Please note, that the Knowledge Base isn't translated to english completely at the moment. You will still find some german texts - we are translating permanently the outstanding parts! Thank you for understanding!

File Encryption

		INFO & KNOWLEGDE

Special in the field of file encryption is the fact, that the encrypted information isn't existing temporary. The ciphertext is available permanently. Therefore encryption, key manangement and according authorisation, authentication and encryption are areas to consider. Often successful authentication is also access authorisation and successful decryption - a separation of this tasks is hard to see.

symmetric password encryption

Many simple solutions use certain symmetric algorithms for encryption, while the secret key is derived from passwords or passphrases, mostly hashed. This password-based encryption (e.g. PKCS #5) is offering the possibility of dictionary attacks, the quality of the password is the key factor of the security of such solutions.

With the correct password, the correct key can be computed and the file can be decrypted successfully - authentication, authorisation and decryption is done in one step. All other topics e.g. security, backup, distribution of the file are complicating this password troubles. Some products Manche Produkte hampers dictionary attacs with a (increasing) time delay after each failed attempt.

password based file encryption

certificate based hybrid encryption

Solutions like Microsofts EFS are usind hybrid encryption combined with certificates for authentication and backup. The encryption is done with a symmetric algorithm, but the symmetric key (FEK - File Encrypting Key) is encrypted with the public keys of all people, which are authorised for access, and stored with the file. Microsofts EFS stores the keys in the EFS Header in the Data Decryption Field or Data Recovery Field. The use of smart cards is offering more flexible possibilities, like a two factor authentication with smart cards.

certificate based file encryption

Encryption Solutions Simplest Variant ist the "manual" method of encryption, where the user encrypts and decrypts certain files - allowin cross-platform-solutions. One step higher you find folder encryption, which needs deeper integration into operating system. Further approaches are container and disk encryption.

Problem areas of encryption Using encryption, no matter which solution, you have to consider, that information can be found at other places while processing respektive in its lifecycle....

Winmagic SecureDoc Winmagic Securedoc is a Hard Disk Drive Encryption Solution, which encrypts the whole disk and authenticates the user in Pre-Boot.

Secure Doc Hard Encryption Client - Licencing WinMagic’s SecureDoc Hard Disk Enryption is protecting sensitive and confidential data on notebooks by encryption of the whole hard disk with AES 256 algorithm, avoiding all problem areas of encryption and is fullfilling all the security requirements of an organisation for mobile workers.

Secure Doc Enterprise Server - Licencing The SecureDoc Enterprise Server eases the rollout and adminstration of WinMagic SecureDoc Disk Encrpytion, as well as the recovery of passwords, smart cards or token.

		DOWNLOADS

File encryption on data carrier (german) [179 KB]

MS File-Encryption

EFS - certificates