gpg4files – Endpoint Encryption for Documents in Windows (Public Beta2)

23.12.2014 | General

Wouldn’t it be nice to encrypt documents and other data directly while saving it as a file. If you always wanted this, try gpg4files Beta today. gpg4files allows you to decide whether to encrypt or not the file you are saving and allows you to decide who should be able to decrypt it. You do not need an encrypted device nor an encrypted container or something like this. As prerequisites, an installed GnuPG 2.0.x and one OpenPGP keypair is enough to start. Since gpg4files is beta yet you might need to go more steps then you might be used with gpg4o. Of course we will change that (enough interest in gpg4files provided). We would be happy if you like to comment this article and gpg4files. Tell us your wishes and of course if something is not at its best.

Prerequisites

  • GnuPG 2.0.x preinstalled. If you use GnuPG 1.x you will need to change that – sorry!
  • A GnuPG keyring with at least one keypair. You might create keys with gpg4o or maybe Kleopatra

Installation

  • Download gpg4files Beta (ZIP)
  • Unpack with any unzipper and start the Installer. Follow the instructions there
  • At the end, start gpg4files and check the settings (Picture below)
    gpg4files - settings

    General settings of gpg4files

     

First steps with gpg4files
You may now use gpg4files with any standard application which uses the standard file save / file open dialog from windows. gpg4files enhances this dialogue with a checkbox “gpg4files – Encrypt file after save” and lists the names of the public keys choosen below the checkbox (if any). See picture below with the red arrow.

gpg4files - save as dialog

File save dialog of Windows with integrated gpg4files

If you click on the checkbox “gpg4files” a dialog opens with a list of public keys available within your keyring. Choose one or more of them to encrypt to this or those person(s)

  • Example1: Choose your own key to encrypt only to yourself
  • Example2: Choose several keys to allow those people to decrypt the file you encrypted.

Close the dialog with the keylist and save your file as usual. Gpg4files enhances the file extension with .gpg to mark the file as encrypted. This encrypted data may now be shared over any media any may only be decrypted and read by the people with the appropriate secret key to do so.

To decrypt a file with gpg4files, just doubleclick on it, enter the passphrase for your secret key (or use the file open dialog of your application). Gpg4files will then provide you with the information about who is (are) the people for which the file has been encrypted:

gpg4files - open dialog

This file has been encrypted for the key(s) shown in this window

Click on open file to see the encrypted data within your application.

Gpg4files is Beta. This means that not all of our wishes have been fulfilled yet. Known restrictions at the time being are:

  • Does not work with applications which do not use the standard file open / file save dialog of windows.
  • There is an undetermined error if you do not have the rights to save the file at a certain place.

We would like to encourage you all to fill the comment field below with your wishes, maybe errors in the product or generally what you think about it. If you find it useful, please share gpg4files whereever you want. If you want to talk to us directly, please use the contact form.

Comments

Hajo Giegerich |

Thanks to user feedback, we provide a new version using the link above. Features and fixes are:

  1. Existing non encrypted files will be deleted now
  2. Visual Studio Runtime does not need to be installed separately anymore
  3. First Key in a ring will be visualized now
  4. A few other small issues

Thanks again for testing and any other feedback.

Thomas Detert |

Hello G&P Team,

I had a first evaluation of the gpg4files tool and would like to give you some feedback:

I like:
– the tool works with already present GPG keys. So there are no additional keys to be exchanged for file storage.
– it seems to be simple and straight forward. The encrypted data is not lost, in case the tool would not be available any more (for whatever reason).

What I dislike (mainly comfort issues):
– the “recent” files will be polluted with non existing temporary files (always with different random directory). (I have no idea how to solve that)
– the file icons of the stored documents, excel sheets, presentations,… are always the same (as .gpg is associated with the gpg4files). Which application is behind the files is not visible any more
– Parallel working on SharePoint Files should not be possible any more, as SharePoint is not able to have a look into the decrypted file, right? (I have not tested it yet).

My concern:
– scanning the temp dir medium of a lost laptop with some low level forensic tool will provide the original document (I assume there is no physical overwriting of the temp files after deletion).

Suggestion: Rename the tick box “Encrypt file after save” to something else, as it implies that the tool encrypts the file after initial saving. That would be a nogo in case of external server usage.

Best regards,
Thomas Detert

Hajo Giegerich |

Hello Thomas Detert and thanks for your feedback

since we released a new version of gpg4files yesterday you might want to doublecheck this. I guess it will answer a lot of questions mentioned here. Download here. In this version no place of your PC should be polluted with temporary files (existing or non-existing). If this problem persists please come back to us. You are absolutely right with your security concerns and the new release should answer that. Otherwise gpg4files would be useless.

Parallel working on SharePoint is an interesting question. Sharepoint is not able to look into the encrypted documents and I don’t know of any PGP Plugin for SharePoint. But still you should be able to cooperate with other SharePoint users when you encrypt your documents with the Public Keys of those users.

The icon issue is on the roadmap. Our main concern for the moment is the security part so we focus on that. Thanks as well for the renaming idea – we will think about that.
Best regards
Hajo

Your Comment

* The marked fields are required.

Comment *

Please read our Privacy policy) before writing a Comment. .