Best way to encrypt documents on the fly


I have several computers that synchronize my documents folder from my main computer (using the standard Windows 7 'offline folder' synchronization).  This system works, and while each of the computers are PGP encrypted, I realize the documents themselves are not when the computers are running.  They are transferred between computers, and shared from the main computer, with no encryption at all.  This is fine for most of the documents, but I have some sensitive information that I would like to keep encrypted, so even in the event of the document files getting compromised one day (moving across the network during a synchronization/replication, one of the computers being compromised while running, etc) the sensitive documents are still encrypted.  

I've looked at several programs, but they seem to require mounting a volume, etc. which is a little more complicated than I'm looking for.  What I'm envisioning is having an application on the computer which, when navigating to a file (perhaps containing a folder) will pop up asking for a password, and upon entering the password, will be able to navigate the file within that folder.

Open to any suggestions - again, just trying to avoid 'over-complicating' this.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Zephyr ICTCloud ArchitectCommented:
Did you also have a look at BitTorrent Sync? Now maybe you'll have to go for the pro version but you could do a trial with the free version. I use it on a lot of devices and it works great. The PKI function makes for not needing to remember passwords and still staying secure.
A safe solution would be "encryption anywhere". So any endpoint is encrypted and the data in ransit would be ecrypted using ipsec.
Mystical_IceAuthor Commented:
McKnife - that's true, but the endpoint volume encrypted still means when the computer is running the data is not encrypted (someone could walk up to the computer and copy the files off).

Trying to find something where sensitive documents are encrypted or their folders are encrypted

I will look into BitTorrent Sync
C++ 11 Fundamentals

This course will introduce you to C++ 11 and teach you about syntax fundamentals.

"someone could walk up to the computer and copy the files off" - leaving a computer unlocked and unattended at the dame time is a deadly sin, security wise. No solution will help against that because that leaves the attacker with all possibilities.
Mystical_IceAuthor Commented:
Not suggesting leaving the computer 'unlocked and unattended', but surely you see the point I'm getting at.  Once the computer is started, having full hard disk encryption doesn't help with anything.  The files reside on the computer in an unencrypted state, and can be copied off with no protection at all (whether it be by accessing the computer via the network, etc)
Look, securing a pc has several things to it. One of the very essentials is not leaving it unattended while unlocked at any time. Just that simple. You will not find a serious solution that will keep your data encrypted and secure even when the machine is unlocked. Let me explain why that is:
If you expect a solution to work that way, then it would require to enter a password each time we access that data and, after a short while, lock that data again to make sure it is not being seen by someone who now is looking at your unlocked screen while you are away. Fine, there are solutions that do this, like folderguard.
Why wouldn't I recommend such a solution? Because some guy could walk up to your machine and start a user space keylogger (no admin rights required) and record all keystrokes, including the password for folderguard. He would later harvest and use those passwords - and that is no fiction.

While your screen is locked, your data is very safe. There are ways to still get in, yes, but they require real skills and some technical assumptions even, like having the firewall turned off and being vulnerable to DMA attacks.
That's why I recommended what I recommended.
Mystical_IceAuthor Commented:
I still don't know that you understand my concern.  It's not whether someone can access the files from the console of a computer.  it's the fact the files are transferred over the network unencrypted, and reside unencrypted on the computer once the operating system is running.

Installing a keylogger on a computer negates virtually EVERY form of protection; including a locked screen FYI (user session keyloggers will also pick up unlock passwords).

For the purposes of THIS question, let's assume I'm not worried about someone sitting down at my unattended and unlocked computer, k?
I understood, be assured.
If I follow that assumption, you would need software like the aforementioned folderguard, or any other encryptor that will allow on-demand-access secured by an additional password. That could be bitlocker-locked VHDX files, that could be truecrypt container files.
About the network traffic: please comment if the suggestion (ipsec) is suitable. What you could also use is smbv3 which is encrypted by default but would require clients with win8 or later and file servers that support smbv3 as well as server 2012 and later would do.
Mystical_IceAuthor Commented:
Unfortunately I can't use SMB or IPsec for my purpose.  you're correct that would be the optimal solution, but sometimes for this use case it would be an unencrypted netowrk
What about the aforementioned folderguard then? It fits your  "I'm envisioning is having an application on the computer which, when navigating to a file (perhaps containing a folder) will pop up asking for a password, and upon entering the password, will be able to navigate the file within that folder"
Wells AndersonCEOCommented:
As I understand it, you want selected files to be encrypted at rest on Computer A, encrypted in transit while synchronized from Computer A to Computer B, and encrypted at rest on Computer B. You want a system that is simple to implement and highly secure. You are willing to be prompted for a password to open an encrypted file each time you need to open one. You know you need to keep your computers locked (Windows Lock Screen) when unattended, but you are concerned about someone accessing the files on your computer from across the network and copying sensitive, unencrypted files from your hard drive.

Perhaps AxCrypt satisfies all of these requirements.
Automatic re-encryption after modification.
Absolutely no user configuration necessary or possible before use.
Open source under GNU General Public License.

AxCrypt gives you the option of being prompted for the password every time you attempt to open a file or being prompted only once during a session. If you want to be prompted only once, AxCrypt maintains an in-memory cache of used passwords. Presumably that in-memory cache is inaccessible to someone accessing your hard drive across the network.

Because AxCrypt encrypts your file after each modification, your file is always encrypted on your hard drive.

When your updated or newly encrypted files are synchronized, the encrypted files on your drive are transmitted as encrypted files to your other computers. With AxCrypt installed on other computers, you can decrypt the files with their password(s).

One inconvenience of AxCrypt is that it does not encrypt folders as such. You can select a folder with AxCrypt and provide an encryption password, but each file is encrypted with that password. The folder is not changed. That may well be an advantage in your scenario, since AxCrypt won't interfere with whatever technology you use to synchronize folders and files.

Since AxCrypt is compatible with Zip programs, you could compress a folder into a Zip or 7z file and encrypt the compressed file with AxCrypt.

A related disadvantage is that when you add a new file to a folder where you save encrypted files, the new file will not be automatically encrypted. You need to remember to right-click each file or selection of files and assign them a password with AxCrypt.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Mystical_IceAuthor Commented:
This was what I opted to use.  Axcrypt is a small application, lightweight and easy
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.