conpal LAN Crypt 2Go

PDF ⤓

 


What is conpal LAN Crypt 2Go?

conpal LAN Crypt 2Go enables secure exchange of confidential data via password-based encryption. Files can be encrypted easily and securely with AES-256 XTS. Either on-demand, using the conpal LAN Crypt 2Go app or transparent via the Outlook for Windows Add-In for attachments shared via email. A web hosted version is also available, which enables encryption and decryption on systems where the product is not installed at all or cannot be installed. The user can individually select the password to be used for the encryption. Passwords have to satisfy a predefined set of requirements and complexity in order to ensure a minimum level of security. Requirements enforced are minimum length of the password, case sensitivity and a mix of alphanumerical and special characters.

Persons who do not know the secret password used for encryption will not have access to the information contained in the file and, when opening a file protected with conpal LAN Crypt 2Go, will see only its encrypted contents.

conpal LAN Crypt 2Go is a complement to conpal LAN Crypt clients for Windows and macOS to enable a secure exchange of confidential data also with other persons or external partners who do not use conpal LAN Crypt yet. Besides Windows and macOS it is also available on Linux (Ubuntu, Debian). On mobile devices like Android and iOS/iPadOS the functionality is part of the respective conpal LAN Crypt for Mobile App.

conpal LAN Crypt 2Go is available in English and German language.

Example usage

Imagine that you want to provide an Excel file with confidential financial data to an external marketing agency, which is to create a trendy financial report with attractive graphics. However, the marketing agency does not yet use LAN Crypt.

This is how you can securely share the file with your marketing agency:

Encrypt the file (e.g. “Financial report.xlsx”) with conpal LAN Crypt 2Go. For this, you can create a new key or use an existing key.

  1. Send the encrypted file (“finance report.xlsx.pcrypt”) to your marketing agency, e.g. via an insecure email.
  2. Tell your contact person at the marketing agency the password that can be used to decrypt the file, e.g. during a telephone conversation.
  3. The marketing agency can go to the conpal LAN Crypt 2Go web page to decrypt the encrypted file, without having to install any software. Alternatively, the marketing agency can use conpal LAN Crypt 2Go Reader to decrypt the file locally (Windows only).

Note

  • conpal LAN Crypt 2Go is compatible with LAN Crypt. Therefore, you can encrypt and decrypt files even in folders that have an encryption policy applied by conpal LAN Crypt. Files remain encrypted at all times!

Installation and upgrade

conpal LAN Crypt 2Go is available on the following platforms:

  • Windows 10 or later (x64)
  • macOS 11 or later (Intel, Apple Silicon)
  • Debian 11 or later
  • Ubuntu 20.04 or later

Individual installation packages are available for the following platforms:

  • lc2go.msi - Windows (x64)

  • lc2go.dmg - macOS (Intel, Apple Silicon)

  • lc2go.deb - Debian, Ubuntu (AMD64)

Note

  • A web-based version of conpal LAN Crypt 2Go is hosted on the conpal homepage. This version does not require any software to be installed and can be used by anyone who wants to encrypt or decrypt files.

The Windows version of the product has some specifics that differ from other platforms. Firstly, it supports two different installation modes: current user and all users. Secondly, it contains an Add-In for Microsoft Outlook (32-bit and 64-bit), which is only available on the Windows platform.

Installation option: All Users

Per default, installation of conpal LAN Crypt 2Go does not require administrative privileges and can be installed by any user. If installed by a user, the application is installed and will be available exclusively for that user only. Other user accounts on the same system will not have access to the installed product.

Administrative installation of conpal LAN Crypt 2Go will make the product available for all users. For this, you must run the setup in advanced mode and overwrite the parameter MSIINSTALLPERUSER.

For example, run the following command from an elevated Windows Terminal:

msiexec /i lc2go.msi MSIINSTALLPERUSER=""

This will install the product for all users on the system.

Installation option: Microsoft Outlook Add-In

conpal LAN Crypt 2Go provides modular installation options allowing customers to tailor installations to their specific needs. The ADDLOCAL parameter can be used to select the features to be installed.

Run the following command from an elevated Windows Terminal:

msiexec /i lc2go.msi ADDLOCAL=ALL REMOVE=outlook_addin_feature

This will install the product itself but will omit installation of the Add-In for Microsoft Outlook.

Uninstall conpal LAN Crypt 2Go

conpal LAN Crypt 2Go can be removed from a system at any time. Uninstallation follows standard software removal procedures for each platform.

Note

  • After uninstalling conpal LAN Crypt 2Go, password-based encrypted files can no longer be decrypted on the computer. Uninstalling conpal LAN Crypt 2Go does not uninstall LAN Crypt.

Password-based encryption and decryption of files

conpal LAN Crypt 2Go enables the secure exchange of confidential data through password-protected encryption. With conpal LAN Crypt 2Go (AES 256-bit) you can easily and securely encrypt and decrypt files. LAN Crypt 2GO uses password-generated keys for encryption and decryption, which are stored in a keychain within the application. Users can add new keys, delete old ones or view the passwords used for existing keys at any time.

Note

  • Encryption always requires a secure password! It must be at least 8 characters long and contain upper and lower case letters, numbers and special characters.

  • The name of the encryption password has no influence on the key used for encryption. The actual key value for encryption is generated separately.

Using the graphical user interface

When opening the app by selecting the conpal LAN Crypt 2Go program icon, the encryption dialog appears. Use the Select… button to select the file to be encrypted or decrypted.

To encrypt the file, now select the desired key and finally click Encrypt. New keys can be added by the New Key button and managed by the gear icon.

conpal LAN Crypt 2Go creates an encrypted copy of the file. Encrypted files get the additional file extension .pcrypt and are clearly recognizable by the graphical document icon.

Note

  • The original file is never deleted or overwritten by conpal LAN Crypt 2Go.

When decrypting a file that has been password-encrypted by one of the LAN Crypt products, the system first checks whether the required key is already stored. If this is the case, it is automatically used for decryption. If the required key is not yet available, the key password must be entered to successfully decrypt the file. A key is derived from the entered password and saved, so it can be used for further encryption and decryption.

Note

  • When decrypting a file, conpal LAN Crypt 2Go creates an unencrypted copy of the file. It also restores the original file extension of the file by removing the .pcrypt extension.

To view and manage the created keys, click on the gear icon and select Password-based Keys. Now you will see a listing of the saved keys including information such as their GUIDs. With a right click on a key you can now rename it, delete it or view the original password (Windows only).

Using the context menu

If an unencrypted file is opened with Open with -> conpal LAN Crypt 2Go, the option to encrypt the document is offered.

An encrypted file is temporarily decrypted in this way and automatically re-encrypted after viewing or editing file.

Using ‘drag and drop’

Simply drag the file to be encrypted or decrypted onto the program icon of conpal LAN Crypt 2Go.

../img/LC2Go-Englisch-IMG4.png

View and edit encrypted files

Files can also be edited directly without manual decryption. In this case, the encrypted file is automatically decrypted when opened and then re-encrypted with the corresponding password after editing. The prerequisite for this is that the required key has already been saved or is entered correctly on request.

The respective standard program is used to edit the file (e.g. original .docx files are opened with Microsoft Office by default).

Note

  • If an encrypted file is read-only, the temporarily decrypted file is also read-only. This usually results in the respective default program preventing changes to the file.

  • To create a decrypted version of a .pcrypt file, you can either use Save as within the respective editing program or open conpal LAN Crypt 2Go, select an encrypted file and tap the Decrypt button.


Using the Microsoft Outlook Add-in (Windows only)

conpal LAN Crypt 2Go extends Microsoft Outlook installed on the Windows client with the option to encrypt attachments on the fly. It supports two ways to get an attachment encrypted:

  • On-demand
  • On-send

The add-in has built-in logic to help the user to determine when encryption is deemed necessary. Attachments that are included in emails sent to internal recipients only will not be encrypted by default. However, the user can opt to use the On-demand encryption option if attachments should be encrypted.

If an email including an attachment is sent to an external recipient, the add-in will prompt the user to have the attachment encrypted before the email is sent. This behavior is intended to prevent sensitive data from being sent to an external partner without adequate protection.

Encryption ‘On-Demand’

Attachments can be encrypted anytime via the conpal LAN Crypt 2Go add-in in the ribbon bar of the ‘New Email Message’ window. During encryption, the original copy of an attachment is removed from the email and replaced with the encrypted copy.

Encryption ‘On-Send’

The conpal LAN Crypt 2Go add-in is triggered when an email with an attachment is to be sent to an external recipient. A recipient is considered external, when his email domain differs from the sender’s domain (i.e. the part of the email address after the @ is different). Although encryption is suggested, it is not enforced and the user can omit it at his own discretion.


Using conpal LAN Crypt 2Go from the console.

With the command line tool of conpal LAN Crypt 2Go you can encrypt and decrypt files via the command line or the terminal. To do this, open the respective path via the console:

Windows:

C:\Users\<username>\AppData\Local\Programs\conpal\LAN Crypt\2Go

macOS:

/Applications/LAN Crypt 2Go.app/Contents/Resources/lancrypt.app/Contents/MacOS/lancrypt

Linux:

Since the installer automatically adds the command line tool to the search path, there is no need to open a specific path via the console.

Now you can use the application inside the console with the command lancrypt and a following statement.

Key management

conpal LAN Crypt 2Go allows keys to be managed via the console. Keys can be added, deleted, renamed and listed there.

Add key:

lancrypt /A key name password

or

lancrypt /A /F file password

Adds a key for further encryption and decryption. With the additional option /F file the name of the key, its GUID and further key information are taken from a given file.

Delete key:

lancrypt /P /N name

or

lancrypt /P /G guid

Deletes the specified key. With the additional option /N name the key to be deleted is identified by its name. With the additional option /G guid the key to be deleted is identified by its GUID.

Rename key:

lancrypt /R /N name new-name

or

lancrypt /R /G guid new-name

Renames the key. With the additional option /N name the selected key is identified by its name and renamed. With the additional option /G guid, the selected key is identified and renamed by its GUID.

List key

LANCRYPT /L

Lists all stored keys.

Encrypt via the console

lancrypt /E file /N key name

or

lancrypt /E file /G keyguid

or

lancrypt /E file password

Encrypts the selected file either with an existing key (identified by either /N name or /G guid) or with a newly chosen password.

Note

  • Encryption always requires a secure password! This must consist of at least 8 characters and contain upper and lower case letters, digits and special characters.

  • The name of the encryption password has no influence on the key used for encryption. The actual key value for encryption is generated separately.

Decrypt via the console

lancrypt /D file

or

lancrypt /D file password

Decrypts the selected file either automatically with the matching already stored key or with the given password.

Note

  • When decrypting with a password, this is not automatically stored in the saved keys.

Technical support

You can find technical support for conpal products in any of these ways:

At support.conpal.de registered customers with active maintenance contracts get access to downloads, documentation and knowledge items.

As a registered maintenance customer, send an email to:

support@conpal.de

including your conpal software version number(s), operating system(s) and patch level(s), and the text of any error messages.