Tomcat
Professional
- Messages
- 2,689
- Reaction score
- 916
- Points
- 113
Encrypting your data is the only way to control who can access it. If you don't currently use software to encrypt your hard drive, email, or files, read this article and choose the software that's right for you.
Ideal
Cryptomator uses AES-256 to encrypt both files and filenames. Cryptomator cannot encrypt metadata such as access, modification, and creation tokens, or the number and size of files and folders.
Some of Cryptomator's cryptographic libraries have been verified by Cure53. The tested libraries included: cryptolib, cryptofs, siv-mode and cryptomator-objc-cryptor. The audit did not cover cryptolib-swift, which is the library used by Cryptomator for iOS.
Cryptomator's documentation details its intended security purpose, security architecture, and best use cases.
VeraCrypt is a fork of the defunct TrueCrypt project. According to the developers, it implemented security improvements and resolved issues raised during the initial audit of the TrueCrypt code.
When encrypting with VeraCrypt, you have the option to choose from different hash functions. We recommend that you choose only SHA-512 and stick to the AES block cipher.
Truecrypt has been tested several times, VeraCrypt has also been tested separately.
When encrypting with PGP, you have the option to configure various settings in the gpg.conf. We recommend sticking to the standard options listed in the GnuPG User FAQ.
When generating keys, we recommend using the future-default command, as this will allow GnuPG to use modern cryptography such as Curve25519 and Ed25519:
We recommend checking out their First Steps and knowledge base for support.
Criteria
Minimum Requirements- Cross-platform encryption applications should be open source.
- File encryption programs must support decryption on Linux, macOS and Windows.
- External drive encryption applications must support decryption on Linux, macOS, and Windows.
- Applications for encrypting internal drives (OS) must be cross-platform or built into the operating system.
Ideal
- Operating system encryption (FDE) applications must use hardware security such as TPM or Secure Enclave.
- File encryption applications must support mobile platforms.
Multiplatform
Cryptomator (Cloud)
Cryptomator is a solution designed to confidentially store encrypted files from any cloud provider. It allows you to create storage on a virtual disk, the contents of which are encrypted and synchronized with the cloud storage provider.Cryptomator uses AES-256 to encrypt both files and filenames. Cryptomator cannot encrypt metadata such as access, modification, and creation tokens, or the number and size of files and folders.
Some of Cryptomator's cryptographic libraries have been verified by Cure53. The tested libraries included: cryptolib, cryptofs, siv-mode and cryptomator-objc-cryptor. The audit did not cover cryptolib-swift, which is the library used by Cryptomator for iOS.
Cryptomator's documentation details its intended security purpose, security architecture, and best use cases.
Picotype
Picocrypt is a small and simple tool that provides advanced encryption. Picocrypt uses the XChaCha20 cipher and Argon2id key derivation to provide a high level of security. For encryption functions it uses standard Go x/crypto modules.VeraCrypt (Disk)
VeraCrypt is a free source code utility used for on-the-fly encryption. It can create a virtual encrypted disk inside a file, encrypt a partition, or encrypt an entire storage device with pre-boot authentication.VeraCrypt is a fork of the defunct TrueCrypt project. According to the developers, it implemented security improvements and resolved issues raised during the initial audit of the TrueCrypt code.
When encrypting with VeraCrypt, you have the option to choose from different hash functions. We recommend that you choose only SHA-512 and stick to the AES block cipher.
Truecrypt has been tested several times, VeraCrypt has also been tested separately.
Browser
Browser-based encryption can be useful when you need to encrypt a file, but you can't install software or applications on your device (such as a company computer).hat.sh
Hat.sh is a web application that provides secure client-side file encryption in your browser. It can also be self-hosted and is useful if you need to encrypt a file but cannot install any software on your device due to organizational policy.Text (on the command line)
Command line tools are useful for integrating shell scripts.Kryptor
Kryptor is a free, open-source file encryption and signing tool that uses modern and secure cryptographic algorithms. Its goal is to be the best version of age and Minisign to provide a simple and lightweight alternative to GPG.Tomb
Tomb is a command line shell for LUKS. It supports steganography using third party tools.OpenPGP
OpenPGP is sometimes needed to solve specific problems, such as digital signing and email encryption. PGP has many features and is quite complex since it has been around for a long time. For tasks like signing or encrypting files, it's easiest to use the above options.When encrypting with PGP, you have the option to configure various settings in the gpg.conf. We recommend sticking to the standard options listed in the GnuPG User FAQ.
When generating keys, we recommend using the future-default command, as this will allow GnuPG to use modern cryptography such as Curve25519 and Ed25519:
Code:
gpg --quick-gen-key alice@example.com future-defaultGPG4win
GPG4win is a package for Windows from Intevation and g10 Code. It includes various tools that can help you use GPG on Microsoft Windows. The project was initiated and initially funded by the German Federal Office for Information Security (BSI) in 2005.GPG Suite
GPG Suite provides OpenPGP support for Apple Mail and macOS.
We recommend checking out their First Steps and knowledge base for support.
