a new key and disable all older keys.
Turn off FileVault
If you no longer want to encrypt your startup disk, you can turn off FileVault:
- Choose Apple menu > System Preferences, then click Security & Privacy.
- Click the FileVault tab.
- Click , then enter an administrator name and password.
- Click Turn Off FileVault.
Decryption occurs in the background as you use your Mac, and only while your Mac is awake and plugged in to AC power. You can check progress in the FileVault section of Security & Privacy preferences.
Learn more
- Learn how to create and deploy a FileVault recovery key for Mac computers in your company, school, or other institution.
- If you're using FileVault in Mac OS X Snow Leopard, you can upgrade to FileVault 2 by upgrading to OS X Lion or later. After upgrading OS X, open FileVault preferences and follow the onscreen instructions to upgrade FileVault.
- RAID partitions or non-standard Boot Camp partitions on the startup drive might prevent OS X from installing a local Recovery System. Without a Recovery System, FileVault won't encrypt your startup drive. Learn more.
* If you store your recovery key with Apple or your iCloud account, there's no guarantee that Apple will be able to give you the key if you lose or forget it. Not all languages and regions are serviced by AppleCare or iCloud, and not all AppleCare-serviced regions offer support in every language. If you set up your Mac for a language that AppleCare doesn't support, then turn on FileVault and store your key with Apple (OS X Mavericks only), your security questions and answers could be in a language that AppleCare doesn't support.