Strongest file encryption tool for windows?

Even though I’m phrasing this as a GQ in the title, I’m posting it in IMHO because I’m open to opinions and anticipating that the answer may come down to a matter of opinion.

Not going into all the details, but my company is looking for a good tool that can generate an encrypted copy of whatever file is passed into it, so that there would be no way that anyone could use the encrypted file or see what was in it without the password, or key file, or whatever is most secure. I’ve done some googling and looking around, but there seems to be a bunch of contradictory opinions, and everybody offering their own software solutions are, of course, doing spin jobs.

Do any dopers have opinions on this? A few details on the requirements… should be able to set an encryption job up from a command line, batch file, or similar means. Compression in the same step as encryption is a plus, but not required. Not entirely sure what our budget is, but if the best encryption tools are over $400US, I’d also be interested in some ‘bargain alternatives.’

Thank you in advance for your replies.

Probably the reason it may look pretty unclear on “which solution is the most secure” is because they are all going to be roughly of equal security.

Simply, creating and verifying an encryption formula is not something a lone guy can do and trust. It takes a whole lot of people a whole lot of years to look over and accept any new algorithm. So any application you fnd is just going to be using the five or ten different techniques out there. So from there it is just a matter of making sure that the UI works for you.

So based on that I would say that you might as well go with a free, open source solution.

Really the much bigger question is going to be how you are going to keep your passwords secret, without them being lost, but still have everyone be able to do their job. If you say how many people need to have access to your files, where the files are meant to reside, etc. I think we would be able to give a better description for what things to look for in a solution.

Thanks for the quick response. That does a lot to help reassure me.

As far as password management, well… it’s not a situation where any great number of people will be needing to work with them. The problem is basically this: We make backup tapes of our database and take some of them offsite. The VP has raised questions about: “these databases contain information that we have agreed to protect in every way possible. What if, for some reason, the tapes get stolen? Could they be used by someone else to access the confidential data?”

We’ve researched the tape software and, while they have a password feature, it doesn’t seem to really secure the information, it’s just an instruction in their own restore software: “If they don’t have the password right don’t begin the restore.” That’s hackable if someone can write another piece of software to access the tape drive, which seems likely.

So, the next solution was “let’s set the tape software up to backup files that have ALREADY been encrypted.” Ideally, this will mean only two people needing to have access to the password - me and the sysadmin. We’ll be arranging the scheduled encryption jobs, (and no-one else has access to those machines to find out what the job details are,) and she’ll be the one who’ll be testing the restore process and restoring the encrypted files in case of a significant data loss event.

So I’m envisioning something like:

Server/DB—<???>—You and sysadmin lady—<car>—Offsite (?)

So, to go from left to right.

Server/DB = Should be in a room with a good lock on it and solid doors.

<???> = Method for downloading the data to a stored medium. Best would be where a script ran that backed up the server once a X, encrypted it, and placed it on a shared folder that was accessible on the internal LAN via password. Logging in to the machine, even if you get in the room, should require a very strong password.

<car> = Volvo. Heh.

Offsite = Some sort of safe somewhere. Also you should have a second safe which has the password for the encrypted files and for logging into the server and database recorded in case anything happens to you and the sysadmin lady. Probably a large safe would be fine for the backups. It’s already secure, so really all you are doing is trying to protect it from fires/earthquakes/etc. But for the passwords you would probably want a deposit box at a bank.

The following look like they would work. Building a script to automize them shouldn’t be hard. And at worst it is a free download.

http://www.gpg4win.org/
http://www.hotpixel.net/software.html
http://axcrypt.axantum.com/

I would probably go for the first as it is part of the GNU project so it will be fairly supported. Though the second sounds like the developer seems like a nice guy (from the page), and is specifically targetted for Windows, so it may be more stable.

Though probably most of that was a given.

What Sage Rat said.

My suggestion would be to use gnupg via Cygwin, since it’s so easily scriptable.