The objective of the process of encryption is to change the appearance (readability) of information in a way that it cannot be easily read unless it is first decrypted. The objective
of the process of decryption is to restore encrypted information to its original form. The processes of encryption and decryption are very important in a world where it is unwise to
blindly trust people. It is important to encrypt your private information in order to keep it safe and secure. Encryption must be used whenever one transmits any kind of private data
in any form: whether over the internet or physically. For example, an email message is just like an open postcard. The difference is that the unauthorized person who reads the email
can also retain a copy of it, which is just as original and authentic as the copy that reaches the recipient (the person authorized to read it). A simple, effective step-by-step
mechanism on how to exchange information online safely is described in the Exact Steps to Exchange Emails Safely protocol. Similarly, when travelling and carrying information on a flash drive or other media device, it is important that the
information is encrypted so that if the drive is lost or stolen then the data is not intelligible to the person who finds it. Important private data should be kept encrypted even when
held on a desktop system to protect it from the possible threats of burglary or Trojan horse software which may affect any system. Encryption can sometimes be cumbersome as encrypted
data needs to be decrypted before use, and then re-encrypted if it was modified. Depending on the system, there are one or two ways to keep encrypted files, each with their advantages
- Encrypt and Decrypt files using specialized software such as Act On File.
- Can be used on any system on which the software can run.
- Can be used on any media type e.g. hard drive, flash drive, CD, etc.
- Can be used on any file system used on the media drive e.g. NTFS, FAT32, FAT16, etc.
- Can employ a wide range of complex algorithms and passwords/keys.
- When encrypted files are transferred from one device to another via any channel (i.e. over the internet or any kind of wire) they remain encrypted and protected.
- Allows the use of multiple passwords or keys if required, making it increasingly difficult to decipher all encrypted files.
- Can be encrypted and decrypted by various software; all that is required is the encryption algorithm and the password//key.
- Must have the password or key at hand to decrypt the data.
- Need to explicitly decrypt the data to make it usable.
- Need to explicitly re-encrypt the data after it has been modified.
- Encrypt and Decrypt files using the Operating System and File System capabilities when available.
- The user does not need to decrypt the data to view or edit it. The decryption and encryption are done automatically and transparently by the operating system.
- The user does not need to have special password/key at hand as the system login credentials are used (and other user-specific keys) to encrypt and decrypt the data on the fly.
- Not all operating systems support this feature.
- Not all devices and file systems support this feature.
- Always uses the same algorithm and password/key on a particular machine. This is important if the data is obtained in an encrypted form (e.g. by stealing the hardware) and brute force or otherwise attempted to decipher it.
- Data is transferred decrypted. For example when attached to email or copied to a flash drive, the data is transferred decrypted, which completely exposes it to various threats.
- When transferring the data, it must be encrypted explicitly using the appropriate software as in the above method.
- Since the password/key is never explicitly required from the user, the user may feel falsely assured and fail to sustain proper password/key maintenance. This may result in the loss of the encrypted data if, due to system failure, they lose their password/key.
- The user may feel falsely assured of the safety of their data. However, if they leave their system unlocked, all data is available to copy by anyone who gains physical access to the system whilst it is unlocked.
- The user may feel falsely assured of the safety of their data. However, any viruses or spyware which infects their machine would be able to read and use the encrypted data as unencrypted when the user is logged in under their user account.
Although the second method of working with encrypted data may seem to be of a lower standard than the first, it does have its place. For example, it is a good way of encrypting local machine data.
To work safely with private data, one must also use the Eraser module. The True Delete, Erase Scraps,
and Erase Drive functionalities of this module are particularly important when it comes to protecting private data. Please see their respective sections in the help
file for detailed explanations about how to use them.
The field of cryptography is fast developing, with more and more algorithms being invented and providers established. The Act On File Cryptor module aims to give an easy to use but powerful cryptographic
facility that simplifies the process of encryption whilst maintaining the maximum strength. The Cryptor module is used to encrypt and decrypt data, and to generate encryption passwords and keys.