June 30, 2016
AxCrypt 2 no longer supports a feature called Self Decrypting Files that was supported in AxCrypt 1.x.
What’s a Self Decrypting File? It’s a two things in one: It’s a self-contained executable program (a .exe), with secured data (a .axx file) embedded or appended to it.
When the recipient gets the Self Decrypting File, (s)he then double-clicks it to run it. It starts executing, and then it reads its own image, finds a .axx secured file embedded, asks for a password and if successful decrypts it and stores it on the recipient’s computer.
Super convenient, right? What could possibly be wrong with this?
Well, just about about everything.
- The self decryptor is an executable program that can contain anything, and the recipient has to trust that it does what the sender claims it does. This is not something the recipient should do lightly.
- Since it by definition contains strongly encrypted information, for example another executable software, it is impossible to screen by anti virus software. It can literally contain any level of bad.
- What’s the only reasonable thing to do with something that can contain any kind of malevolent executable software? To block it with prejudice of course!
- Most email providers and clients will refuse to send and/or receive attachments that are executable softwares (.exe, .bat, .cmd, .com, etc). That’s a good thing! But bad for even honest self decryptors.
- The legacy AxCrypt 1.x encryption only supports passwords, so you still have the problem of transmitting the password to the recipient. If you have more than one recipient, this quickly gets completely out of hand.
- Although legacy AxCrypt 1.x self decrypting files had some safeguards against misuse, i.e. encrypting malware to get past firewalls and email filters, it’s still risky business. We do not want to create the perfect toolkit and carrier for malware.
- Another use case is self-contained backups. That’s not a bad idea in theory, but Windows has a hard limit of 2GB size of any .exe , so large backups are not possible to do in this way.
All in all, there are simply too many things that speak against Self Decrypting Files. But we did something better!
With AxCrypt 2 we created a fully featured standalone, install-free version instead of the extremely limited self-decrypter of AxCrypt 1. This can be used for all scenarios where the self decryptor was used, with minimal extra work.
With AxCrypt 2, we have key sharing technology, so you can encrypt files for other recipients and share them without sharing passwords.
So, instead of wishing for the fundamentally broken idea of Self Decrypting Files, just embrace the new key sharing technology, and provide the recipient with a link to the standalone executable . If you have a channel that can transmit executables, download it and send it there with the file.
Svante, Developer and Co-Founder AxCrypt AB