EnCloak: Frequently asked questions

Data are secured at many levels within each EnCloak device. This takes a lot of processing time, so the additional transfer speeds offered by USB 3.0 would not improve performance over USB 2.0. As most documents are small (a few MB) the performance is more than adequate. We will, however, migrate to using USB-C connectors on future hardware revisions to make the devices smaller.

The logo is embossed and cannot be seen from a distance; it’s a lot less visible than a keypad (as used on other encryption devices). Cases without logo could be supplied for volume applications. And as we move to USB-C connectors the physical size will reduce too.

Yes. Though processing time will be noticeable for a large number of files.

All configuration and control is handled through text files and standard file management tools such as renaming, moving, deleting, etc. In addition, EnCloak makes use of the ‘Drive Eject’ mechanism as a signal to commence certain tasks such as encrypting a batch of files or changing a password.

It’s a two-stage process. A text file with a predefined name must be created or copied onto your EnCloak AND that file must contain your passphrase. You may create it each time or copy it from a known location on your computer (more convenient but less secure).

As with any encrypted drive you should consider contingency in the case of loss or failure. For back-up purposes, a second HIDE could be regularly synced and stored in a safe place. For security reasons, EnCloak HIDE will completely erase itself back to factory defaults (with different keys) following several unsuccessful access attempts. You should retain a secure note of your credentials.

The EnCloak CONNECT is highly secure: files may only be decrypted by the original (or a group) device. In the event of loss or failure you will lose access to previously encrypted files – which could prove catastrophic if unencrypted versions are not stored elsewhere! Whilst this may be desirable for certain applications, you should consider contingency. To enhance security, your device is configured to reset itself to a factory default state after several unsuccessful access attempts; the device will be useable once again, but you’ll be unable to access previously encrypted files because fresh keys are generated.

A second CONNECT device could be purchased for recovery purposes. This should be grouped together with the main device and retained in a secure location together with a note of your credentials.

EnCloak CONNECT devices are highly secure. However encrypted files are accessible by all group members, so in the event of loss or failure you should not lose any data. Devices are secured by passphrase, file name and potential lockout after several attempts. In the case of a forgotten password, the user will have to pass the requisite number of attempts until a factory reset occurs. Replacements may be purchased for lost or failed devices. A new or rest device simply needs to be invited to join the group.

In the case of a lost (or unreturned device by a departing team member) it is prudent to create a new replacement group to protect any future encrypted files. The new group will still be able to access files encrypted for the previous group. Credentials should obviously be updated to restrict access to wherever the encrypted files are stored.

Unfortunately, this is not possible.

Absolutely! Because there is no underlying cloud management service all team members could be completely anonymous and, for example, share encrypted files through a simple Dropbox.

EnCloak devices do not require or contain a battery.

The RGB LED indicates status during operations. For example, you should not remove the device while it is indicating that files are still being processed.

In the UK.

There are no backdoors within EnCloak. There is no direct access to keys during manufacture; they are dynamically generated by the hardware. Once in use, groups are created by end-users themselves with fresh keys being generated whenever this occurs. We cannot therefore provide access or keys to any authority. The only potential weak link is if the EnCloak CONNECT group invite file and associated passphrase were obtained by an unintended recipient; the invite file should, ideally, be discarded by all members after they have joined the group. EnCloak PRO introduces a further level of security via its hardware pairing feature.

The current hardware is not designed to be water or dust proof.

All encryption is AES-256. We have been meticulous in the design of EnCloak and considered embedded security at every level. We have yet to submit devices for any formal testing but welcome any potential users who wish to conduct PEN testing.

Yes. They are flash upgradeable via USB using a secure method.

EnCloak HIDE is a simple to use flash drive that also has a hidden, encrypted partition. It’s discrete and does not require any software or keypads to operate. The encryption is drive level.

EnCloak CONNECT is also flash drive, that additionally offers a hidden mode dedicated to highly secure encryption of files that may only be decrypted by other CONNECT devices within a group. The encryption is individual file level. Most importantly, it’s not a storage device; files are not retained once unplugged. Secured files are intended to be externally stored & shared by any method.

Extremely. All devices utilise industrial grade managed eMMC memory for enhanced robustness, endurance and performance.