Data Protection and Privacy Aspects of PEAs

Governments, multinational IT companies and all kinds of criminals are trying to gather masses of confidential information about everyone. And often the collected data is exchanged between these players - voluntary or involuntary.

It's not just about confidentiality itself.

This data can then be used in a variety of ways: Accusations against dissidents, manipulation of consumer behaviour, blackmail, exposure, identity theft, or even directly by emptying bank accounts with account data.

Encryption

All PEAs (PEA = Password Encrypting Archive) are intended to protect our data from unauthorized access.

In addition, the effort of these protective measures for the users should be kept as small as possible, so that they remain suitable for everyday use.

Every application must find a suitable balance between effort and safety. The PEAs try to reduce the effort in normal use to just entering a password.

Meanwhile, many processes run in the background that are invisible to the user:

Sources of entropy, both those of the system and those of mouse movements and the like, will be developed in order to obtain random values for cryptographic algorithms.
Your password will be checked for quality. The strength of the password is reported to the user by colored bars.
A memory-intensive function derives a cryptographic key from the password. Unfortunately, this process takes a little time.
The content is decrypted with the cryptographic key.
The program checks whether the content has been manipulated (authentication).

This cryptographic functions are used in this process:

Threefish as cipher in EAX mode
Catena as key derivation function
Blake2b as hash function

File Encryption on the Disk

File encryption programs like the File Lock PEA encrypt and decrypt files on the device - unlike on-the-fly decryption applications (Calendar Lock PEA,Notebook PEA, Image Lock PEA). The files are available in plain text when they have been decrypted. This can be used universally for all file types, but it carries some risks.

Cons:

Hard disk encryption programs like VeraCrypt or Luks encrypt and decrypt the required files invisibly for the user. If the system crashes, the partition remains encrypted. This does not apply to file-level encryption, such as File Lock PEA. After a crash, the open files must be re-encrypted.

It is quite easy for malicious spyware to access files on the hard disk once it has been installed. It is significantly more difficult to extract file contents from the random-access memory (RAM).

Pros:

On the other hand, file-level encryption requires no special programs to process the files. All files - once decrypted - can be used as usual.

The File Lock PEA also offers the possibility to hide many metadata like the file names of encrypted files by packing them into ZIP files.