Skip to main content

Secure File Encryption for Desktops (SFED)

Introduction

Sending files attached to an email has become a very common method of exchanging data of different sorts. This method however is not secure since emails which are sent unencrypted over the internet can be read by unauthorized third parties.

The increasing use of secure email systems and digital signature methods based on certificates is going to diminish this problem - but the difficulties in getting a certificate and configuring the email-system to use encryption and signatures is slowing the implementation down, and as of yet only few people has configured their email systems to receive and send secure emails. Hence there is a need to be able to encrypt a file in a simple, effective and secure way before it is attached to an email and sent via the insecure internet.

Mobile storage media like USB-sticks, memory cards and such has special advantages since they are easy to transport and can store large amounts of data. Due to the size however there is a significant risk that these media get lost or stolen and they are not suited to store confidential data. Encrypting the files stored on these media types will make storage and transportation of confidential data possible and prevent disclosure to unauthorized third parties.

SFED is a Windows program able to encrypt files so that they can not be read by unauthorized third parties. The program uses the most recent encryption standards and is based on IBM CCC’s FIPS 140-2 certified encryption library CliC

SFED is able to build an encrypted file encapsulating a whole folder structure which is reestablished at decryption. The encrypted file can easily be moved to a mobile storage media or sent to a recipient as an attachment to an email. When decrypting the file SFED enables the user to choose which files and folders to decrypt and extract.

IBM has great expertise in development of security solutions and has for many years been a front mover in development of hard- and software for cryptography. The Danish Crypto Competence Center vas established in the 1980'ties and have provided many security solutions for the financial sector world wide. The Center has been growing ever since and employs a large number of highly skilled specialists in cryptography, PKI, Key Management, Smart Cards etc.

Advantages

Secure solution

SFED is built on IBM's widely used and FIPS certified crypto libraries. The most recent encryption methods are applied and long keys secure against brute force attacks.

Access to decrypt an encrypted file is secured by a password. Passwords must be between 8 and 256 characters long and must include at least one special character or number. SFED enforces a minimum requirement of password quality and the encrypted files are secured against repeated password guessing.

Optionally SFED can ensure that original files are safely deleted following recognised standards for safe deletion.

Security markings of SFED encrypted files.

File names in SFED created archives are now encoded in UTF8 format.

New improved encryption password quality bar.

Flexible solution

The solution provides the opportunity for safe transport of files over the open internet and for safe storage on unsafe media like USB-keys etc. The files will be kept confidential disregarding transport method and it is possible to encrypt both single files and a whole folder structure.

For decrypting a SFED encrypted file on a PC which does not have the full SFED package installed IBM CCC has prepared a SFED Extractor which we will provide for free on request.

SFED has compression of encrypted file to save diskspace

Extremely fast because of highly optimized cryptographic solutions

Large file support (> 2GB)

SFED is now implemented in a fully unicode compliant code to support more language platforms.

The SFED installers have been replaced with new and better installation programs using NSIS Installer, which is smaller and better capable of upgrading from old versions of SFED.

User friendly solution

SFED is delivered as an installation package which is easily run on the supported windows systems.

The users won't have any need to know the recipients certificate and do not have to seek this out and install it in his email program.

After installation SFED will be available in the content-menu, reached by right clicking on a file or folder.

SFED uses the same file structure as Version 1.3 and is backwards compatible with SFED v.1.2.

SFED Options has been moved to context menu to the programs menu.

SFED now has command line programs for encryption, extractor and client.

Encrypt and decrypt functions are available. It is also possible to set personal default options regarding SFED operation, like which safe delete method to use, increasing the encryption strength or that the password should be a passphrase instead.

User dialogs are simple and logically built and it is secured that the process can be aborted if necessary.

Performance

On a standard IBM T42 thinkpad you can expect to encrypt 1MB per sec (1GB takes 20 minutes). If you have a need for encrypting large amounts of data then a special utility (4 times faster) might be useful for you. In that case contact cccc.

Administrator

The IBM SFED Administrator enables companies to administer Company Policies and Password Recovery Keys, so that:

Normally there is no way of restoring the files if the password is lost since modern encryption algorithms are very secure. Thus encryption carries an inherent risk of loosing important information. The IBM SFED Administrator solves this issue by establishing a central password recovery system.

SFED Administrator 1.4 is designed for implementation of distributed recovery when required.

Facts
Encryption algorithm: AES using 128, 192 or 256 bits keys
MAC algorithm: HMAC-SHA-512
File header format: PKCS#12
Platforms: Microsoft Windows 2000/XP Pro/XP Home/Server 2003/Vista and Windows 7 in 32 bit.
Linux 32 bit (command line only)

Support

Additional Maintenance including access to new releases is available.

IBM CCC has PKI- and security experts, able to offer advice and support at all levels.

Need More Info?

For more information, contact

Ready to buy?

Contact your local IBM representative or the IBM Crypto Competence Center Copenhagen directly at