Encrypting Files

Encrypting Files

Encryption is the heart of Smartcrypt. Encrypting a file encodes its contents so that the file cannot be read until it is decrypted. Decrypting removes the encryption and restores the file to its original form.

Encryption provides confidentiality for data. Unencrypted data is called plaintext. Encryption transforms the plaintext data into an unreadable form, called ciphertext, using an encryption key. Decryption transforms the ciphertext back into plaintext using a decryption key. 

You can encrypt files either when you add them to a ZIP archive or after they are in a ZIP archive.

Encrypting with Smartcrypt

Smartcrypt uses these methods to encrypt files:

  • Strong, passphrase-based encryption

  • Strong, certificate-based encryption

You can use a passphrase or a key from one or more digital certificates (or both passphrase and certificate) to encrypt files.  A passphrase uses letters, numbers, spaces and other non-alphanumeric symbols to allow your recipient to open your encrypted file or message.

If you use a passphrase to encrypt, anyone who has the passphrase can decrypt. If you use a key from a digital certificate, only the owner of the certificate can decrypt. If someone sends you an archive containing files encrypted with your digital certificate, Smartcrypt attempts to decrypt the files automatically when you (and only you) extract them.

  • Encryption based on the OpenPGP standard, RFC 4880.  You can also create OpenPGP files encrypted using passphrases, public/private key pairs, or both.

  • Encryption with Smartkeys: Smartkeys replace both passphrase- and certificate-based encryption, and makes Smartcrypt unique. A Smartkey is a collection of encryption keys tied to an access control list (ACL). The ACL defines who can decrypt the data contained in an archive. Smartcrypt administrators can also create community keys, defining groups of users to encrypt to.

Smartcrypt does not extract files that cannot be decrypted. Someone who wants to extract encrypted files must either be able to supply a correct passphrase or else own a digital certificate used to encrypt the files.