Reply To: To make AxCrypt the perfect encyption software….

[SvanteSpectator]

Hello Jim,

AxCrypt actually works quite well in larger companies as well, in smaller teams and projects, and will work better in the future as well as we add such things as key recovery agents. It’s not really intended for enterprise wide use though, true enough.

So you’re right, for enterprise-wide, centrally managed encryption there are indeed solutions such as the one from PKWARE. Interestingly enough, AxCrypt actually has most of the distingusing features promoted for Smartcrypt. We have persistent encryption, easy key management, encryption without data expansion and cross-platform. We don’t have enterprise data discovery and centralized management.

You’re also right that we’re not FIPS 140-2 Validated. But, as far as I can determine, neither is Smartcrypt from PKWARE. All they are doing is using FIPS 140-1 or 140-2 validated cryptographic modules – i.e. calling the appropriate OS API etc, when there is a validation made by the manufacturer like Apple, Google, Microsoft etc. PKWARE is actually a little sneaky here, their documentation gives the impression they are validated, but they are apparently not. The certificates listed are not theirs, it’s various computer and software manufacturers such as the mentioned Apple, Google etc. They are also using a non-existing term – “FIPS compliance”. There is no such thing. A cryptographic is either validated or not, which is really the only distinction that has any real meaning. What PKWARE means with “FIPS Compliance” is that when they are using FIPS approved algorithms and modes of operations, they are in turn using a FIPS 140-1/-2 validated cryptographic module, where available. Whether this is a sufficient guarantee to fulfull your organizations requirements is up to each organization to decide.

Neither AxCrypt or Smartcrypt is FIPS 140-1/-2 validated. AxCrypt and Smartcrypt both uses FIPS approved algorithm families (AES, RSA, SHS etc…). Smartcrypt apparently has a non-standard mode where they ensure that they use device-specific implementations that are FIPS validated, when available. What other restrictions or features are affected by the Smartcrypt FIPS mode is not easily determined at a first glance, but since it’s not enabled by default I’m assuming it does affect the products function, compatibility or performance.