Forum Replies Created
-
AuthorPosts
-
Hello Kent (and everyone else helping out here),
It really is very simple. The confusion here is about regular account management, and it’s nothing specific about AxCrypt. It’s how all account systems work.
An account always has some kind of identifier naming it. Sometimes it’s your realy name, sometimes it may be your phone number – but the absolutely most common account name identifier is an email address. AxCrypt accounts use the email address.
This type of system typically also relies on access to the mailbox associated with the email address as ‘proof of ownership’. That’s why we and everyone else sends out these emails with a verification link. The link contains something unique, that when used ‘proves’ to the server that you actually have access to the mailbox associated with the email address.
So, if I go ot a site, and enter *your* email address (let’s say bob@axcrypt.local), the account is created and an email is sent to *you*. I will never see it. You will see it, and hopefully just throw it away.
Or, you go to the site, register with your email (still bob@axcrypt.local in this alternate example), get the verification email, click on the link – use it a little bit, and then forget about it. Years passes…
Now, you are at the site again, you register with a different email (let’s say david@axcrypt.local), get the verification email and complete the process. Then you realize that you’d after like to use bob@axcrypt.local after all. So, you ask the site to change from ‘david@axcrypt.local’ -> ‘bob@axcrypt.local’.
But, ‘bob@axcrypt.local’ already exists on the server! The server has no real way of knowing that ‘david@axcrypt.local’ and ‘bob@axcrypt.local’ are really the same entity. So, it tells you “Sorry, but that account is already taken”.
What to do?
Simple – since you are in affect both, just sign in to ‘bob@axcrypt.local’ (if necessary reset the password, which you can do since you have access to the mail box), and then delete the account ‘bob@axcrypt.local’.
Now, you can go back to ‘david@axcrypt.local’, and change the email to ‘bob@axcrypt.local’ which is no longer existing, and thus the server allows the change.
The above procedure may differ in detail depending on the provider, but the core issue remains the same. In order to create, or move an account, you need to prove ownership of the account email. In the case of the change scenario, to both.
Thank you Jose!
Hello Edward,
It would really help with a screen shot, so we can see exactly where you are stuck. Also, you write that you get a message to the effect of “I have already used this password and to enter the password for the file” – this confuses me because try as I might I can’t recall AxCrypt actually has such a message.
Hello TC,
Thank you for reporting this. I think this is because you have:
1) Signed in to the Windows app.
2) Signed in to the web.
3) Changed the password via the web.
4) Gone back to the Windows app and you are now trying to do the invite – but the app has remembered the wrong password, which causes the invitation to fail with a bad error message.
The correct behavior here would be for the Windows to realize it is no longer correctly signed in, and sign out.
Please try to sign out of the Windows app and sign in again, and retry. If you can confirm if this works or not, we’ll then make a bug report about it.
Hello Darmar,
Thanks for your input – noted.
Hi Rob,
“if I have 5 users with a shared network drive which is designated as encrypted, would each of the 5 users have to have a paid account, or would just the one that initiates the share within AxCrypt?”
It depends on your scenario.
You need the Premium plan for two things in this context.
1) Designate a folder as “Secured”, which means that it is is monitored for changes, and you can set a default set of recipients for new files in the folder. So, when new files are discovered in the folder you can encrypt them with that set of recipients with a single click.
2) To add recipients to specific files, outside of “Secured Folders”. This can be done for ad-hoc specific files, but might be less important for your use-case.
A user does not need to be on the Premium plan in order to open, work with, and save a file that has been key shared. If a file that has say for example 5 recipients for the key share is edited and saved by a non-Premium user, that same set of 5 recipients can still open and work with the file.
So, if you have one user who “owns” the folder, adds files and determines who shold be able to read and update files, only that user needs Premium.
Premium is needed in order to designated folders as secured, and to add/remove recipients for secured folders and discrete files. To work with such files, the Free plan is sufficient.
Hello,
There is no need to worry about key import / export. It’s all done automatically by AxCrypt via our key distribution server. All you need to do and know is the recipient(s) email-addresses (only used to identify the recipient account, not to actually email any data).
The key sharing function embeds the shared key into the file. The file must thus first be key shared with the recipient, then sent or file shared. Please note that AxCrypt does not share or send the actual file. To see a quick instructional video explaining how to use key sharing, please view https://www.youtube.com/watch?v=9z3KOZD-Yks .
Please check out our video tutorials at https://www.youtube.com/channel/UCoSoXBjq6iCG5232fHoWStA and our other documentation at https://forum.axcrypt.net/documentation/get-started/ to get started with AxCrypt.
Once again, thanks Franz!
Thanks Franz,
Last(?) question…
From what you’re saying (and what I gleaned from the cursory glance at the office spec for cryptography and XLS), and from the screens above, it seems like the default behavior for saving a .XLS file even in modern versions of Excel is compatible with Excel 97 – 2003 which would imply that such a save has the weaknesses these versions of Excel has.
So, assuming a non-expert non-cryptography-setting-tweaking user, it’s still a fairly safe assumption that a .XLS file if password protected is protected with the old weak form of Office crypto – right?
If the file is saved in .XSLX-format, it’s also a fair assumption to make that it is saved as AES-128, once again assuming the non-tweaking user. So your last statement “For most users saving in the latest versions of Excel, with a secure password, they have no fear about the security unlike in olden times of Office. The default option is suitably secure even as AES128, 100,000 iterations at SHA1.” is valid when the file is saved as .XLSX in a newer version of Excel.
Hello Rob,
Maybe you haven’t looked into the key sharing feature + secure folder with AxCrypt. It sounds like the right thing for your scenario.
Each user has his/her own password that (s)he sets individually. Users of a particular folder on a network drive for example, designates it as a ‘Secured Folder’ in AxCrypt, and then sets the users that all files in that folder should be openable by. That’s it. Existing files will be set to include the recipients, and new files will automatically also have the same recipients.
The normal workflow once you’ve set up the secured folder and the default recipients for that folder is trivial. No nightmare!
(Currently an inconvenience is that the configuration of the recipients is kept local in each users computer, and thus each user who creates new files do need to set up the same list of recipients. We’ll improve this in the future.).
Hello Franz,
As you say – it doesn’t matter for the original poster. However, I always like to learn new things.
I do know about the 50,000 vs. 100,000 iterations for Office 2007 vs. later, but I did not realize that the XLS file format was sophisticated enough to handle in a backwards compatible manner a different encryption technique.
I.e. Excel 2003 password protects using the known weaker encryption, while Excel 2007 (or later) can password protect using the newer stronger encryption – in the same file format, such that Excel 2003 can actually recognize that it can’t decrypt a .XLS file enrypted with Excel 2007. Presumably it displays a mesage to the effect that it can’t open the file because it’s been saved by a newer version of Excel then?
Browsing the specification for XLS files and office encryption actually I can’t really tell. Wow – those specs are complicated! What I do see even with a brief browsing is that there are about a zillion different ways “password protection” may actually be performed on a document. If the default is changed for example, a regular user would never notice. The installation default for later versions of office is indeed AES-128/SHA-1, but there are many caveats there too. In comparison, the AxCrypt technical specification is a lot easier to analyze and implement. One way to compare is that the Office Document Cryptography Structure specification is 107 pages (including 7 pages index), the AxCrypt Version 2 Algorithms and File Format is 12 pages (without any index) including rationales.
Ok, that was quite off-topic! Sorry ;-)
Hello Rob,
I’m afraid you lost me a little bit. What’s the point of encryption if there is no secret key involved somewhere?
AxCrypt almost does what you say, you can share the embedded file key with anyone with an email address, and they can sign in using their own password. But they still need to enter and know that password.
others, from earlier versions of the program are filetype “xls”
That used to be true with Microsoft Office versions 2007 and below.
The file was of type .xls, which is an older format, and that was the format *before* Office 2007.
Hello Old Bob,
This means that the Excel-file itself is password protected by Excel. This has nothing to do with AxCrypt. Google the error message, and the top hit is: https://support.microsoft.com/en-in/help/321147/error-message-the-password-you-supplied-is-not-correct .
Apparently, you have both password-protected the Excel file and also then encrypted it with AxCrypt. You’ll have to remember the Excel password – or get a cracker. Contrary to AxCrypt, Excel password protection can usually be cracked ;-)
Hello Gary,
AxCrypt 2 asks you to sign in to your account, which AxCrypt 1 did not. We now use a single sign on model where the same password is used to sign in to our servers and to protect your files. The password that you’re being asked for is the password to your account, which you probably created when you first installed AxCrypt 1.
If you do not remember the password to your account, you can always reset it. This is not a way to recover encrypted files! It’s only to allow you to sign in to the AxCrypt app and web. The new password will be used to encrypt new files. Go to https://account.axcrypt.net/Home/PasswordReset to do this, or you can also go there from AxCrypt with File | Options | Password Reset .
If you open files encrypted with a different password than your sign in password, which often is the case directly after upgrading to version 2, you will be prompted for that original password. If the file was encrypted with version 1, it will then be automatically upgraded to version 2 and to use the new sign in password which means you won’t be prompted again for the old password.
-
AuthorPosts