File Lock PEA - Filesystem-Level Encryption

File and Folder Encryption

File Lock PEA (PEA = Password Encrypting Archive) encrypts data at the filesystem level and offers the possibility to decrypt single files or whole directories temporarily.
The program consists of a single archive file. Installation is not required.

Window with menu displaying several file names to open and a password field

Features

Privacy Protection

Confidentiality through encryption: Files and folders are individually selected for decryption when they are needed.

Cloud Support

Save your files in the cloud and upload new versions using several cloud providers. All data remain encrypted during this process.

Authenticated Encryption

Protects the integrity of the data by an authenticated encryption mode. This guarantees that the data has not been manipulated.

Key File

Add a second factor besides the password and protect your data additionally with a key file. Store this key file wherever you want.

Metadata Hiding

Many metadata can be masked: File names and other data can be made invisible by encrypting them in zip files.

Virtual keyboard against Keyloggers

Provides an internal on-screen keyboard to protect against hardware keyloggers as well against some software keyloggers.

Additional Features

Platform independent: Runs on all systems with a Java runtime environment
Timer to encrypt the files automatically after a certain period of time
Uses a memory-hard key derivation function that defends custom-hardware attacks
Adjustability for colors, font sizes, calendar view
All source code is open source, including the libraries used
Measures the quality of new passwords during input by a password strength meter. Indicates their strength by colored bars
Combines System Entropy with its own Entropy Source
Offers character tables to enlarge the character set of passwords
Starting the program in the console and quick start with scripts

The program consists of a single archive file. Installation or registration is not required.

Disk Encryption and File-Level Encryption

Disk encryption programs protect hard disk, partitions or other storage media. File Lock PEA is not intended to replace disk encryption, but to complement it. Common Open Source hard disk encryption programs are:

TrueCrypt (Linux, Windows, MacOSX - no longer maintained),
VeraCrypt (Linux, Windows, MacOSX),
dm-crypt with LUKS (Linux),
eCryptfs (Linux),
Geli (FreeBSD),
GBDE (FreeBSD),
DiskCryptor (Windows)

For a comparison between TrueCrypt, VeraCrypt and CipherShed see this article.

Disk encryption is usually very fast: these programs can encrypt large amounts of data in a relatively short time. This is probably the biggest advantage over file encryption programs that operate on filesystem level rather than on disk sectors. Disk encryption programs are therefore normally around a multiple faster than file encryption programs.

One problem, however, is that the protection of all the data is restricted, not only for the file that is needed. The data which are not used are still encrypted, but you can easily access them - the door was opened. To take a short look in a small text file, the entire partition remains with restricted protection.

Another disadvantage of disk encryption is the protection of the data integrity. Authenticated encryption for disk encryption is technically very demanding. The vast majority of these programs do not protect the integrity of the data. An exception is Geli (available for FreeBSD).

On the other hand, file encryption programs involve other problems:

The operating system may store temporary files, which are not encrypted,
encrypting individual files is more error prone to users, e.g. you must close the program properly,
file names and meta data are normally not encrypted (in File Lock PEA you can therefor use zip files)

Disk encryption programs are the first choice to protect data against loss. But once the system is running, decryption of single files makes perhaps more sense.
The File Lock PEA is designed exactly for this purpose - for large amounts of data, it is not suitable, however.

File Lock PEA 1.5 (stable):

Key Derivation Functions: Catena-Dragonfly, Argon2
Ciphers (EAX-Mode): Threefish, AES-256, Serpent
Hash Functions: Blake2b, SHA-3, SHA-512

For old versions and version log see the Version Log Site.

Window displaying several file names of decrypted files

If the File Lock PEA does not meet your expectations, there is a wide range of open-source programs with similar purposes. Some of them are discussed in Alternatives to File Lock PEA.

How to use

Start the Jar Archive

You need OpenJDK, Java Runtime Environment (JRE) or something similar. On most systems there is at least one available.
These PEAs are single Java jar archives, a file with the extension "jar". If you are familiar with jar archives, you can skip the following part.

Linux, BSD systems and Mac OS and other UNIX like systems: unpack the compressed download file (tar or unzip), store it for example in your home folder, change in the directory in console and type: java -jar YOUR_ARCHIVE.jar or try to double click the file unix_start_helper.sh.

Windows: Normally you can open the jar archive just by a double click. But sometimes other programs overwrites this possibility and instead unpack the jar archive. In this case you can change the default program to open a jar archive or use the terminal, change in the directory of your archive and type java -jar YOUR_ARCHIVE.jar or try to double click the file windows_start_helper.bat

Initialization: First Start

The first time you start the File Lock PEA, the program will initialize. You are asked for a password and at least one file.
You can reset the password later in the menu.

Thanks to all who have improved, tested or reviewed File Lock PEA or other PEAs.