Here you will find various recipes, tips and recommendations about how to use Xecrets Ez, the desktop app for macOS, Linux and Windows. Start by watching a demo.
The app is the same across all supported platforms, but since the platforms have some fundamental differences, there are a few differences also for Xecrets Ez.
Xecrets Ez has a simple and compact user interface for encrypting and decrypting files. It's designed to be easy to use, and to be used by anyone who can use a computer. It's available for macOS, Linux and Windows, and requires no Internet access.
Please visit the feature overview for more details.
For a quick introduction, check out our videos. More to come.
There's really no installation required, Xecrets Ez is designed to be run as a stand-alone single executable, what's often called a portable app.
However, since macOS, Linux and Windows do have some differences, for convenience and ease of use, you may want to perform some platform specfic actions. If you're not putting the app on a removable device such as a USB stick (which works perfectly fine) we recommend that you place the app after downloading and unpacking in a fixed unversioned location.
The download itself is always versioned by name, so that it's easy to know what you've got. For example, the download for macOS may be named XecretsEz-Osx-2.3.398.tar.gz
while the corresponding Windows download would be XecretsEz-Win-2.3.398.zip
.
Use the appropriate utility to extract the actual app executable from the downloaded file. This will be XecretsEz
for Linux, Xecrets Ez.app
(the .app extension is usually hidden and it's actually a directory) for macOS and XecretsEz.exe
on Windows.
We suggest you move the extracted app to the following location:
/Applications
(or user local /Users/[YourUserName]/Applications
)./home/[YourUserName]
or equivalently the Home
shortcut.C:\Users\[YourUserName]
or equivalently %USERPROFILE%
.The advantage of placing the app in a fixed location is that it's easier to find it when you use it or update it and it also makes it possible to conveniently associate encrypted .axx files to the app, see below for details.
A license is a (relatively) short string digitally signed by us containing the terms and validity of your subscription. You copy the license string from our server, and then paste it in the Xecrets Ez main window.
Use the "Help | Download License" menu option in the app. You will need to provide the last 4 digits of the credit card number to identify yourself.
You can also use the the subscription management page to find a link to your license there. Select the link and copy the license string to the clipboard. Then paste it in your browser address bar and hit enter.
Regardless of how you get there, use the copy to clipboard button to copy the license to the clipboard, and then switch back to Xecrets Ez, ensure you are signed in and paste it in the main window.
Before you can download a license, you need to purchase a subscription.
For Xecrets Cli, you instead download a small text file and place it next to the cli executable.
Xecrets Ez supports the use of a YubiKey for signing in, you'll find the configuration in the User menu. This is a very secure and convient way to sign in, as you don't have to type your password. Thus keyloggers are defeated, and if you configure a PIN or touch, physical access is required.
Because Xecrets Ez protects files at rest for the long term, we use the YubiKey in a way that if you lose your YubiKey, you won't necessarily lose access to your files. We have deemed it to be an unacceptable risk to cause complete data loss if you lose your YubiKey.
Briefly, the YubiKey is used to encrypt your actual password, and the encrypted password is stored in your settings. When you sign in, the app checks if there's a YubiKey present, and if it can decrypt a stored encrypted password, it is used to try to sign in. If it doesn't work, you will be presented with the normal password sign in dialog.
Technically, the YubiKey is used with the PIV smart card application with RSA-2048 keys, and the password is encrypted with the public key of an existing slot, or if no suitable slot exists, a new slot that is created for this purpose. The private key is generated on the YubiKey and never leaves it. It should co-exist nicely with other PIV smart card applications, such as for SSH keys, as well as other uses of the YubiKey including FIDO2, U2F, OTP and OpenPGP.
The only consequence of losing your YubiKey is that you have to type your password instead. However, if you lose your YubiKey and an attacker has access to it and your computer, they can decrypt your files unless you protect the YubiKey with a PIN, which we strongly recommend.
The design goal of the YubiKey support is to make it as easy as possible to use Xecrets Ez, and also to encourage the use of a strong password since there will be no need to type it as long as you have the YubiKey inserted.
Using a YubiKey is optional, and you can always sign in with your password if you prefer. There is generally no need to configure anything to use a YubiKey if it's already setup for PIV smart card use. If it's not been setup before, we recommend that you change all the default security settings using the Yubico YubiKey Manager app.
You might also want to generate a Key Management certificate in the Yubico app, which will then be used by Xecrets Ez. Regardless, Xecrets Ez will configure it as needed, but it can't change default security settings.
Some notes concerning YubiKey on macOS, please read the Yubico documentation for details. Briefly, if the keyboard assistant opens, just close it. If you're asked to allow Xecrets Ez to receive keystrokes from any application, you can click "Deny" (unless you are planning to use the YubiKey for OTP sign in to sites, but this has nothing to do with Xecrets Ez). No further action is required, but we do recommend that you configure the YubiKey as described above using the Yubico YubiKey Manager app.
Some notes concerning YubiKey on Linux, please read the Yubico documentation for details. Briefly, you may need to install the pcscd
package, and you may need to configure the location of the libudev.so
library. As above, we recommend configuring the YubiKey with the Yubico YubiKey Manager app. On Ubuntu 22.04, the following was required:
sudo apt install pcscd
sudo ln -s /usr/lib/x86_64-linux-gnu/libudev.so.1 /usr/lib/libudev.so
You can pin Xecrets Ez for quick access.
No action really required, macOS will place it in the recent apps section in the dock if it's in /Applications and you will find it in the Launchpad like any other application. If you want it always in the Dock, right-click the icon in the dock when it's running, and select "Options | Keep in Dock".
For Linux it requires a little bit of manual work to get Xecrets Ez into menus, but as a Linux user, you'll probably feel right at home. This is on Ubuntu 22.04, but it should be fairly similar in most distributions. You will have to manually create and edit a .desktop
file, and place it in the ~/.local/share/applications
directory. Please name the file com.axantum.XecretsEz.desktop
. Copy and paste the following, changing [YourUserName]
to whatever user name you are using in your system.
[Desktop Entry] Name=Xecrets Ez Exec=/home/[YourUserName]/XecretsEz %f Type=Application Categories=Utility;FileTools
Pin the program for quick access to both Start
and the Taskbar
. Right-click the executable where you placed it, and then select "Pin to Start" and/or "Show more options | Pin to taskbar".
Each operating system has it's own desktop file manager, typically Finder for macOS, GNOME/Nautilus for Ubuntu Linux and Explorer for Windows. There are many other options, but here we describe procedures for these.
Normally you open a file by double clicking it, but how does the operating system know how to open it, i.e. what app to use?
This is called associating the file type with the app. The procedure differs, and there are many alternate ways to do this, here are some ways it can be done.
Normally it's not required, but if you have other applications registered for the .axx extension such as AxCrypt, you may want to change it. To associate Xecrets Ez with .axx
files right-click an .axx
file, select "Open with" then "Other...". Select either /Applications
or /Users/[YourUserName]/Applications
, scroll down to XecretsEz
, select it, check the Always Open With checkbox and finally click Open. You can also do this from the Get Info menu on right-click.
This is for Ubuntu 22.04, but the process should be similar in most distributions. To associate Xecrets Ez with .axx
files right-click an .axx
file, select "Open With Other Application", click View All Applications, scroll down to XecretsEz
, select it, and click the Select button. Xecrets Ez opens the file, and will do it with a double-click in the future.
To associate Xecrets Ez with .axx
files right-click an .axx
file, select "Open with" then "Choose another app", scroll down to "Choose an app on your PC" and browse to where you moved the XecretsEz.exe
executable when you installed it. Finally, click the "Always" button to make the association permanent.
There are several reasons for signing in.
The most important one is based on over 20 years of experience with encryption apps. When you sign in, the app verifies that you're really using the password that you intend to use, your master password that you set up the app with.
If we were just to ask without checking, there's always the risk of you mistyping - and then being unable to decrypt when next time you enter the correct password.
Even dual entry of the password is not foolproof, as it's easy to make the same mistake twice. Also it's annoying to have to enter it twice every time...
Another reason is that it's well-known metaphor and should feel comfortable to use, and it allows for the app to remember the password for the duration of the session, reducing the need to retype it frequently.
If you want to send an encrypted file to someone else, you want to do so with a different password than the one you use to sign in to the app with.
You do this with the "File | Encrypt Copy For..." menu option. You will be prompted for a password and which files to encrypt with this password. Once they are encrypted like this, you can send them to the recipient.
To cancel a subscription during the trial period, or later, please visit the customer portal and follow the instructions.
Start by selecting the Buy | Manage Subscription menu option.
Enter your email address and click the "Send" button. You will receive an email with a link.
In your inbox you will find an email from Stripe.
Open the email and click the "Login to your customer portal" link.
Cancel your subscription by clicking the "Cancel plan" button.
Hard rule number one, that there is no way around is: If you lose your password, you lose data encrypted with that password. That is why you need to remember your password, and store a backup of it in a safe place, and why you need to type it several times the first time, and why you need to type it correctly to sign in to the app.
Since you need to remember your password in order to even sign in to the program, if you forget it, there's normally no way to sign in! (However, if you have a YubiKey configured, you can use that to sign in, it's a good backup.)
Since Xecrets Ez is strong encryption, with no back doors, there's no password recovery as such.
However, if you do find yourself locked out of the app, hopefully just because you've been testing it and forgot to make a note of the password, you can reset the password. Remember this will not make it possible to decrypt files encrypted with the old password. It will only make it possible to sign in to the app with a new password.
In the sign in dialog, hit the key combination Ctrl-Shift-I and follow the instructions.