EnCloak: Frequently asked questions
What kind of files is EnCloak intended for?
EnCloak is primarily designed to secure documents. Whilst there is no limitation on file types, larger files (e.g., video) will take much longer to process. The maximum capacity of 2GB/7GB (model dependent) is ample for many documents but less so for images and videos.
Why is EnCloak not a USB 3.0 device?
Data are secured at many levels within each EnCloak device. This takes a lot of processing time, so the additional transfer speeds offered by USB 3.0 would not improve performance over USB 2.0. As most documents are small (a few MB) the performance is more than adequate. We will, however, migrate to using USB-C connectors on future hardware revisions to make the devices smaller.
If an EnCloak device is discrete, why is there a logo on it?
The logo is embossed and cannot be seen from a distance; it’s a lot less visible than a keypad (as used on other encryption devices). Cases without logo could be supplied for volume applications. And as we move to USB-C connectors the physical size will reduce too.
Can multiple files be encrypted/decrypted simultaneously?
Yes. Though processing time will be noticeable for a large number of files.
How do you control an EnCloak device without software or physical buttons?
All configuration and control is handled through text files and standard file management tools such as renaming, moving, deleting, etc. In addition, EnCloak makes use of the ‘Drive Eject’ mechanism as a signal to commence certain tasks such as encrypting a batch of files or changing a password.
How do you enter credentials into EnCloak?
It’s a two-stage process. A text file with a predefined name must be created or copied onto your EnCloak AND that file must contain your passphrase. You may create it each time or copy it from a known location on your computer (more convenient but less secure).
What happens if my EnCloak HIDE is lost, fails, or I forget my passphrase?
As with any encrypted drive you should consider contingency in the case of loss or failure. For back-up purposes, a second HIDE could be regularly synced and stored in a safe place. For security reasons, EnCloak HIDE will completely erase itself back to factory defaults (with different keys) following several unsuccessful access attempts. You should retain a secure note of your credentials.
I only use EnCloak CONNECT for my personal files. What happens if my device is lost, fails, or I forget my passphrase?
The EnCloak CONNECT is highly secure: files may only be decrypted by the original (or a group) device. In the event of loss or failure you will lose access to previously encrypted files – which could prove catastrophic if unencrypted versions are not stored elsewhere! Whilst this may be desirable for certain applications, you should consider contingency. To enhance security, your device is configured to reset itself to a factory default state after several unsuccessful access attempts; the device will be useable once again, but you’ll be unable to access previously encrypted files because fresh keys are generated.
A second CONNECT device could be purchased for recovery purposes. This should be grouped together with the main device and retained in a secure location together with a note of your credentials.
We have multiple grouped devices. What happens if an EnCloak CONNECT is lost, fails, or the passphrase forgotten?
EnCloak CONNECT devices are highly secure. However encrypted files are accessible by all group members, so in the event of loss or failure you should not lose any data. Devices are secured by passphrase, file name and potential lockout after several attempts. In the case of a forgotten password, the user will have to pass the requisite number of attempts until a factory reset occurs. Replacements may be purchased for lost or failed devices. A new or rest device simply needs to be invited to join the group.
In the case of a lost (or unreturned device by a departing team member) it is prudent to create a new replacement group to protect any future encrypted files. The new group will still be able to access files encrypted for the previous group. Credentials should obviously be updated to restrict access to wherever the encrypted files are stored.
Can I add EnCloak CONNECT functionality to my HIDE device (or vice-versa)?
Unfortunately, this is not possible.
Can EnCloak group users be anonymous?
Absolutely! Because there is no underlying cloud management service all team members could be completely anonymous and, for example, share encrypted files through a simple Dropbox.
Do EnCloak devices require an internal battery like other encrypted drives?
EnCloak devices do not require or contain a battery.
What is the LED for?
The RGB LED indicates status during operations. For example, you should not remove the device while it is indicating that files are still being processed.
Where are EnCloak devices designed and manufactured?
In the UK.
How can I be assured there are no backdoors?
There are no backdoors within EnCloak. There is no direct access to keys during manufacture; they are dynamically generated by the hardware. Once in use, groups are created by end-users themselves with fresh keys being generated whenever this occurs. We cannot therefore provide access or keys to any authority. The only potential weak link is if the EnCloak CONNECT group invite file and associated passphrase were obtained by an unintended recipient; the invite file should, ideally, be discarded by all members after they have joined the group. EnCloak PRO introduces a further level of security via its hardware pairing feature.
Is EnCloak waterproof?
The current hardware is not designed to be water or dust proof.
Does EnCloak conform to any security standards?
All encryption is AES-256. We have been meticulous in the design of EnCloak and considered embedded security at every level. We have yet to submit devices for any formal testing but welcome any potential users who wish to conduct PEN testing.
Are EnCloak devices upgradeable?
Yes. They are flash upgradeable via USB using a secure method.
What’s the difference between EnCloak HIDE and EnCloak CONNECT?
EnCloak HIDE is a simple to use flash drive that also has a hidden, encrypted partition. It’s discrete and does not require any software or keypads to operate. The encryption is drive level.
EnCloak CONNECT is also flash drive, that additionally offers a hidden mode dedicated to highly secure encryption of files that may only be decrypted by other CONNECT devices within a group. The encryption is individual file level. Most importantly, it’s not a storage device; files are not retained once unplugged. Secured files are intended to be externally stored & shared by any method.
How reliable is EnCloak?
Extremely. All devices utilise industrial grade managed eMMC memory for enhanced robustness, endurance and performance.
Contact us if you have any questions or would like to know more.