File Lock PEA - Filesystem-Level Encryption
File and Folder Encryption
File Lock PEA (PEA = Password Encrypting Archive)
encrypts data at the filesystem level and offers the possibility
to decrypt single files or whole directories temporarily.
The program is small and consists of a single archive file. Installation is not required.
runs on nearly all operating systems with a Java Runtime Environment,
uses functions to derive the key from the password, that can also protect against custom-hardware attacks,
reducing one vulnerability of password-based encryption programs,
protects the integrity of the data by an authenticated encryption (EAX mode) in addition to the confidentiality
and prevents unauthorized and unnoticed tampering of the data,
- can be used in combination with the other PEAs (Notebook PEA, Image Lock PEA) for certain file types (text, images) and offers the option, to decrypt the data either in memory (RAM) or on the hard disk.
Disk Encryption and File-Level Encryption
Disk encryption programs protect hard disk, partitions or other storage media. File Lock PEA is not intended to replace disk encryption, but to complement it. Common Open Source hard disk encryption programs are:
- TrueCrypt (Linux, Windows, MacOSX - no longer maintained),
- VeraCrypt (Linux, Windows, MacOSX),
- CipherShed (Linux, Windows, MacOSX, DragonflyBSD),
- dm-crypt with LUKS (Linux),
- eCryptfs (Linux),
- Geli (FreeBSD),
- GBDE (FreeBSD),
- DiskCryptor (Windows)
For a comparison between TrueCrypt, VeraCrypt and CipherShed see this article.
Disk encryption is usually very fast: these programs can encrypt large amounts of data in a relatively short time.
This is probably the biggest advantage over file encryption programs that operate on filesystem level rather than on disk sectors.
Disk encryption programs are therefore normally around a multiple faster than file encryption programs.
One problem, however, is that the protection of all the data is restricted, not only for the file that is needed. The data which are not used are still encrypted, but you can easily access them - the door was opened. To take a short look in a small text file, the entire partition remains with restricted protection.
Another disadvantage of disk encryption is the protection of the data integrity. Authenticated encryption for disk encryption is technically very demanding. The vast majority of these programs do not protect the integrity of the data. An exception is Geli (available for FreeBSD).
- The operating system may store temporary files, which are not encrypted,
- encrypting individual files is more error prone to users,
- file names and metadata are normally not encrypted.
Disk encryption programs are the first choice to protect data against loss. But once the system is running, decryption of individual
files makes more sense.
The File Lock PEA is designed exactly for this purpose - for large amounts of data, it is not suitable, however.
Download Options for File Lock PEA 0.2 (stable):Key Derivation Function: Catena-Dragonfly
Chipher (EAX-Mode): Threefish
Hash Function: Blake2b
MD5 checksum: a6cfe362939e31ea868ddb7c97050bd5
MD5 checksum: 1ef3f5f1a00b38e781f3b3934e0b2bdc
Downloads for other Cryptographic Primitives:
Key Derivation - Cipher - Hash (zip file)
- Catena-Butterfly - Threefish - Blake2b
- Pomelo - AES - SHA512
- Scrypt - AES - SHA512
- Bcrypt - Twofish - Skein
- For usability reasons the paramter garlic for the key derivation function Catena-Dragonfly was reduced
of the actually recommended value of 22 to 18.
If you accept longer execution times (more than 10 seconds) for the benefit of security, can download the following PEA:
Catena-Dragonfly (garlic = 22) - Threefish - Blake2b
For old versions and version log see the Version Log Site.
If the File Lock PEA does not meet your expectations, there is a wide range of open-source programs with similar purposes:
How to use
Start the Jar Archive
You need OpenJDK, Java Runtime Environment (JRE) or something similar. On most systems there is at least one available.
These PEAs are single Java jar archives, a file with the extension "jar". If you are familiar with jar archives, you can skip the following part.
java -jar YOUR_ARCHIVE.jaror try to double click the file windows_start_helper.bat
Initialization: First Start
The first time you start the File Lock PEA, the program will initialize. You are asked for a password
and at least one file.
You can reset the password later in the menu.
File Lock PEA is part of the PeaFactory, a program to produce password encrypting archives for several purposes.
File Lock PEA 0.2 is produced with the alpha release of PeaFactory 0.2.2-alpha. Download with source code: PeaFactory-0.2.2-alpha. Warning: This version insufficiently tested, especially for the Notebook PEA and the Image Locke PEA. With PeaFactory you can create File Lock PEAs with much more cryptographic algorithms, File Lock PEAs with a key file property and also PEAs for image encryption or encrypted notes.