In this tutorial I will show you how to install and use AxCrypt which was written by the very talented Svante Seleborg, to encrypt individual files or folders. This is not meant to be an in-depth tutorial, but a basic understanding of how a user can securely encrypt their files or folders. There are no backdoors to this program, so make sure you backup your data regularly so should you encrypt a file and forget the password and/ or loose the Key-File you are covered.
If you use Dropbox or have other ways of syncing your data to other computers/ devices, then encrypting then first with something like AxCrypt would be a wise idea.
AxCrypt uses 128bit encryption as standard, but if you want to truly use the full 128bit encryptions strength, then you should also use a Key-File with your encryption, which I will also demonstrate. Cryptographic primitives are AES-128 and SHA-1. AxCrypt does not secure your entire computer, nor does it posses this functionality. If you wish to fully encrypt your computer, (full disk encryption) then please follow my Truecrypt tutorial here. AxCrypt includes an inbuilt file shredder and can encrypt file that are larger than 4GB.
AxCrypt supports the following Windows OS’s (32bit and 64bit except Win 9x which is 32bit only) and is fully integrated into Windows Explorer:-
- Windows 9x (32bit)
- Windows 2000
- Windows Server 2003
- Windows XP
- Windows Server 2008
- Windows Vista
- Windows 7
There is also a portable version but it is limited in functionality, and the developer recommends the full install package to users. AxCrypt is written in C++ and the source code is available to download as well should you wish to look at it.
Right, let’s begin. Go to the AxCrypt site and download the program that suits your OS. Once you have downloaded it, just run it to install:
Accept the agreement and click Next
You can choose which features you would like to include with the installation here. By default, all features are included which is good. Click Next
That’s the install done. If you want to use the program straight away (which you probably do) then keep the Start AxCrypt box checked and hit Finish. Bear in mind that AxCrypt is integrated into Window Explorer so you will be able to use it simply by right clicking on a file/ folder.
Once you hit finish and the program first starts, you will be presented with the following window:
It is entirely up to you if you wish to give them your email address which will enable the developer to notify you of future updates and will also allow them to collect non-personal information about the language and version you have installed.
Lets take a look at how to use the program. First locate the file you wish to encrypt and simply right-click on it. You will notice that in the right-click context menu you are given 3 different choices of how to encrypt the file/ folder. These are:
- Encrypt (encrypt the actual file)
- Encrypt a Copy (creates a copy of the file and encrypts it)
- Encrypt Copy To .EXE (creates a self-extracting copy of the file and encrypts it for easy sending without the recipient having to install AxCrypt to decrypt it) This would be the best choice if you are going to use it with Dropbox, as you won’t have to have AxCrypt installed on the machine/ machines that you are accessing your Dropbox account on. Just simply drag the encrypted version of the file into your Dropbox account, whilst leaving the original file unencrypted file on your local machine.
You will also see an option Make Key-File. Before we get into actually encrypting the file, lets create a Key-File. (this isn’t necessary for you to do, but it will significantly increase the strength of the security) It is advisable to save the Key-File to a USB stick or floppy. Also you may wish to print the information in the key file, so that should you loose the USB/ Floppy disk you can re-generate it. Right click on the file/ folder you wish to encrypt and choose AxCrypt>Make Key-File. Once you do this you will see the following window:
Click OK and an explorer window will open allowing you to save the file to either a USB or Floppy disk. If you don’t have the USB or Floppy to hand, or you wish to save the Key-File to your HDD etc, you will be shown the following security warning about storing it on a USB/ Floppy instead. It’s a suggestion not a requirement. Click OK if this is what you want to do, or Cancel and save to the preferred location.
The Key-File will be randomly generated for you, but you may edit this if you wish. If you do, make sure not to use any easy to guess phrases/ words/ dates etc and try to use upper and lower case as well as numbers and special chars. (Just don’t loose it) Note: Never encrypt the Key-File itself.
If you want to see what the Key-File actually looks like then here is one that was randomly generated by the program for me:
As you can see, the automatically generated one is very good and has a decent mix of characters.
As I stated earlier, you don’t have to create a Key-File and can just encrypt the file without one as below:
First we will look at Encrypt Copy To .EXE. Right-click on the file and select Encrypt Copy To .EXE from the sub-menu.
Once you have selected this you will see the next window:
Enter your password/ passphrase here and click OK. Please note that you are given the option to create a Key-File which adds to the strength of the security. If you created one earlier, then just click the browse button next to Key-File and locate the file and click OK, which will add it as shown below:
You will notice that if you are encrypting a folder, then the contents of the folder will be encrypted, but not the actual folder itself. To encrypt the folder as well, zip it first. In other words, you can still open the folder and see it’s contents, but you will not be able to open any of the folders within without the password and or Key-File associated with the encrypted folder. Also, remember that the option we are looking at is ‘Encrypt Copy To .EXE’ which means that the program will make and encrypt copies of the files within leaving the originals intact and unencrypted. I actually like this method for sharing files with clients as it creates self-extracting files, so if you were to send those encrypted files to a client, they wouldn’t have to have AxCrypt actually installed on their system in order to decrypt them. They would need the password and or Key-File though. Note in the image below that it has the extension .EXE on the encrypted file.
Next, let’s look at the second option – Encrypt a Copy This is the same as Encrypt Copy To .EXE but it doesn’t create a self-extracting encrypted file/s, but instead just encrypts the files whilst also making a copy of them first. (see image below) Again, if you wish to add a Key-File for added security, you may do so. Just remember not to loose it. Note the extension of .axx instead of .exe
Lastly, lets look at the third and final way, Encrypt. This is the least complicated way and, for me personally more secure as it doesn’t leave a copy of itself, but instead encrypts the file into it own container. The encryption method is exactly the same as the methods above (Right-click on file and select Encrypt, and again, you may use a Key-File as well for added security. Again you will note the extension of .axx, but no copies of the files are made.
That’s it. I hope this has been of some use to you, and I will be adding a few more tips as I keep playing with the program. If you have any comments or tips, please add them in the comments.