Chances are you have sensitive files on your computer. How about a list of passwords in a Word document, electronic copies of your tax returns, or job applications that contain your social security number? If it’s on your computer, it’s at risk. And not just from people who sit in your chair, but from viruses and evil hackers, too. You need to lock it down with encryption. That’s not a suggestion these days – it’s essential. AxCrypt is a secure, easy solution that can help you do just that.
Expand Table of Contents
What Is Axcrypt?
AxCrypt by Axantum Software is a free program that lets you protect your files by encrypting them. Encryption is more secure than just password protection. Passwords only put the equivalent of a padlock on the data. Encryption actually scrambles the data so that only the ones who hold the encryption key can unscramble it.
There are several of these types of programs, such as TrueCrypt and GNU Privacy Guard (which are also very good). But AxCrypt is my favorite in the ease-of-use category for those who just want it to work without worrying about lengthy configurations.
Their site documentation is thorough and well done, clearly informing you of AxCrypt’s limitations and best uses, including a very informative FAQ. I would recommend taking a look once you get it up and running. But because of its simplicity, it does have its limitations. So let’s take a look at it now.
Some Possible Uses for AxCrypt
- Secure sensitive files on your computer
- Send secure attachments in emails
- Secure files on your flash drive
- Secure the files you put in Dropbox or other file sharing services
- Share encrypted files on a network
- Encrypt a program’s executable so it won’t be able to run without decrypting it
- Strong encryption
- No configuration needed
- Open source
- Automatic key generation
- Open encrypted files on computers without AxCrypt
- File shredder
- Portable version
AxCrypt ultilizes its encryption algorithm in a very competent manner. As such, it’s very secure and much stronger than Windows’ built-in Encrypting File System (EFS) – and even easier to use.
There’s nothing you need to do to configure AxCrypt. In fact, there are no configuration options at all. This is good for those who want it simple. AxCrypt is about as simple as you can get and still maintain good security on your files.
AxCrypt is open source under the GNU general public license, meaning anyone can open the code and see how it’s programmed. This is a good thing because there is a lot of accountability this way. There’s no way to hide anything malicious in a program that’s open source and it allows the community of programmers to ensure its encryption methods are reliable. Open source also means the program will remain free.
If you want, you can let AxCrypt create a very good random encryption key and save it somewhere so you don’t have to remember a lengthy password.
AxCrypt will let you encrypt a file to a self-decrypting executable format (e.g. TaxReturn.exe). That means you can open the file on another computer that does not have AxCrypt installed. Very handy if you need access an encrypted file when you’re not at your own computer. You will not be able to make changes to the encrypted file, however.
There is a basic file shredder included in AxCrypt. This will securely delete files so that they are unrecoverable. Use with caution as you can never get shredded files back.
There is a portable version available that lets you put it on a removable drive (like a thumb drive) to carry it around if you ever need to open and edit your encrypted files on the go.
- Will not encrypt folders
- No configuration options
AxCrypt only works on individual files. There is no way to create an encrypted container in which to store multiple files. You can encrypt or decrypt everything inside a folder at once, but all the items are encrypted individually.
What makes AxCrypt so simple also limits its capabilities. For those of us who want more control, like to change the encryption method or fine tune usage options, we’re bum out of luck. What they give you is what you get. Fortunately, what they give you is very good.
AxCrypt Technical Specifications
- 128-bit AES encryption (see official FAQ for more algorithm details)
- Passwords hashed with SHA-1
- File integrity verified with SHA-1
- Time-stamp of encrypted file gets updated when file changes
- Included command-line interface for scripting and programming
How To Install AxCrypt
1. Download AxCrypt from the official website. We’re doing the full install so select the first option for download. The version number you see might be different than what’s in this picture.
2. Run the installer file you downloaded if it doesn’t start automatically. Follow the onscreen instructions.
3. During the install process, be sure to uncheck any additional crapware that it tries to install. The image shows some things that it may try to put on your computer, but what you see may be different.
4. At the end it will ask you if you want to register. That is up to you. They will ask for your email address and put you on their mailing list.
How To Use AxCrypt
AxCrypt does not have a window you can open like traditional programs. All the interaction is done in right-click menus.
1. Organize the files you want to encrypt into folders. AxCrypt can do many files at once if they’re in the same folder. So I recommend putting all the files you want encrypted into one folder called “Encrypted”, or do like I did and create a folder structure for each type of document. It’s up to you.
2. Right click on the file/folder you want to encrypt and select AxCrypt from the context menu. Then select Encrypt to encrypt the file or all the files in the selected folder.
3. Create a passphrase. Important: in order to get the full security that AxCrypt can offer, your passphrase should be long! The reason is that your passphrase is actually the encryption key that it uses to encrypt your data. The stronger the passphrase, the stronger the encryption. Make it as long as you possibly can and still remember it, using several words and numbers strung together. AxCrypt recommends that it be at least 22 characters, and at least 5 words strung together. For the strongest security, read about key-files in the key-files section.
4. After a file is encrypted, its icon changes to the AxCrypt shield. It also changes the file extension to .axx and appends the file’s original extension to the new filename.
5. When you open the encrypted file, it will ask for your passphrase. Type it in and click OK, then you can edit and save the file just like normal. When you save it, it will save it back into the encrypted file automatically.
Do not check the box that says “Remember this for decryption” or else it will remember your passphrase. This would completely undermine the whole purpose of encryption since anyone could open your files without needing the passphrase. If you already checked that box, go to the right click menu and select “Clear Passphrase Memory”.
6. If you decide you no longer want to keep a file encrypted, you can select Decrypt from the right-click menu and it will permanently change it back into the plain-text version.
AxCrypt Advanced Features
Instead of creating a passphrase (password) that you’ll have to remember, AxCrypt gives you the option to create a key-file. All this does is create a text document with a long randomly-generated key inside. You can use the same key-file to encrypt as many files as you want.
AxCrypt uses this key just like it does your passphrase. The benefit of using a key-file instead of a passphrase is that the key-file will be many times stronger, and you won’t have to remember it since it’s saved in a document.
However, using a key-file can be more cumbersome. First, you’ll need to keep it stored on a removable device, like a thumb drive, so that it’s not within reach of your encrypted files should your computer be compromised. Second, if you ever lose the key-file, there is absolutely no way to recover the data that’s encrypted. The same is true with a passphrase, but at least you stand a chance of remembering a passphrase at some point. You won’t have the key-file memorized.
That’s why AxCrypt recommends 1) printing your key-file on to real paper and 2) never encrypting your key-file itself. I would recommend using the key-file option if you can. It’s exponentially more secure. Although, if you know how create a good long passphrase then you should be okay with that option as well.
To make a key-file, you’ll need to right-click on any file or folder (it does not matter which one), and select AxCrypt, then Make Key-File. You only have to create the file once and you can use it for as many files as you want.
Encrypt a copy
This should be used if don’t want to encrypt the file on your computer, but you do want to encrypt it for taking off your computer. For instance, if you want to put it on a thumb drive for transport or send it in an email. This will make an encrypted copy without deleting the original version. However, any computer that you want to open it on must have AxCrypt installed.
Encrypt copy to .EXE
This option creates an encrypted file that does not need AxCrypt to open it. For instance, you want to share an encrypted file with a friend, but that friend does not have AxCrypt installed. They will be able to open the .EXE you created just like normal, as long as they have the password. However, you cannot save changes to the .EXE encrypted file. You will have to re-encrypt the file if you make any changes. For that, you would need to install AxCrypt.
It’s possible to give your encrypted file a fake name. This is valuable if the name of the file might give away something you’d prefer it didn’t. First, encrypt the file, then select Rename from the right-click context menu and give it a new name. When you open or decrypt the file, the original name is automatically restored.
Shred and delete
AxCrypt includes a file shredder. This performs the digital equivalent of shredding paper documents. There is no way to recover a file after it’s been shredded, so use with caution.
- When experimenting with AxCrypt, I found that that some antivirus’ don’t like the “Encrypt copy to .EXE” option, flagging the encrypted .EXE as suspicious. Keep that in mind when using the .EXE method. Be sure the recipient of the file knows that might happen, and check your virus vault if the encrypted file disappears on you.
- If you forget your passphrase or lose your key-file, it is impossible to retrieve your encrypted data. There is no fallback option. The best thing to do is store a printed copy in a safe place. This does not mean in your computer desk drawer. Lock it up in a file cabinet, store it with your social security card, or keep it in your wallet or purse.
- If you’re using a cloud syncing solution like Dropbox, you cannot be sure your data is private. Use AxCrypt to encrypt all the files before you put them in there to make sure they’re safe.
- When sending an encrypted email attachment, give the passphrase to the recipient via another medium, such as a phone call or text. Do not send it in an email if that is how you are sending the encrypted file.
- If you want to encrypt a lot of files into one master file, create a .zip or .7zip archive of plain-text files then encrypt the archive.
- Just because the file is encrypted does not mean there aren’t other hidden copies of that file on your hard drive. Sometimes programs will create hidden backup copies of files in case of a crash. To remove any of these duplicates, use a program like CCleaner to clear out the temp files and then shred the free space on your hard drive.
- You should back up your encrypted files just like everything else. They can still be lost.