Forums Help & support Opening Encrypted Files without password

This topic contains 12 replies, has 3 voices, and was last updated by  Jonatan 3 weeks, 1 day ago.

Viewing 13 posts - 1 through 13 (of 13 total)
  • Author
    Posts
  • #16160 Reply

    Dafney Dewitt

    I tested AxCrypt by encrypting a batch of photos that were not important.  Encryption worked well and fast.  But I forgot the password.  So I deleted all the encrypted files.  Next I went to the recycle bin and marked the deleted files to be restored.  All the photos were restored and unencrypted.  Is this the way AxCrypt is supposed to work?  Doesn’t seem  secure if encryption can be broken by simply deleting and restoring?

    #16163 Reply

    Dafney Dewitt

    Actually, AxCrpt, encrypted several folders containing photos.  Although it displayed photos as encrypted, it might have only encrypted the folders.  And when the folders were deleted and recovered, all of the photos were viewable without password.

    #16167 Reply

    Prabhukumar R
    Moderator

    Hello Dafney Dewitt,

    AxCrypt encrypted files are still encrypted state if we delete the encrypted file from the system.

    If restore the encrypted file, No way the encrypted file to change unencrypted state in the system. Still, your files are encrypted state only.

    I think, if you try to open the restore encrypted file using AxCrypt app.now AxCrypt app open the encrypted files.

    Please note: AxCrypt 2 now use a single sign-on model where the same password is used to sign in to our servers and to protect your files.

    AxCrypt app are required to open/decrypt the AxCrypt encrypted files. without AxCrypt app we cannot decrypt the encrypted files.

    Still, if you are facing any issues, please write to Support@axcrypt.net. we are happy to help you.

    #20355 Reply

    John Sampson

    I do not understand Prabhukumar R’s reply. I encrypted a PDF file in a folder on OneDrive, then opened the OneDrive recycle bin using a Web browser. I found the unencrypted file (.pdf) there, and restored it to the folder where it was before. I now have the encrypted file (.axx) and the unencrypted file (.pdf) in the same folder – two files, one readable. It seems to me that this is an easy way to get access without needing to decrypt the file. I would expect a secure encryption app to delete the unencrypted file, not store it in the OneDrive recycle bin or anywhere else.

    #20364 Reply

    Prabhukumar R
    Moderator

    Hello John Sampson,

    AxCrypt works by decrypting files temporarily and then launching the appropriate application for the decrypted file, which thus is entirely unaware of AxCrypt. AxCrypt monitors the system for the launched app to exit, and when it detects this it will re-encrypt the file and wipe (overwrite) the decrypted file and then delete it.   

    Note: The temporary files will be removed as soon as the opened encrypted file closed/signed out from the AxCrypt app.

    If you have any queries, please feel free to contact our support via support@axcrypt.net.

    #20365 Reply

    John Sampson

    I don’t understand this reply either. I was encrypting a file. Axcrypt could not decrypt it because it was not encrypted anyway.

    #20373 Reply

    Prabhukumar R
    Moderator

    Hello John Sampson,

    Please explain the more detailed(step by step) information about the issue also some screenshots. we are trying to find the issue and fix the issue as soon as possible. Also you can write an email to our support team support@axcrypt.net.

    #20375 Reply

    John Sampson

    The issue is quite simple. To encrypt a file, Axcrypt produces an encrypted version of the file the user chooses. It then deletes the original file but allows the operating system to store a copy of it in the recycle bin. This is the usual way an operating system deletes a file, but it is not secure. Why does Axcrypt not erase the original file securely? Is there a way to ensure that the original file is erased properly?

    #20376 Reply

    Jonatan
    Keymaster

    Obviously AxCrypt does not use the Recycle Bin to delete any sort of files. Be it original files, temporary (previewed) files, or any other files it handles.

    Just as a simple test I just encrypted a file on my computer, and of course there’s nothing showing up in my Recycle Bin (as expected).

    I would expect the original user to have confused some other files they deleted, with files AxCrypt uses. And then thinking it recreating encrypted files. If you can recreate that ehaviour somehow, we’re of course very interested in how, because it would obviously be a major bug.

    #20378 Reply

    John Sampson

    So I also have just now encrypted a file on my computer, then opened the OneDrive recycle bin via Brave browser. The filename of the plaintext file appears there. I would attach a screenshot but I do not see how to do that here.

    It may be that I have a setting wrong, but if not there must be a bug in this version. I cannot find how to show the version.

    Kind regards

    John Sampson

    #20393 Reply

    Jonatan
    Keymaster

    Maybe this is something that happens in OneDrive? That’s of course not ok either if that’s the case. We’ll have a look at it and see if we can recreate this.

    Are you using Windows 10? (I assume it’s windows since you use OneDrive)

    #20397 Reply

    John Sampson

    This is OneDrive. I also tried using an eraser-type app which is supposed to delete a file permanently by overwriting it. I again found that a copy of the file was in the recycle bin. So I was maligning Axcrypt as the culprit, and I apologise. It looks as if files cannot be securely deleted from OneDrive. The best solution is not to use OneDrive for confidential files. I don’t know how many people are aware of this issue.

    Kind regards

    John

    #20425 Reply

    Jonatan
    Keymaster

    Yes, we’re also seeing this behaviour from OneDrive, thank you for bringing it up. We’re investigating how the AxCrypt application should handle this.

    For now, be aware that OneDrive does this and make sure their recycle bin is emptied after encrypting files. Or like you say, maybe avoid using OneDrive for files that you need to be absolutely sure they’re deleted securely for now.

Viewing 13 posts - 1 through 13 (of 13 total)
Reply To: Opening Encrypted Files without password
Your information: