July 31, 2017 at 15:03 #7489
I’ve used AxCrypt personally now for a few months with great success! I’ve shared some files with another user and it works well, I like the simplicity and its one of the few true file encryption apps on the web (encrypt files wherever they are not just in a virtual drive as is often the case).
I’m an IT engineer with my own business and with the up and coming GDPR lots of my customers are getting flustered by encryption, which seems to be the way things will go…..
I’ve been looking for the perfect encryption system that would cover the bulk of my clients and basically they all need:
256 Encryption (if FIPS, then ideal)
Multi user aware system (ideally with a hosted means of management as not all have a server)
Ability to email encrypted files as self-decrypting so no software required on the recipient?
If AxCrypt could improve the sharing aspect of their product to make it simpler to share lots of files, add emailing encrypted files, have a portal to manage shared users in a company with ability to revoke rights then it would be perfect!
also a service that runs on a server/pc or similar to trawl through set folders, encrypting those not already done woulod be good as well?
robJuly 31, 2017 at 21:32 #7493
AxCrypt is intended for individuals and very small businesses.
For enterprise, multi-user systems etc., you’d be better looking at a commercial solution like Smartcrypt.
AxCrypt isn’t FIPS accredited as it costs a lot of money and would almost entirely wipe out the developer’s profits and then some, I’d imagine.August 1, 2017 at 13:07 #7495
AxCrypt actually works quite well in larger companies as well, in smaller teams and projects, and will work better in the future as well as we add such things as key recovery agents. It’s not really intended for enterprise wide use though, true enough.
So you’re right, for enterprise-wide, centrally managed encryption there are indeed solutions such as the one from PKWARE. Interestingly enough, AxCrypt actually has most of the distingusing features promoted for Smartcrypt. We have persistent encryption, easy key management, encryption without data expansion and cross-platform. We don’t have enterprise data discovery and centralized management.
You’re also right that we’re not FIPS 140-2 Validated. But, as far as I can determine, neither is Smartcrypt from PKWARE. All they are doing is using FIPS 140-1 or 140-2 validated cryptographic modules – i.e. calling the appropriate OS API etc, when there is a validation made by the manufacturer like Apple, Google, Microsoft etc. PKWARE is actually a little sneaky here, their documentation gives the impression they are validated, but they are apparently not. The certificates listed are not theirs, it’s various computer and software manufacturers such as the mentioned Apple, Google etc. They are also using a non-existing term – “FIPS compliance”. There is no such thing. A cryptographic is either validated or not, which is really the only distinction that has any real meaning. What PKWARE means with “FIPS Compliance” is that when they are using FIPS approved algorithms and modes of operations, they are in turn using a FIPS 140-1/-2 validated cryptographic module, where available. Whether this is a sufficient guarantee to fulfull your organizations requirements is up to each organization to decide.
Neither AxCrypt or Smartcrypt is FIPS 140-1/-2 validated. AxCrypt and Smartcrypt both uses FIPS approved algorithm families (AES, RSA, SHS etc…). Smartcrypt apparently has a non-standard mode where they ensure that they use device-specific implementations that are FIPS validated, when available. What other restrictions or features are affected by the Smartcrypt FIPS mode is not easily determined at a first glance, but since it’s not enabled by default I’m assuming it does affect the products function, compatibility or performance.