August 23, 2016 at 18:03 #3935
I encrypted a text file with AxCrypt (1 or 2 ?). I had no problem to open the file.
Later I decided to change the password. The new password seemed not to work, so I tried the “suggested password”.
Now either the old password, the new one or the suggested passwd do not succeed to open the file. When I look to the file properties in Explorer, I see one encrypted with the AES-128 algorithm, and another one with AES-256. My OS is Windows 10.
I should be glad to open at least one of these files…August 23, 2016 at 18:08 #3936
Since I don’t know your account email, I can’t know if you ‘changed’ password or ‘reset’ password. However, regardless, the file will *always* open with the password that was in effect when it was originally encrypted.
So, if you can sign in to AxCrypt, and can’t open the file you should be presented with a file password dialog. The password to enter here is the one that was in effect on the day that you last encrypted the file.
Once you’re signed in to AxCrypt, you can try the file password for as many times you want. Signing in to AxCrypt (online) does limit the number of tries to 15, then you have to wait for an hour.
If you wish further clarification, please add some screen shots of where you’re stuck – this usually helps to clarify things for us a lot!September 20, 2016 at 02:48 #4138
Can I clarify your password change policy?
“…the file will *always* open with the password that was in effect when it was originally encrypted.”
1. User encrypts file X with password P1.
2. User changes the Axcrypt password to P2.
3. User logs in to Axcrypt (locally) with password P2.
4. User will not be able to open file X, as it was encrypted with password P1…is this correct?September 20, 2016 at 08:36 #4139
Ok, it’s a little more complicated but I usually try to simplify it with the statement “An AxCrypt-encrypted file will always be possible to open if you know the original password used to encrypt it”.
Perhaps a better wording than “the original password used to encrypt it” would be the “the password used when the file was most recently (re-)encrypted”.
With AxCrypt 2, there are other factors involved as well. Here’s a more detailed description:
– The actual key used to encrypt the file is a purely random 128 or 256 bit key generated internally by AxCrypt. You never see this key. It’s called the Master Encryption Key in AxCrypt, in the literature it might be called a Session Key.
– This master key, is in turn encrypted essentially with your password. In AxCrypt 2, this is the password you used to sign in to AxCrypt with.
– With AxCrypt 2, you also get an AxCrypt ID which in technical terms is a RSA 4096-bit key pair. This is used for the key sharing feature, where an encrypted file can be shared with others and they can open it with their own passwords.
– Your own AxCrypt ID is also used to encrypt the master key. So for each file, the master key is encrypted at least twice – once with your password, and once with the sharing (public) part of your AxCrypt ID.
– If you use the key sharing feature, the same master key will be encrypted once for each recipient you share the key to the file with.
Now, if you change the password for your AxCrypt account, what really happens is that the secret (private) part of your AxCrypt ID is re-encrypted with your new password.
Let’s for this example also say that you’re sharing the key with one recipient.
You have an AxCrypt password for firstname.lastname@example.org : Secret4Alice
Your friend email@example.com has password : Bob4Ever
You sign in to AxCrypt with ‘Secret4Alice’.
You encrypt a file ‘CoolStuff.txt’.
AxCrypt generates a master key and encrypts ‘CoolStuff.txt’ into ‘CoolStuff-txt.axx’, and embeds the encrypted master key twice: once using your password ‘Secret4Alice’, and once using your AxCrypt ID.
You share the key to the file with bob. Now the master key is encrypted three times in the same file: once using your password ‘Secret4Alice’, once using the ‘firstname.lastname@example.org’ AxCrypt ID and finally also using ‘email@example.com’ AxCrypt ID.
It can now be decrypted with the password ‘Secret4Alice’ since it for one can decrypt the master key directly in the file, but since that is also the key to the encrypted AxCrypt ID you have, the master key can also be decrypted using that.
It can also be decrypted by Bob, since he has access to his private AxCrypt ID part, and can thus also decrypt one of the three copies of the master key embedded and encrypted in the file. Bob uses ‘Bob4Ever’ as his password for AxCrypt, so that’s the password that he is using to open the file.
Now you (Alice) change your AxCrypt password to ‘NewGood2Go’. This causes your (Alice’s) AxCrypt ID to be re-encrypted with the new password.
The situation we now have is that the file ‘CoolStuff-txt.axx’ can be opened with three different passwords:
1) The original password used when the file was encrypted: ‘Secret4Alice’.
2) The password to Alice’s AxCrypt ID: ‘NewGood2Go’.
3) The password to Bob’s AxCrypt ID: ‘Bob4Ever’.
This is what I mean that the file can always be decrypted with the original password used to (re-)encrypt the file.
Finally, you Alice decide to open the file and edit it. This causes ‘CoolStuff-txt.axx’ to be re-encrypted. Since you changed your AxCrypt sign in, you’re now using the password ‘NewGood2Go’ as the ‘original’ password. The file can now only be opened with two passwords (but actually in three ways):
1a) The original password used when the file was encrypted: ‘NewGood2Go’.
1b) The password to Alice’s AxCrypt ID: ‘NewGood2Go’.
2) The password to Bob’s AxCrypt ID: ‘Bob4Ever’.
Ok, I need to write this up with a few illustrations ;-)