Simple program(s) to encrypt files, exchange from Windows to Mac

[Cheryl_27]

Looking for a simple way to encrypt mostly text files, to exchange by email w/ some of my "non technical" Mac user friends. Something that uses decent encryption & is easy to use. 7-Zip for Windows is perfect, but I've not found any maintained, up to date GUI prgms for Mac that can read / write 7-Zip format.

Keka (for Macs) is maintained & will do 7-zip, but ONLY uses "Zip 2.0 legacy" encryption. http://forum.kekaosx...7907ac911711d10

Don't necessarily need compression, but these type prgms would be really easy to use for non techies.

I use TrueCrypt, that also runs on Mac, but it might be a bit cumbersome for encrypting a file to attach to email.

I don't think these particular friends could / would master setting up Thunderbird to use signing & encryption certificates & deal w/ using public / private keys.

Maybe, but something simpler would probably be better for them.

Any suggestion for other easy to use Mac encryption prgms (for one file at a time), & a Windows counterpart, both able to read / write in same format?

[+BudMan MVC]

Truecrypt is not really designed for 1 file..

7z can encrypt something that you compress, etc. Not really the right tool for what your wanting to do..

Why don't you just use gnupg? its FREE and runs on pretty much any OS out there.. Simple easy gui interface if you want it, etc.

http://www.gnupg.org/

Project Gpg4win provides a Windows version of GnuPG. It is nicely integrated into an installer and features several frontends as well as English and German manuals.

Project GPGTools provides a Mac OS X version of GnuPG. It is nicely integrated into an installer and features all required tools.

edit: Seems the shell extensions don't work on 64 bit.. Use to be able to just rightclick a file and encrypt to juts a password without using keys.. I was going give a screenshot but gpg works just fine from command line.. But that might be a bit over the top for users..

http://runtime-era.b...es-w-gnupg.html

edit2: Ok found a simple to use gui tool for your window users that are not bright enough for anything else ;)

You open file you want -- see my example contact file, it creates a encrypted copy with just a password if you don't want to use keys and then you can send that file be it email, be it cloudshare, ftp, usb disk, whatever and if they know the password they can decrypt. Using keys is MUCH easier and better option to be honest - with keys you never need to exchange a password and you can encrypt files back and forth and only the key encrypted too can decrypt.

Notice the dates on my keys.. Been working with this stuff for quite some time so if you have any questions - just ask. Those are not even the oldest, but the oldest I have continued to use over the years of decent strength, older keys were not as strong so stopped using them, etc.

[Cheryl_27]

Thanks BudMan,

It's the Mac users that "aren't bright enough." Either way, maybe should call them "not computing tech - inclined." I'm the Windows user & would have no problem, if decided to use GPG. I'd love for the Mac users to master using it.

1) I looked at several of the tutorials & some vids on using GPGTools. I take it you use either their own email app, or it's a plugin for AppleMail? I missed the part about actually sending the encrypted file via email.

With ANY plugin, comes inevitable compatibility issues / bugs, as changes are made in the main program the plugin is made to use.

2) In GPG4Win, to actually email the encrypted files, it uses a plugin for Outlook? Does Outlook even exist anymore?

I haven't used Outlook Express (Mail / Live Mail) - in decades. Looks like a GPG front end / plugin for Tbird is the popular Enigmail (assume for either Win or Mac). Many of my Mac friends actually use Tbird.

The method of public / private keys would work well, once the less technical mastered it & especially if sending a lot of encrypted email. The concept of public / private keys & using Gnupg may be simple for you (& me - once I started), but it isn't for those not into technical aspects of computing. I agree, Gnupg would solve encrypted communication issue between Win & Mac. But for some, simple - it's not.

7-zip: for encrypting one file, once in a while & attaching to email, I'm not sure anything could be simpler than 7-zip. Don't have to use compression, but if attaching graphics, large files, is useful. But maintained front ends for command line port of 7-Zip, that runs on Mac (p7zip - that uses AES 256) are hard to find. Only one I've found, maintained on semi regular basis is EZ 7z. Some sites list as shareware. TechSpot (at least) lists as freeware http://www.techspot....7z-for-mac.html

[+BudMan MVC]

https://www.gpgtools...ices/index.html

It pretty clear that it supports file encryption

Overview

GPGServices is a plugin for the global OS X Services menu, which adds the ability to almost any application (e.g. Safari, Finder, or TextEdit) to use OpenPGP functionalities. In a nutshell:

• Any folder: sign and encrypt.
  
• Any file: verify, sign, import, encrypt, and decrypt.
  
• Any text selection: verify and import.
  
• Any text field: verify, sign, import, export, encrypt, and decrypt.
  

You can also assign keyboard shortcuts to each operation.

I have been using gnupg to encrypt files for years and years - when was on windows 32 bit it was just click click and done. I would assume same thing if you turn on the OS X services stuff.

It really is simpler if you create keys - which is a one time setup... You would create, they would create and then you could send each other encrypted stuff without any need of having some password you have to send each other in other channels, etc.

As to 7zip on mac -- I don't normally use OS X, I have access to it and dabble with it, more on the command line stuff. But i would think 7z has a gui for it mac that is free as well. Will look into it.

here you go for OS X

http://www.kekaosx.com/en/

Keka is a free file archiver for Mac OS X

the main compression core is p7zip (7-zip port)

Compression formats supported:

7z, Zip, Tar, Gzip, Bzip2, DMG, ISO

Extraction formats supported:

RAR, 7z, Lzma, Zip, Tar, Gzip, Bzip2, ISO, EXE, CAB, PAX, ACE (PPC)

edit: side note figured out how to get the rightclick encrypt/decrypt back under 64bit windows.

Drive_Letter:\windows\syswow64\explorer.exe /separate

This runs a 32bit version of explorer that so that allows GpgEX to work and adds

[syobon999]

Axcrypt

[Cheryl_27]

Axcrypt is Windows only.

BudMan, I never questioned encryption ability of gnupg / gptools.

One thing I did ask was, how sending an gnupg encrypted file via email worked. The gptools appears to have its own mail app or at least a plugin for Apple Mail.

But is it also possible just to encrypt a single file & attach to email, rather than using an email client plugin?

Keka, as I said, will do 7-zip, w/ encryption, but only uses "Zip 2.0 legacy" encryption. That's OK for prying eyes, but hardly secure. It's on Keka's to do list to add AES 256 bit encryption. Who knows when that'll happen.

Where as 7-zip (Win) or command line p7zip, both use AES 256.

Interesting - Latest Tbird versions have their OWN message encryption system, called S/MIME. That appears to be different than using Gnupg. Unless I'm wrong, public / private KEYS aren't used in Thunderbird's S/MIME system - but rather "signing" & "encryption" certificates. Not sure if they accomplish the same thing as Gnupg; or as easily; or as securely.

I played w/ Tbird 18 encryption system some, but there doesn't seem to be a detailed KB article on the S/MIME system. There is a "high lights" article on http://www.mozilla.org/projects/security/pki/psm/smime_guide.html#get_recip_certs that's relatively recent, but not what I'd call a tutorial for non tech users. Almost all that I found in web searches for encrypting email in Tbird involved gnupg or Enigmail plugin (that uses Gnupg).

[+BudMan MVC]

"I missed the part about actually sending the encrypted file via email."

This the part I took that you didn't think it encrypted files -- if these users don't know how to attach a file to email, then there is NOTHING going to be simple enough for them to use..

S/MIME is not tbirds own anything -- http://en.wikipedia.org/wiki/S/MIME

And yes your wrong you use public and private keys in S/MIME no matter what application is using it.

what exactly are you wanting to send that you need AES 256??

You do understand that if your encrypting a file with say 7zip -- your still only as secure as the password.. If you use P@55w0rd1 or something as your password - then its NOT very secure..

[Cheryl_27]

I realize other email clients use S/MIME. Should have said, "Tbird's native S/MIME signature / encryption. But, AFAICT - S/MIME & PGP don't work the same way. They have similarities. But I'm not well versed on either.

S/MIME seems to use a Signing & an Encrypting certificate. I haven't seen anything about "keys," in S/MIME articles, but that may just be semantics.

I don't know if S/MIME (in Tbird) is more / less / same in ease of setup & use for avg users.

We don't need 256 bit encryption, per se. For 7-zip - it only offers 256 bit. WinRAR / RAR has 128 bit, but again - can't find up to date RAR GUIs for Mac.

But Zip 2.0 legacy encryption is about strong enough to keep honest people out. And yes, PWs need to be long & random, just like in TrueCrypt (if not using keyfile) or other similar, strong encryption prgms. Those can be copy / pasted from flash drive, etc.

[Cheryl_27]

BudMan (or others),

Since Mozilla / Thunderbird is on a mad man release schedule, I read that Enigmail admits having trouble keeping up. Their # of releases will be reduced & NO updates w/o corresponding Tbird new release (unless there are serious bugs, making Enigmail unusable for MANY users).

In light of that, if you were going to use a PGP / Gnupg system / software, which ones do you prefer & why? You mentioned GPG4Win. For encrypting EMAIL MESSAGES, what do you use?

GPG4Win (or for another OS) & what? - the plugin for Outlook?; the included Claws email client; or something else entirely for encrypting email?

I'm not a big fan of Outlook / MS mail clients. I'd be concerned about the security of a small client like Claws (the client itself & being timely patched).

Thanks.

[+BudMan MVC]

You don't need any tie into email to send encrypted messages or sign the message.. Just sign the text of the message or encrypt and sign it, and paste it into the message your sending.

Here I created a new key and encrypted and signed this message -- you would just paste into your email message

-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.4.12 (MingW32) - GPGshell v3.78

hQEMA1nIeb39RdC7AQf+MMbl1bYLWcpvTBdRZszGtDO5JCYDKNHRJuRvkP92gcTV
GSiWPMq45ieV5JTZxlDfHjPSQKIYywusyO8FflPxv39+UTDxWILdB0+GnEvO7wx1
QFOnS2GRoe3baGX/FJMvWvJbEp3wnlz7i/S8YRfmQDR039VOL4RTtNVUhi8J+Fbh
ZE+yqFaVpK+ozum6tOfYcvyePZAA/9fP4f7zRZ5VU9JUKTQY5E87WWlkgQI7yOHH
qkKgGxT60EGbY+dCq9uiTg8qddDq3FQbj0OScEdAfNdFtwYjhVbZmYbs2tOJbw9H
b1sfYf2z1h7WqXM0mC10VJeaINr4knOX/aTXBM2Ie9LAzwEiB/a4D3IwvaGXlNXF
qsCaZ2yJYYR+Rt9EA+lVkWsVYYdKSsojEiY78Ea1nmR+FCQVrtN5kZXwHtmEn0sA
apgVJzJTdufRGweWsVw1cuqfGUXNjtTvugetWmlrty9g1uRVzvqwsynZXb1ZHV8c
yhXvafjs4qNOYwIlKhMROr36eg1/VD4bYK+Dsyfs8TV/TuRBDaSOckuPu4hOTM4t
8Xck4RYrz6csemCdyFFpUl4olAR8hcz91CzaIm0hjUDZaUxc9CnvYDApj1MYjju4
CwqEfcp6wL4xvwfRHzM9GNQRA9yxA84haa7q5bchkXG6ruGKx/V4h3fR6ZIGqsvl
JtoAUBE+Qaf/TOEeGN/HA25umurs1w/BP1Ok8r5qua58t6dDCFLVo6lxdkW9ltXG
ooN+Tv6GrrbgoG3oygXuT7A028sVUT0VEzGmf70OP7Z6wvamij0JsUU/henU0h32
mVuQO8tFzjXIKF9G6dqZI64Z/MeI0K4Y+Um2AHMJbh0B5TF0uz94wIMVzBq4OcsN
hg==
=PK7b
-----END PGP MESSAGE-----

[thunderrooster]

Someone mentioned Axcrypt. AES Crypt work in Windows, Linux and Mac.

[+BudMan MVC]

^ that looks to be what he is looking for - other than no real email integration at all. But simple enough, create your txt message of what you want to say. And then encrypt and send it in an email.

Its great that it uses AES, etc. But your still only as secure as the password - this password has to be agreed upon.. Do you change it every time you send something. Use a agreed upon pass for time period, forever?

If that password is compromised then all txt/files could be decrypted by anyone that has the file.. What is better about using public key and private key is you can exchange files and messages without every having to exchange any sort of password. You can verify you have the correct public key to use by exchanging the fingerprint info on the correct public key to use or exchanging the public key directly. There is no security issue with with loss of public key, other than someone could send you a encrypted file/message. They would still need the private side of that key to be able to sign that can be used for verification.

If your worried about security! Be it a steeper learning curve or not for the people involved - once trained it is MUCH easier to use, and more secure! If their key is compromised and their password to the private is loss as well - then just revoke the key so that you no any future files/messages using that compromised key are not valid!

But that aes crypt does look like a simple solution to just encryption of a file.

[Cheryl_27]

Interesting. You use PGP or Gnupg? You typed / saved the msg in some editor, then selected the file to encrypt using...???

Then what about when it reaches recipient?

Of course, they'd need the same encryption software (or capable of reading / decrypting that specific type msg). But in your example, what steps would the recipient go thru to decrypt the msg?

Open Gnupg, GPG4Win; then use menus to decrypt; or copy / paste the body of msg onto the encryption prgm's interface, or what?

I like the simplicity, but not sure how it'd work & haven't read about this technique. Does the recipient's encryption prgm "recognize" that the pasted message is something it can decrypt, or do you have to go thru a few menu steps?

Then, which prgm do you use to manage your / your contacts keys? The tools in - Gnupg, GPG4Win...?

I read a good bit on GPG4Win's & Enigmail's sites. Haven't read entire GPG4Win manual, but haven't come across the copy / paste method you describe.

Thanks thunderrooster, for mention of AES crypt. Hadn't seen that one.

[+BudMan MVC]

You copy that text and then just use the decrypt/verify option of the front end your using.

So here I copied the text, opened up the clipboard editor in gpgshell

Once I click decrypt and verify it asked me for my password to my private key to decrypt and verified my signature I put on it

See window below the now in the clear text that gives detail of verification.

edit: Can be used to just clear sign something as well, so for example

----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This is something Budman Said

If it is edited in anyway - it will fail verification




-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (MingW32) - GPGshell v3.78

iQEcBAEBAgAGBQJRE94/AAoJEFnIeb39RdC7R/UH/1XAlMGkv7v5L71d8WB0pELC
lrr4PN+B2QNax2roKZAIv/oBFBMc7FOFer+V44kvoVmWQhcqCPWFcZK8yeYFP2YP
ZbX2CtrUHaMOGMQeqMEvIeDpvNmNJfXOiV8qGYA4yRGrCNTWCMG0qV/L6Y2u4Yyd
I4puf+IRY82y45fjh7NOpJlqm2CCubjkYDnQFMOYZ+7QrDqMfiBbbka2bZ4G6q0S
9JhJjh5x6nirqEtfSLewEGBxUB39wPlG1q9h/JqllozVWv4hbj+lko/zVKL5z9cf
F/sW/zw8jolPN5FsDuwrvgOzmqpbxP+MwaJhP7EJq6F0T4cb4jy1mn+ZaMDIQtU=
=IAZN
-----END PGP SIGNATURE-----

here is my created today test public key you can use to verify that signature

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.12 (MingW32) - GPGshell v3.78

mQENBFETpQIBCADDuewMxdvQvs1+fraX0bh9QMwmPBpP4jtAgy9lt4hFYQQLDIV2
yLdspircaRhNsnaygvj3FOrYtTt9CqgRJd7wdXxkrjCYsAxM4B9z/dkrnE/VPAtu
yZBXwwI7to0eUCZxDzastyZhpufkPYGnlxZrLm31A73+y/FGWBrgJVEiHwBnwBrN
zkKcfko5169ja0eJxQR791Px8fOXSdmReUb6bjSGsccC4HjHrSZHAp0/Btae2GQ9
xcR3dFl6uV46VOdchTV/Hstrf2WZv/HtqPb1YKsIpTawNBhnf9LLli+km0G2/is9
TCyRrOzM5yRs07kCG1KZrgO2BgUdzif//MF3ABEBAAG0GmJ1ZG1hbiA8YnVkbWFu
QGRvbWFpbi50bGQ+iQE+BBMBAgAoBQJRE6UCAhsPBQkDwq2eBgsJCAcDAgYVCAIJ
CgsEFgIDAQIeAQIXgAAKCRBZyHm9/UXQu1CKB/9GPW1QjRfyDCpz/Fi1Sj+wpScL
A/pqDvNopdZGJ5JJp4tYcnNyZBRwptClwJL1BtxzxMWXbKAP6f2N+YpzrE2oWUsV
PSgsFuwJ+o6CXJZffQmBbssey4dGLk2JIHg1dVf7p4P8YHFYj0E+Gn+a6kGqPGHY
fJ1F9o0VkqmK8tIIW25nUxlZDQyUvKcL3u1eipxMEa63iFZCNESZlIZHxEYkr5Y+
r4yYq1I/IRzscIbfl6VPsMWWTTauYUI6xvQryQoQckWAPXw+SylNhroISaqFfUeD
zd4tchsprH/r/HoJBJr7TgKlerVCMnxQaxY3Z+a6i99RVyMsEdiXQWKtGd7Z
=Ab7q
-----END PGP PUBLIC KEY BLOCK-----

edit2: so I edit the above a bit, then did a verify on it - and shows

So you can use that public above and send me a test message you post here and I can decrypt it.

[Cheryl_27]

Very nice - thanks for the screens.

[Arachno 1D]

Would it be simpler if they are none technical to set up a pass worded folder on an on-line server be it a free or paid service ?

[Dashel]

That's what I was wondering, do you actually need encryption (two locks) or would a gated file share meet your security needs?

[+BudMan MVC]

I find it unlikely that any civilians would actually have valid "need" of encryption of this nature to be honest. If company, and has evaluated the risk of sending specific information over clear text email is too high. Then the company would use an enterprise grade encryption system..

Banks for example use a secure email platform to send email to clients - just got one from my bank today, etc. Can use this system to send them any documentation I need to send for loans and such.

Back in old job, when sending information to drug company for employee's medial status etc.. Contained employee personal info -- they gave us their public key, and we then encrypted the information to their key and placed it on their ftp server. This insured could not be intercepted during transfer, and if ftp server was compromised only get a bunch of encrypt files that good luck decrypting ;)

Do I really need to encrypt emails to friends and family that hey can make the party, what are you buying bob for his birthday. These are directions to my house, did you see this funny web site, etc. Beers tonight after work, etc.

I have a hard time thinking of stuff I would be sending to friends or family that would actually justify encryption to be honest.. I am curious what sort of info they are going to be emailing that warrants AES 256 bit encryption? ;)

Now the geek in me says how encrypted can I make it -- and if sending to fellow geeks, sure might encrypt the hey meet you at joes for beers after work, etc. But other than that not so sure its actually warranted to use for day to day communications.. Now sure if I was sending my medial/personal info to a doctor or insurance company, etc. Then they should provide me with a secure way of sending them that info.

On the other hand - why not just encrypt all communication if simple enough.. Problem is normal users can barely understand what email is, let alone encrypted email ;)

[Arachno 1D]

One the flip side of your argument If a user wishes to encrypt files for what ever reason they choose it is and always will be unless laws change, their right to do so.

[Cheryl_27]

All valid & useful points. An online (free) server that has NO part in the encrypting or entering a PW on their site, to use to generate the encryption, etc. As (one example) on Lavabit (or similar) handed over encrypted email & the "means" for LEAs to decrypt the mail (I forgot the exact details).

Yes, we're trading international top classified secrets - over Gmail, etc. :D

No BudMan, we don't need 256 bit encryption. At least not w/ current technology levels. But, many encryption prgms offer either very weak or very strong encryption. So, it's take what you can get (for free, or small donation).

But I DO use strong encryption (& strong PW / keys) for my financial acct #s, bank login info, etc.

Though some might, I never intended to encrypt email about the weather. Things encryption may be useful for individuals - legal / medical correspondence; sending info about such things to family members; discussing things that are, or are mistakenly interpreted as being of interest to HLS / NSA. Many don't want HLS scanning their email & kicking them out into an "inspect closer" pile, because it happens to have a few political / gov't security buzz words in it, any more than they want anyone w/ a "big ear" long range microphone, sitting outside their house, listening to private conversations. That would be an invasion of privacy & is creepy.

No, don't NEED 256 bit encryption unless trying to protect something really important. If I'm going to encrypt either email or files on my PC, may as well use something strong, if it takes no more time to do it.

I guess w/ PGP, you select the strength of the keys. But many stand alone software, you have one encryption bit strength choice, then of course the chosen strength of PW / Phrase (or in some, Keys).