Last summer, we published a list of 24 free tools to use for data encryption. Given that Edward Snowden is still in the news, the United States government essentially extended most of the Patriot Act with passage of the USA Freedom Act, and a report published by the United Nations states that encryption is key to free speech, we thought it would be good to refresh this content and update it based both on some changes to our old entries, some feedback from our readers, and some newly available tools that hold great promise.
In this post (updated June 2015), we list our current top free tools for data encryption, including whole disk encryption, file level encryption, shredding, steganography, email, and network transport. After feedback, the list has actually grown to 28 free tools for data encryption, and if you have any other suggestions, we would be more than happy to try them out and include them in future updates.
Whole disk encryption
1. Bitlocker is still my favorite in the whole disk encryption category, and is available for Windows users running the Pro and Enterprise versions of Windows 8.1 or the Ultimate or Enterprise version of Windows 7. It’s also available in Server 2012 R2 and Windows 10, though which versions the latest desktop operating system will have it at release is yet to be seen. Bitlocker can encrypt full volumes using AES-256, and can leverage boot PINs, TPM modules, two-factor authentication, and so on, to secure access to the data on the volume. Bitlocker can be applied to the operating system volume, other volumes individually, or to all volumes on a machine, and can be managed enterprise-wide through GPO. Recovery keys can be stored in Active Directory, making this a very good choice for the enterprise that wants to ensure the company never loses access to encrypted data. And for those who are concerned that the government has a backdoor into Windows products, consider both that Microsoft is willing to go to court to block search warrants it feels are too broad, and that governments outside the United States have access to source code to ensure there’s nothing inappropriate there, and I think you should feel better about things. Now, that off-brand USB keyboard running BadUSB…that’s something to worry about!
2. DiskCryptor is an open source solution that can encrypt entire volumes using AES 256, Twofish, and Serpent. It can use AES, Twofish, or Serpent, taking advantage of AES offloading in newer CPU models, works with Linux and Windows, and can be used with external USB drives and optical media as well.
3. FileVault is Mac users’ answer to Bitlocker and is available in all currently supported versions of OS X. It uses 128 bit AES and requires you to set up a recovery key, just in case.
4. The Linux Unified Key Setup comes with Ubuntu Linux (and other distros based on Ubuntu) to provide full disk encryption, so those who prefer the Tux are able to get out of the box whole disk encryption in their operating system too. It’s a selectable option during install and uses AES128 to secure your data.
Because sometimes you want to give away or donate a drive, and you want to be sure there’s nothing on there that might come back to bite you later.
5. Eraser comes from Heidi Software in Ireland, and provides secure deletion of data from storage.
6. Darik’s Boot and Nuke, or DBAN to its friends, is a bootable image that can securely wipe drives from the boot up. It has a simple command-line interface with menu, but autonuke always works for me when hardware reaches end of lease. Note that DBAN cannot do SSDs, so take a look at Blancco linked from his site if you need to handle those.
7. AES Crypt is open source file encryption software that uses AES-256, can run on Windows, Linux, Macs, and even iOS and Android devices. There are even Java and C# modules available for developers to integrate into their software.
8. Challenger can encrypt files and folders on local storage and is available at no charge for personal use, but also with enterprise class features including more options for key length, and the ability to encrypt remote data on network drives. It does not require administrator rights to use.
9. Steg runs on Linux, Windows, and OS X and can be used to securely hide data inside of other files. Steg’s best feature may be that you can evaluate the changes that will be made to the host file so you can determine if they will be obvious to anyone who views the file that something else is going on.
10. Our Secret is another steganography tool that enables you to encrypt and hide files inside of other files.
11. OpenPuff is a great program for securely encrypting and hiding files inside of other files.
12. iSafeguard offers a freeware version that users can use to both sign and encrypt email and attachments.
13. HushMail is a service, but a very useful one when you need to send an encrypted email and/or attachments. There are both free and premium versions of the service available.
14. Sbwave can be used for one-off needs, where all you have to do to send an encrypted mail is use your browser. The recipient needs a valid email address and the password to decrypt the message.
Portable drive encryption
15. Rohos Mini Drive enables you to encrypt and password protect USB drives and local directories using AES-256 and includes portable versions of the software for when you won’t have administrative access. The free version can encrypt up to an 8GB partition, but you can purchase a license for larger disks.
16. Bitlocker to Go is available for Windows users running the Pro and Enterprise versions of Windows 8.1 or the Ultimate or Enteprise version of Windows 7. This can encrypt portable media using AES-256, and can be managed using GPO.
17. SecurStick is another portable media encryption tool that used AES-256 to secure all the data stored on USB drives and removable media. One great feature about SecurStick is that you do not have to be an administrator on your workstation to use it. Another plus is that it works in Windows, Linux, and Mac operating systems. The website is in German, but there is a link to a Google translation page right at the top. The program itself supports English, German, and Italian.
Data in transit encryption
19. Stunnel can be used to provide an SSL transport for any TCP connection that does not support that itself. It is a free, open-source way to secure any TCP protocol.
Remote management encryption
20. OpenSSH is a secure command-line administrative service and client for administering Linux systems. It uses SSHD on the server and OpenSSH on the client to ensure a secure command-line session between systems.
21. PuTTY is a secure command-line client for Windows (and other operating systems) that enables users to connect to SSH services securely.
22. PowerShell is the de facto remote management tool for Windows at the command line. It can use HTTPS to provide session-based encryption, but even connections over HTTP are encrypted using HTTP-Kerberos-session.
23. Remote Desktop Connection Manager is a Windows tool from Microsoft that lets you manage multiple remote connections use RDP to your various Windows servers. RDP connections use encryption and you can also securely store credentials to your servers in encrypted connection files so you can easily and securely remote into your systems.
24. 7-Zip is normally considered a compression program, but what I consider the best compression program can also encrypt files using AES-256. It also integrates into the Windows Explorer menu, can compress-encrypt-email as an attachment in one click, and makes working with all formats of compressed files easy. This a good multipurpose tool with an often overlooked encryption angle.
25. GPG is often just considered the free version of PGP, but it is oh so much more than just that. With command line tools, integration into dozens of other security products, and the ability to encrypt files, directories, volumes, emails, attachments, and to run on Windows, Linux, and Macs and to interoperate with the commercially successful PGP, it’s probably the de facto King of Encryption.
26. Sophos Free Encryption can be used to encrypt files or directories and can also be used to send encrypted attachments to emails. You won’t find much on their website about this tool, but you can download it using the provided link.
27. Cloudfogger is a useful tool for providing file level encryption for cloud storage services like Dropbox, Box, OneDrive, etc. While its main focus is on protecting files stored in someone else’ cloud, it can also be used to encrypt files only stored locally, or stored to portable media, ensuring encryption of all your data.
28. AxCrypt from Axantum is a favorite for its ability to integrate into the Windows Explorer menu so you can right-click to encrypt a file, and also to send as an encrypted attachment to an email. Self-decrypting files can be created so the recipient of an email or USB key doesn’t need the software, only the correct password, in order to decrypt sensitive files. AxCrypt uses AES-128, with AES-256 being considered for a future release.
Did we leave out one of your favorites? Leave a comment then and let us know!