In plain English as much as possible, this is intended to be an overview and fill-in-the-gap clarification for data encryptions. It is written to help one to choose/understand the commonly available options.
Encryption Method
An encryption method is always rated with its speed of encrypting/decrypting the data and how secure is the data with it.
Just to name a few, DES, 3DES, Blowfish are outdated.
Nowadays, AES is the standard encryption method among all encryption tools and it has wide hardware support to accelerate it. It is strong enough to take billions of years for the most advanced supercomputer in the world to crack it.
Alternatively, Serpent and Twofish are strong competitors to AES, but they are much slower in speed than AES and not widely supported.
XChaCha20 can be the next generation of encryption method, it works with each bit of data at a time versus AES works with block of data at a time. In this way, it is less prone to human errors when unexpected interruption during data manipulations. It is also much faster than AES and it does not require hardware for acceleration.
Ways To Encrypt
The encrypted data can be in the form of a file, a part of a disk and a whole disk.
Encryption tools can target a folder, where the sub-folder(s) and file(s) within that folder will be all encrypted.
Overall, there are tools to encrypt the following:
- individual file name
- individual folder name
- individual file content
- all contents inside an individual folder
- all contents on a disk partition/volume
- all contents on a whole disk (data/system)
Encryption Processes
The process of "adding new data to be encrypted" will required first to "create/copy the data" then encrypting it.
The process of "viewing/editing the encrypted data" will require first to decrypt it then viewing/editing it then encrypting it back.
There are tools to do the above processes either manually in every step OR automatically (in real-time).
It is important to note that the real-time tools can view/edit a portion of a file/disk without entirely decrypting it, but the manual tools are generally not designed with this partial view/edit feature.
Typical Common Usages
Real-time file/folder encryptions are great to use with cloud storage services such as Google Drive, Dropbox and etc. Any incremental changes to any files/folders will be sync to the cloud drives individually.
Real-time disk encryptions are great for maximum protection for the whole operating system along with the programs, settings, cache files, temporary files and etc. However, this option is not suitable for cloud storage services.
Manual file encryptions are generally use for archive purposes, but not suitable for real-time modifying purposes.
Popular Tools
File Encryption Tools
Individual manual file encryption
(ex. WinZip, 7-zip, WinRAR, ...)
Real-time file encryption
(ex. FileWall, ...)
Real-time File name encryption
(ex. FileWall, ...)
Indirect real-time file encryption
(ex. Boxcryptor, Cryptomator, ...)
Indirect real-time file name encryption
(ex. Boxcryptor, Cryptomator, ...)
Folder Encryption Tools
Virtual folder encryption in a file
(ex. FileVault, ...)
Real-time Folder name encryption
(ex. FileWall)
Indirect real-time folder name encryption
(ex. Boxcryptor, Cryptomator, ...)
Disk Encryption Tools
Virtual disk encryption in a file
(Truecrypt, VeraCrypt, ...)
Virtual disk encryption in a folder
(ex. Boxcryptor, Cryptomator, ...)
Direct encryption on a data disk volume/partition
(Microsoft Windows EFS, Microsoft Windows BitLocker, FileVault 2, Truecrypt, VeraCrypt, ...)
Direct encryption on an operating system disk volume/partition
(Microsoft Windows EFS, Microsoft Windows BitLocker, FileVault 2, Truecrypt, VeraCrypt, ...)
Direct whole disk encryption
Multi Platform Support
Although the operating systems: Microsoft Windows, Apple macOS, Android, Apple iOS, Linux and its distros are the commons, but it is very difficult to find an encryption tool that support them all. Sometimes, an encryption tool will only support a limited range of versions of the same operating system.
Choosing a tool that support various Operating System is important when sharing data across different devices such as android smartphone, apple smartphone, computers and etc.
(Ex. BoxCryptor, Cryptomator)
User Privacy
Open Source tools are generally considered safer, because their source codes are open to the public community to audit for security issues and loopholes.
(Ex. VeraCrypt, Cryptomator, TrueCrypt, DiskCryptor, ...)
For Closed Source tools, one has to trust their source codes are safe, because the sources codes are kept in secret.
(Ex. BoxCryptor)
Built-in tools are for their respective Operating System only. One has to trust their source codes are safe.
(Ex. Microsoft Windows EFS, Microsoft Windows BitLocker, Apple macOS Vault, Apple macOS Vault 2, ...)
Operation Modes
Traditional encryption tools can be used completely offline.
(Ex. VeraCrypt, TrueCrypt, DiskCryptor, Cryptomator, ...)
Some encryption tools often require you to logged in with a user account.
(Ex. BoxCryptor)
Online cloud storage with encryption as default. Data is claimed to be encrypted during the upload process before being stored on the server side.
(Ex. Google Drive, Dropbox, OneDrive, NordLocker, Tresorit, ...)
For Device Encryption, it is a non-tool option and all its related encrypted data can only be use within that particular device.
It can be hardware-based, a TPM microchip install on a motherboard, a SSD with built-in encryption and more. (A TPM can also be firmware-based on a motherboard)
It can be operating system-based in most smartphones.
Caution Of Uses
For folder-level and disk-level encryption, the action of moving/copying "files or sub-folders" to outside the encrypted folder/disk will result in those files/sub-folders being decrypted. This is commonly overlooked that leads to accidental data leaks.
Only file-level encryption will allow the freedom to move/copy files to anywhere without being decrypted.
Online storage, subscription, login-based encryption tools are no guarantee that their services are forever and 100% uptime.
Offline tools do not have those inherit problems except these tools can still become not usable when the evolving operating system no longer allow them to run.
Additional Short Notes On The Popular Encryption Tools
Microsoft Windows BitLocker
Built-in for Microsoft Windows 7 and up.
Not available for all Home editions of Microsoft Windows.
FileVault 2
Built-in for MacOS X 10.7 and later
TrueCrypt
(Open Source, Free)
It is no longer maintained due to a mysterious sudden shut down claiming it is unsafe to use. Public security audit did not find any major issues.
VeraCrypt
(Open Source, Free)
It is the successor of TrueCrypt.
DiskCryptor
(Open Source, Free)
It runs faster than TrueCrypt.
It has not been updated since 2014!?
FileVault
(Built-in for Mac OS X 10.3 and up to 10.6)
A file container to emulate a user's home directory
Cryptomator
(Open Source, Free)
In older versions of Cryptomator, it is slow and problematic to play and store large video files, because it uses the WebDAV communication protocol that has a limitation on the file size at 4GB and up.
Minimum Windows 10, Version 1803
Boxcryptor
(Dropbox acquired Boxcryptor)
It advises users to decrypt all their valuable contents before the end of their contractual term, because it is shutting down its service.
Needs to log in to use, it is design to be an online sharing tool with encryptions.
Working with the encrypt files or folders must be through an emulate view of a drive, they cannot be view directly at those original locations.
Off-Migration Guide: Decrypt all Boxcryptor encrypted files
FileWall
(Closed Source, Not Free)
It is a rare one that does direct file/folder name encryption and direct file content encryption, but it is no longer updating.
It is available only on Microsoft Windows.
Within the file explorer, it has problems with displaying thumbnails of photos and videos after encryption.
More to come! Stay tune for part TWO!
