Its fair to say that desktop encryption software has a bit of an image problem. In some quarters it is still seen as something only for highly technical users or those who are so paranoid that they need to encrypt every file, email and directory regardless of whether they have any value.
DESLock+ is one of a new generation of highly usable and well-featured programs that are designed to put secure encryption in the hands of the ordinary user, and it does its job very well. It would suit small company use, but would work equally well in larger setups that want to secure data on the PC (laptops say) of a selected group of users.
It is primarily for securing static data, and for that reason the install program asks the user to chose from one of three symmetrical encryption schemes; Triple DES, its 128-bit successor AES, and the highly secure open license Blowfish cipher invented by Bruce Schneier, which is used in the software-only version of the package.
It can also be used to encrypt Microsoft Outlook and Lotus Notes emails, though the process of decryption is more involved than it would be using a public key encryption design. In practice, this means the recipient must decrypt using a shared password or private key, which reduces the scope of the security if it is being used with strangers. There is a key transfer feature built into the email plug-in (when using hardware token only), but it might be easier to fall back on a separate public key encryption program if this is an important requirement or if the email has to be digitally signed.
The program has two modes, which slightly alter the way it works and the features that are available. The simplest option which should in our opinion be fine for the general single user is to generate a software key using the chosen cipher. Alternatively, DESlock+ is supplied in a boxed version with two USB hardware keys or tokens (a primary one, and one as backup of the key or keys held on the first). If the latter option is chosen, then encryption and decryption will only work when the token is present on the PC and the user has logged in using it. Each USB token can hold up to 64 encryption keys.
The simplest way to use the program is just to designate a folder of set of folders which are to integrate with the program. Once this has been set up, and the key-file or hardware-based key chosen to protect the folder, any file placed in this location will be transparently encrypted or decrypted. If the user is logged out of the software or the USB key is absent then this folder becomes inaccessible. An alternative is just to manually encrypt and decrypt files as you go along, or even encrypt specific passages within a text file without encrypting the file itself.
If the folder is on a networked drive, it becomes necessary to mount it as a virtual drive, complete with its own drive letter. This is a clever way of creating an encrypted resource for workgroup sharing, though it has some limitations such as only one user being able to have read and write access to a file at once. The capacity of this mounted drive also has to be specified and cant be changed at a later point.
All encrypted folders can be archived in a secure way to, for instance, a CD. This means that even though they are offline and vulnerable, they are being held in an encrypted and secure state. If it is eventually necessary to retrieve these files, then the key used to encrypt them can also be retrieved at the same time without, it is claimed, compromising security. Similarly, if taking work out of the network, a secure offline copy can be created, which is then synched with the local version through Windows built-in utility.
One add on to the new version we liked is the desktop shredder. This sounds like a minor addition, but securely deleting files is critical. There is little point in securing files only to make them vulnerable when they are finally discarded. Shredding files is as simple as dragging and dropping them on the icon. It will also shred files in the recycle bin, IE browser history and cache, recent document list, and temporary file folders.
All in all, DESLock+ is an excellent product that is easy to use once you get used to the way it has been designed. It has some drawbacks that stop it being a comprehensive, such as the fact that it is really designed to be used in a workgroup. The software-only version if free to use for individuals (re-registration required) a bargain.
The main question is whether you are encrypting communications such as email, and whether you require a digital signature. If so, then use a public key system. Symmetric encryption systems are better for securing actual data, mainly because the encryption process is much quicker. They don't however, provide, any way of signing an email for verification and involve clunkier key exchange.