File Lock PEA - Filesystem-Level Encryption
File and Folder Encryption
File Lock PEA (PEA = Password Encrypting Archive)
encrypts data at the filesystem level and offers the possibility
to decrypt single files or whole directories temporarily.
The program consists of a single archive file. Installation is not required.
Confidentiality through encryption: Files and folders are individually selected for decryption when they are needed.
Save your files in the cloud and upload new versions using several cloud providers. All data remain encrypted during this process.
Protects the integrity of the data by an authenticated encryption mode. This guarantees that the data has not been manipulated.
Add a second factor besides the password and protect your data additionally with a key file. Store this key file wherever you want.
Many metadata can be masked: File names and other data can be made invisible by encrypting them in zip files.
Virtual keyboard against Keyloggers
Provides an internal on-screen keyboard to protect against hardware keyloggers as well against some software keyloggers.
Platform independent: Runs on all systems with a Java runtime environment
Timer to encrypt the files automatically after a certain period of time
Uses a memory-hard key derivation function that defends custom-hardware attacks
Adjustability for colors, font sizes, calendar view
All source code is open source, including the libraries used
Measures the quality of new passwords during input by a password strength meter.
Indicates their strength by colored bars
Combines System Entropy with its own Entropy Source
Offers character tables to enlarge the character set of passwords
Starting the program in the console and quick start with scripts
The program consists of a single archive file. Installation or registration is not required.
Disk Encryption and File-Level Encryption
Disk encryption programs protect hard disk, partitions or other storage media. File Lock PEA is not intended to replace disk encryption, but to complement it. Common Open Source hard disk encryption programs are:
- TrueCrypt (Linux, Windows, MacOSX - no longer maintained),
- VeraCrypt (Linux, Windows, MacOSX),
- dm-crypt with LUKS (Linux),
- eCryptfs (Linux),
- Geli (FreeBSD),
- GBDE (FreeBSD),
- DiskCryptor (Windows)
For a comparison between TrueCrypt, VeraCrypt and CipherShed see this article.
Disk encryption is usually very fast: these programs can encrypt large amounts of data in a relatively short time.
This is probably the biggest advantage over file encryption programs that operate on filesystem level rather than on disk sectors.
Disk encryption programs are therefore normally around a multiple faster than file encryption programs.
One problem, however, is that the protection of all the data is restricted, not only for the file that is needed. The data which are not used are still encrypted, but you can easily access them - the door was opened. To take a short look in a small text file, the entire partition remains with restricted protection.
Another disadvantage of disk encryption is the protection of the data integrity. Authenticated encryption for disk encryption is technically very demanding. The vast majority of these programs do not protect the integrity of the data. An exception is Geli (available for FreeBSD).
- The operating system may store temporary files, which are not encrypted,
- encrypting individual files is more error prone to users, e.g. you must close the program properly,
- file names and meta data are normally not encrypted (in File Lock PEA you can therefor use zip files)
Disk encryption programs are the first choice to protect data against loss. But once the system is running, decryption of single
files makes perhaps more sense.
The File Lock PEA is designed exactly for this purpose - for large amounts of data, it is not suitable, however.
File Lock PEA 1.5 (stable):
Key Derivation Functions: Catena-Dragonfly, Argon2
Ciphers (EAX-Mode): Threefish, AES-256, Serpent
Hash Functions: Blake2b, SHA-3, SHA-512
For old versions and version log see the Version Log Site.
If the File Lock PEA does not meet your expectations, there is a wide range of open-source programs with similar purposes. Some of them are discussed in Alternatives to File Lock PEA.
How to use
Start the Jar Archive
You need OpenJDK, Java Runtime Environment (JRE) or something similar. On most systems there is at least one available.
These PEAs are single Java jar archives, a file with the extension "jar". If you are familiar with jar archives, you can skip the following part.
java -jar YOUR_ARCHIVE.jaror try to double click the file windows_start_helper.bat
Initialization: First Start
The first time you start the File Lock PEA, the program will initialize. You are asked for a password
and at least one file.
You can reset the password later in the menu.
Thanks to all who have improved, tested or reviewed File Lock PEA or other PEAs.