Keeping your personal data safe doesn’t have to be difficult—as long as you keep the sensitive stuff encrypted and under your control. That’s why this week we’re looking at the five best file encryption tools you can use to encrypt your data locally so only you have the key.
VeraCrypt (Windows/OS X/Linux)
VeraCrypt is a fork of and a successor to TrueCrypt, which ceased development last year (more on them later.) The development team claims they’ve addressed some of the issues that were raised during TrueCrypt’s initial security audit, and like the original, it’s free, with versions available for Windows, OS X, and Linux. If you’re looking for a file encryption tool that works like and reminds you of TrueCrypt but isn’t exactly TrueCrypt, this is it. VeraCrypt supports AES (the most commonly used), TwoFish, and Serpent encryption ciphers, supports the creation of hidden, encrypted volumes within other volumes. Its code is available to review, although it’s not strictly open source (because so much of its codebase came from TrueCrypt.) The tool is also under constant development, with regular security updates and an independent audit in the planning stages (according to the developers.)
AxCrypt is a free, open source, GNU GPL-licensed encryption tool for Windows that prides itself on being simple, efficient, and easy to use. It integrates nicely with the Windows shell, so you can right-click a file to encrypt it, or even configure “timed,” executable encryptions, so the file is locked down for a specific period of time and will self-decrypt later, or when its intended recipient gets it. Files with AxCrypt can be decrypted on demand or kept decrypted while they’re in use, and then automatically re-encrypted when they’re modified or closed. It’s fast, too, and allows you to select an entire folder or just a large group of files and encrypt them all with a single click. It’s entirely a file encryption tool however, meaning creating encrypted volumes or drives is out of its capabilities. It supports 128-bit AES encryption only, offers protection against brute force cracking attempts, and is exceptionally lightweight (less than 1MB.)
BitLocker is a full-disk encryption tool built in to Windows Vista and Windows 7 (Ultimate and Enterprise), and into Windows 8 (Pro and Enterprise), as well as Windows Server (2008 and later). It supports AES (128 and 256-bit) encryption, and while it’s primarily used for whole-disk encryption, it also supports encrypting other volumes or a virtual drive that can be opened and accessed like any other drive on your computer. It supports multiple authentication mechanisms, including traditional password and PINs, a USB “key,” and the more controversial Trusted Platform Module (TPM) technology (that uses hardware to integrate keys into devices) that makes encryption and decryption transparent to the user but also comes with a host of its own issues. Either way, BitLocker’s integration with Windows (specifically Windows 8 Pro) makes it accessible to many people, and a viable disk encryption tool for individuals looking to protect their data if their laptop or hard drives are lost or stolen, in case their computers are compromised, or a business looking to secure data in the field.
GNU Privacy Guard (Windows/OS X/Linux)
GNU Privacy Guard (GnuPG) is actually an open-source implementation of Pretty Good Privacy (PGP). While you can install the command line version on some operating systems, most people choose from the dozens of frontends and graphical interfaces for it, including the official releases that can encrypt everything from email to ordinary files to entire volumes. All GnuPG tools support multiple encryption types and ciphers, and generally are capable of encrypting individual files one at a time, disk images and volumes, or external drives and connected media. A few of you nominated specific GnuPG front-ends in various threads, like the Windows Gpg4Win, which uses Kleopatra as a certificate manager.
7-Zip (Windows/OS X/Linux)
7-Zip is actually a lightweight file archiver—and our favorite archive utility for Windows. Even though it’s amazing at compressing and organizing files for easy storage or sending over the internet, it’s also a strong file encryption tool, and is capable of turning individual files or entire volumes into encrypted volumes that only your have the keys to. It’s completely free, even for commercial use, supports 256-bit AES encryption, and while the official download is Windows only, there are unofficial builds for Linux and OS X systems as well. Most of 7-Zip’s code is GNU LGPL licensed and open to review. Compressed and encrypted .7z (or .zip, if you prefer) archives are easily portable and secure, and can be encrypted with passwords and turned into executables that will self-decrypt when they get to their intended recipient. 7-Zip also integrates with the shell of the operating system you’re using, making it usually a click away from use. It’s also a powerful command line utility.