May 11, 2017 at 05:51 #6367
I am a premium subscriber and I had been using version 1.x for quite a while. I recently moved to 2.x but I am a bit frustrated as I am no longer able to create self-decrypting “.exe” files. I was able to move those to any computer and decrypt them by running the file and entering the password.
- Correct me if I am wrong but has this capability been removed from 2.x?
- If so, I will remove 2.x and re-install 1.x. I will first unencrypt the few files that I ciphered using 2.x
Now perhaps I am missing something but my goal is to be able to encrypt a file, to move it to another computer and then decrypt it on that target computer without needing AxCrypt on that computer. Can this be done with 2.x?May 11, 2017 at 09:44 #6371
You are right. Self-decrypting .EXE is not supported in version 2. In it’s stead, we have a fully featured standalone portable application. The only difference from before is that we don’t “physically” append the data to the executable, so it’s two files.
You always need AxCrypt on the target computer. The “self-decrypting .exe” of AxCrypt 1.x is just AxCrypt with the encrypted file appended. It’s literally exactly the same as the following MS-DOS command line command:
copy /b AxDecrypt.exe+SecretFile-txt.axx SecretFile-txt.exe
So, yes, you have AxCrypt on the target computer. Now, with AxCrypt 2, we just don’t do the above so instead you send / store AxCrypt-2.1.1494.0.exe (or whatever version is current) and SecretFile-txt.axx as two separate files.
See http://forum.axcrypt.net/blog/avoid-self-decrypting-files/ for details about why we have done this change.May 11, 2017 at 14:18 #6376
Flashfox, as a user like yourself I found the problem with the old .EXE files is that newer computers: Windows 8 and onwards refuse to start the file because it was considered “untrusted”. My Internet Security program deletes them because they’re not digitally signed and I don’t have a digital signature. It doesn’t delete .AXX files which are the normal encrypted files.
My Windows 10 computer is very strict and SmartScreen won’t even allow me to manually allow my old .EXE files to run because the files are “untrusted” even though I created them myself. It does trust AxCrypt (because they digitally sign their software) so I have to install the AxCrypt software in order to decrypt my files.May 12, 2017 at 10:37 #6381
Thank you for that additional information. It’s also just yet another indication why self-decrypting .exe is a bad idea.
What happens is that the AxDecrypt.exe (which is the decryption software that makes up the code of the self-decrypting file) *is* actually digitally signed by us, but since it has to carry a data payload as well (the actual encrypted file) the operating system may treat that as an incorrectly signed file. We cannot sign the full file with the data payload because there’s no way we can delegate that operation, and we would not want to even if we could since we’d not want to sign something we did not have control over. That’s the point of digitally signing it, we take responsibility for the contents.