Encrypt Files - Protect Private Information and Communication From Unauthorized Access. Generate Strong Passwords and Public-Private Key Pears.

Act On File Windows Compatibility Seals

This section discusses the Encrypt Files functionality of the Cryptor module.
The Encrypt Files functionality is used to protect private information and communication from unauthorized access and replication. The process of encrypting files is a procedure which changes the content of a file in a way that it becomes unreadable (unintelligible). However, the information is preserved and the file can be restored to its original state if a secret password (or key) and the algorithm which was used to encrypt the file is known. The restoration process is called decryption. The process of encryption is used as a measure to protect data from unauthorized access. There are many kinds of encryption processes, classified in two main categories:
  • Symmetric encryption - symmetric encryption uses two inverse functions to encrypt and decrypt the data and a single password. In order to strengthen this type of encryption, sometimes people use a second password called an Initialization Vector (IV). IV is used to make variations of the encryption, making it more difficult to decipher the encryption results. Although IV is not really a password it should be treated as such.
  • Asymmetric encryption - asymmetric encryption uses a single function to encrypt and decrypt the data and two complementing passwords called keys:
    • Public Key - the Public Key is used to encrypt data. It can be freely given to everyone to encrypt data but it cannot be used to decrypt data.
    • Private Key - the Private Key is used to decrypt data. It must be kept secret or given only to trusted entities authorized to read data encrypted with the complementing Public Key. The Private Key can be used to easily find the complementing Public Key. However, the Public Key is increasingly difficult to use to derive the Private Key, especially as the sizes of the keys grow. Currently, a key length of 256 byte is considered safe as it would take a few thousand years to derive the Private Key from a Public Key of this size. Act On File allows the use of keys as large as 2048 bytes. Note that using larger keys make the process of encryption and decryption increasingly slow.
Capture: Encrypt Files
Encrypt Files

Operation

To encrypt files, you need to place the files and folders into the selected items control of the Encrypt Files functionality. Adding folders to the selection controls makes Act On File encrypt all files contained in the selected folders. If there are any shortcuts in the selected folders, they will be followed or ignored according to the selection in the Shortcuts combo-box. To encrypt the selected items you need to supply Encryption (public or private) Key in the Public Key field, or a password and initialization vector respectively, depending on the selected encryption type. If you do not have a key or password, or you require a new one, you can click the "Generate New Key" or "Generate Password / I. Vector" button, which will make the respective key/password generation dialog appear. You can use this window to generate a new public-private key pair for encryption, or a password and initialization vector. Once you supply the key/password, adjust the encryption controls and the destination for the encrypted files and then click OK to start the encryption process.

The encrypted files are sent to the target location. The encrypted files have new extensions appended to their names "[file name].[file extension].encrypted".

Controls

  
Selection Controls
Encrypt Files Selection Controls
These controls are used to select and display the files and folders for the operation. In addition to the Add Files, Add Folders and Remove buttons, you can use the standard clipboard, drag and drop, and keyboard operations.
ShortcutsSelect the behavior of the functionality in respect to any shortcuts that might be present in the selected folders.
TargetAny shortcut located in selected folder will be dereferenced and its target file or folder will be treated as if it were selected.
IgnoreAny shortcut located in selected folder will be ignored.
Operation Controls
Encrypt Files Operation Controls
and also
Encrypt Files Operation Controls Appendix
These controls are used to control the operation of the module and thus directly affect the results.
TypeSelect the type of encryption required.
AsymmetricAsymmetric encryption - to encrypt the data using a public key (or private key, as the public key can be internally derived from the Private Key). The private key must be known to decrypt the data. The Public Key cannot be used to decrypt the data.
SymmetricSymmetric encryption - to encrypt the data using a single password and possibly an initialization vector, both of which must be known to decrypt the encrypted data.
AlgorithmSelect the particular algorithm to encrypt the data.
RSA- asymmetric - Public-Private Key pair algorithm (AKA RSA). Key size should be larger than 1024 bit (128 byte), key sizes are currently typically between 1024 and 4096 bits (128 to 512 bytes).
AES 256- symmetric - AES (Advanced Encryption Standard aka Rijndael) block encryption algorithm with 256 bit key size.
AES 192- symmetric - AES (Advanced Encryption Standard aka Rijndael) block encryption algorithm with 192 bit key size.
AES 128- symmetric - AES (Advanced Encryption Standard aka Rijndael) block encryption algorithm with 128 bit key size.
RC2- symmetric - RC2 block encryption algorithm.
RC4- symmetric - RC4 stream encryption algorithm.
DES- symmetric - DES encryption algorithm.
3 DES- symmetric - The DES encryption algorithm internally applied three times.
3 DES 2 Key- symmetric - Two key triple DES encryption algorithm with a key length of 112 bits.
PaddingThe encrypting algorithm requires the data that is being encrypted to be of a particular size. To adjust it to the required size, the system will add padding when necessary.
None, 11B adj- asymmetric - Use basic padding.
OAEP+, 42B adj (aka: PKCS#1v2)- asymmetric - Use Optimal Asymmetric Encryption Padding.
PKCS#5- symmetric - Use PKCS#5 padding.
Cipher ModeEncryption works on blocks of data. This option controls how these blocks will be mixed.
ECB(electronic codebook) - the simplest mode - each block of data is encrypted independently.
CBC(cipher-block chaining) - uses an initialization vector, stronger than ECB, similar to the CFB mode. For symmetric encryption, the user must know the secret initialization vector. For asymmetric encryption the user is not concerned with the initialization vector, however for software developers: the initialization vector is produced by repeated concatenation (to match the size of the modulus and when required removing the extra data at the end) of the big-endian SHA1-256 hash of the public key used to encrypt the data.
CFB(cipher feedback) - uses an initialization vector, stronger than ECB, similar to the CBC mode. Not applicable for asymmetric encryption.
Byte OrderWhen blocks of data are encrypted, they can be stored in one of two directions. Different platforms work with one of these directions. Choose the appropriate direction suitable for the system where the data will be decrypted.
Big-EndianStore blocks of encrypted data in Big-Endian byte order.
Little-EndianStore blocks of encrypted data in Little-Endian byte order.
Public Key
(Used for asymmetric (RSA) encryption.)
Select or enter the path to the Public Key that is to be used for encrypting the selected items. It is also possible to use the Private Key to encrypt files, however remember to keep Private Keys safe and secret until such a time as they are to be destroyed using True Delete.
Password
(Used for symmetric encryption.)
Enter the password you want to use to encrypt the data.
Confirm [Password]Enter the password again to confirm it.
HashThe symmetric algorithms work with keys of particular sizes. In order to make any user-entered passwords usable, it is hashed, and the hash is further used to produce a key with a size appropriate for the particular symmetric algorithm. Select which hash algorithm is to be used for producing the encryption key from the entered password. The same hash algorithm must be used when the password is entered for decrypting the data.
Important - Password Strength and Good Practices
In order to keep your data protected, it is important to use strong passwords. That said, you should be able to remember the password easily, or at least record a reference that helps you (and only you) remember it. Never record the password in plain text. A password is considered relatively strong if it has all of the following characteristics:
  • has at least 8 different characters;
  • has upper case characters;
  • has lower case characters;
  • has at least 3 alphabetic characters (A, ..., Z);
  • has at least 2 numeric characters (0, ..., 9);
  • has at least 2 non alphanumeric characters (@, +, !, etc.).
Additionally, it must not contain sequential strings (e.g. "ABC...", "345..", "qwert...", "ZYX...", etc.) and obvious character substitutions (e.g. replacing "i" with "1").
I. Vector (Initialization Vector)
(Used for symmetric encryption.)
Enter initialization vector. Initialization Vector (IV) is a block of data which is used to start the encryption with feedback algorithms. Using IV greatly strengthens the encryption, and although it is not absolutely required it is highly recommended that IV is kept secret and treated as a second "password". The IV for each particular encryption algorithm has a particular size which must be acknowledged when supplying IV by entering the required number of symbols.
Confirm [I. Vector]Enter the initialization vector again to confirm it.
Important - Initialization Vector Strength and Good Practices
In order to keep your data protected, it is important to use strong (random data) initialization vectors when applicable. Although it is not mandatory, it is highly recommended to keep IV a secret. An initialization vector is considered relatively strong if it has all of the following characteristics:
  • has at least 6 different characters;
  • has upper case characters;
  • has lower case characters;
  • has at least 2 alphabetic characters (A, ..., Z);
  • has at least 1 numeric characters (0, ..., 9);
  • has at least 1 non alphanumeric characters (@, +, !, etc.).
Additionally, it must not contain sequential strings (e.g. "ABC...", "345..", "qwert...", "ZYX...", etc.) and obvious character substitutions (e.g. replacing "i" with "1").
LegibleToggle this checkbox to make the password and initialization vector readable or not.
Set DefaultsThe Set Defaults is a user friendly button to set the Operation Controls to a default selection of properties in order help users who might find the settings confusing.
Generate New Key
(Used for asymmetric (RSA) encryption.)
Select this button to invoke the dialog used to generate a new Public-Private Key pair for encryption, or the Public key of an already existing Private Key for encryption.
Generate New Key For Encryption Dialog (Asymmetric Encryption)
Encrypt Files Generate Signature Public Private Key Pair
Use this dialog to generate a new Public-Private Key pair for encryption, or only the Public Key of an already existing Private Key for encryption.
OperationSelect whether to generate a new Public-Private Keys pair, or the Public Key of an already existing Private Key.
Generate New Private-Public Key PairChoose this option to make the functionality generate a new set of keys with the selected key length.
LengthSelect the length of the key to be generated. Smaller keys are easier to break, while larger keys are difficult to break. However, a larger key takes a longer time to generate, import, encrypt and especially decrypt. At present, a key length of 2048 bits (256 bytes) is considered strong.
Save private key asChoose path and filename for the newly generated Private Key. Remember that Private Keys must be kept safe and secret until such a time as they are to be destroyed using True Delete.
Save public key asChoose path and filename for the newly generated Public Key. Give the encryption Public Key to any other party, so that they can encryption information and send it the owner of the Private Key, who only can decrypt the information. Public Keys must be supplied in a way that guarantees that the key belongs to its owner. We publish our Public Key on our website.
Produce Public Key From Private KeySelect this option when the Private Key already exists, and only its Public counterpart is required. Private Keys must always be kept safe and secret, while public keys are intended to be made public. The owner of the Private Key need not always keep a copy of the Public Key, instead they could keep only the Private Key and produce the Public Key at any time and supply it to other parties as needed.
Source private keySelect the Private Key for encryption whose Public counterpart will be produced. Remember that Private Keys must be kept safe and secret until such time as they are to be destroyed using True Delete.
Produce public keyChoose path and filename for the generated Public Key for encryption. Give the Public Key to any other party, so that they can encrypt information and send it to the owner of the Private Key who only can decrypt it. Public Keys must be supplied in a way that guarantees that the key belongs to its owner. We publish our Public Key on our website.
Use this public key to encrypt the selected filesSet this checkbox to copy the path of the selected Public Key into the Public Key selection control of the Encrypt Files functionality to be used to encrypt the selected files and folders content.
On TopSets and clears the Always On Top flag on the owner Encrypt Files window. This checkbox adds or removes the window from the group of Top-most windows.
OKCommits to work.
CancelCloses the dialog without doing any work and returns the control to its owner Encrypt Files dialog.
Generate Password / I. Vector
(Used for symmetric encryption.)
Select this button to invoke the dialog used to generate strong Passwords and Initialization Vectors.
Generate Password / Initialization Vector Dialog (Symmetric Encryption)
Encrypt Files Generate Password Initialization Vector
Use this dialog to generate new Passwords and Initialization Vectors. The size of the generated initialization vectors matches the size required by the currently selected symmetric algorithm.
PasswordA strong password generated by the common rules for strong passwords is placed in this field. You can copy the password to the clipboard, generate a new password, or insert it in the Password field of the parent Encrypt Files dialog by selecting the checkbox below.
New PasswordPress this button to generate a new password.
Use this password to encrypt the selected filesSelect this checkbox to place the currently displayed password in the Password field of the parent Encrypt Files dialog upon pressing the OK button.
Initialization VectorA strong initialization vector generated by the common rules for strong initialization vector is placed in this field. You can copy the initialization vector to the clipboard, generate a new initialization vector, or insert it in the I. Vector field of the parent Encrypt Files dialog by selecting the checkbox below.
New Init. VectorPress this button to generate a new initialization vector.
Use this init. vector to encrypt the selected filesSelect this checkbox to place the currently displayed initialization vector in the I. Vector field of the parent Encrypt Files dialog upon pressing the OK button.
On TopSets and clears the Always On Top flag on the owner Encrypt Files window. This checkbox adds or removes the window from the group of Top-most windows.
OKCommits to work.
CancelCloses the dialog without doing any work and returns the control to its owner Encrypt Files dialog.
Destination Controls
Encrypt Files Destination Controls
These controls are used to direct the output location in which the module will store the encrypted files.
DestinationSelect the output type and location.
Common PlaceAll encrypted files are stored in the target folder and are named "[filename].[extension].encrypted". Caution is required as encrypted files with matching names may overwrite each other.
Original LocationThe encrypted files are deposited in the same folder as the original files and are named "[filename].[extension].encrypted"
Reflecting TreeThe same directory structure as the directory structure of the selected files and folders is replicated, starting from the selected target folder. Each encrypted file is named "[filename].[extension].encrypted" and is deposited in the newly created folder respective to the folder containing the encrypted file.
at folderSelect folder to be used for the "Common Place" and "Reflecting Tree" options.
Send emailSet this checkbox to request the module to start the default e-mail software installed on the machine and attach the encrypted files to a new e-mail message.
Further Actions Controls
Encrypt Files Further Actions Controls
These controls are used to help to automate some common activities after the process is successfully completed.
Delete Source ItemsSet this checkbox to request the module to send the source items to the Recycle Bin after a successful encryption process.
Confirm Delete [Source Items]Set this checkbox to confirm the request to delete the source items after a successful encryption process.
Window Controls
Encrypt Files Window Controls
These controls have generic meanings.
On TopSets and clears the Always On Top flag on the window. This checkbox adds or removes the window from the group of Top-most windows.
OKCommits to work and encrypts the data. Note, an Enter Key (password) dialog will be displayed first.
CancelCloses the window without doing any work. The last selected properties are stored.