How to exchange documents securely (cross platform)

I have to define a way for two parties to exchange a folder (files) securely. Encrypted zip format seems to be the most obvious but I have read some accounts of zip encryption being flawed. So I am trying to see if there are any other solutions out there.

My requirements are -

It should be really easy (clicking the mouse and entering the key/passphrase).
Need to be free software (should not mandate the either party to buy software as much as possible)
Of course it has to be secure. If the encrypted file ends up in the wild the parties should be assured that its secure.
The cross platform nature of it comes in because some of the users involved might use a Mac.

Is my only option to use gpg? I am averse to using it but I want to see if there is any other possibility. The only problem with gpg is I will then have to define a way to exchange the public keys and verifying the public keys are properly exchanged. I am looking for a solution where one party can send the file to the other and then get on the phone and say "double click on the file and enter this passphrase".

Thanks for your help!

user220201

Posted 2012-01-13T23:55:09.933

Reputation: 151

Does the file itself need to be secure, or only the exchange? – Ignacio Vazquez-Abrams – 2012-01-13T23:59:53.677

@Ignacio - The file has to be secure not just the exchange. – user220201 – 2012-01-14T00:09:29.647

You do know how easy it is to wiretap phones, I hope. – user1686 – 2012-01-14T01:17:02.947

Just to understand it right: you need a person A to send some files to person B, and make sure that only person B will open the file? Send by email, etc, and not that they are in the same network ?And this encryption must run on windows and Mac ? – woliveirajr – 2012-01-14T01:30:37.760

Answers

7-Zip supports 256 bit AES encryption.

7-Zip is a free and open source file archiver. 7-Zip operates with the 7z archive format, but can read and write several other archive formats. The program can be used from a command line interface, graphical user interface, or with Microsoft Windows shell integration.

enter image description here

RedGrittyBrick

Posted 2012-01-13T23:55:09.933

Reputation: 70 632

I recently asked a very similar question, and wasn't able to find a truly simple, transparent, free, cross-platform solution. zip file encryption is no longer terrible, but Macs can't open encrypted zip files from the GUI (and worse, they give a misleading error that makes it sound like there's something wrong with the file).

Truecrypt is excellent, and isn't very difficult to use. However, it does require the user to install the software and learn what it means to mount an encrypted volume.

An additional advantage of truecrypt is that the files remain on the encrypted volume, and disappear off of the computer when the volume is unmounted. When you unzip an encrypted zip file, it creates a cleartext copy of the file on the hard drive, and the user has to remember to delete it themselves. This is the case for all file-level encryption that I'm aware of, and for that reason I'd recommend an encrypted partition system even if it's more complicated for your users.

octern

Posted 2012-01-13T23:55:09.933

Reputation: 285

I second the true crypt suggestions and raise you a SCP over SSH. SCP transfers are secure, there is a lot of free, easy to use software for mac and pc (macfusion/winscp) and it's not limited by email limits. And you can run an ssh server on windows with cywin for free. – skub – 2012-01-14T05:33:02.750

You can use small truecrypt in-file-partition. You will have to install (free, opensource, multiplatform) truecrypt on each computer.

The benefit (compared to encrypted zip) is that you can operate on such secure filesystem in realtime (without decompressing/recomressing).

BTW, there is a nice easy to use GUI and it's really safe.

Michał Šrajer

Posted 2012-01-13T23:55:09.933

Reputation: 2 495

Seems like this answer is no longer appropriate as truecrypt is no longer considered safe. – uthomas – 2018-09-17T14:44:39.947

Is my only option to use gpg?

No. Second and better choice is to use S/MIME encrypted e-mailing

Lazy Badger

Posted 2012-01-13T23:55:09.933

Reputation: 3 557

An where are the arguments proving that? – Tom – 2012-02-20T15:02:14.863

@Tom - symmetric vs asymmetric encryption, if it tells you something. From user-side - requirement to trusted exchange of public keys in case of PGP and no needs for it in case of S/MIME (nodes have just to exchange signed e-mails) – Lazy Badger – 2012-02-20T15:28:16.520