Cost-effective, Enterprise-grade Encryption for Businesses of all sizes

When an employee or contractor leaves the organisation, their access can be disabled in the Management Console, stopping them from logging in. This also prevents them from receiving the encryption keys and decrypting files. Data remains encrypted and therefore unusable to them.

SmartEncrypt uses the AES encryption algorithm with a 32-byte key. This is commonly referred to as AES-256. To become the Advanced Encryption Standard (AES), the current algorithm underwent comprehensive testing and scrutiny from cryptographers around the globe - and is now the most widely used symmetric encryption algorithm.

SmartEncrypt has no size limits for encryption, and is limited only by available hard disk space as encrypted files are somewhat larger than their original unencrypted versions. Large files however, will take longer to encrypt and decrypt. The Protect and Share feature has a recommended size limit of 250MB per file.

Single Sign-On can be configured for use with the SmartEncrypt desktop client and Azure AD. This will allow users to login to their device and not be prompted for a username and password for SmartEncrypt to decrypt the files. Please note that even with Single Sign-On enabled, SmartEncrypt administrators will still need to sign in to the SmartEncrypt Management Console with their SmartEncrypt console credentials.

We do not have access to any customer data. SmartEncrypt is data protection as a service rather than a cloud storage provider. We never transmit or store your files so we can never access your data. You have full control of your data and we only pass the encryption keys to your device on successful login authentication.

When updating the Windows desktop client to the latest version, you may encounter the following error. This is due to client driver files being used by Windows event log, preventing the update from being installed.

To release the files and ensure the upgrade completes successfully, you will need to:

1. Restart your system;
2. Run the installer a second time, either from the direct link or from the System Tray icon context menu as shown;
   
3. Restart your system if required after running the installed a second time.

If you have recently installed or upgraded SmartEncrypt without restarting your device, you will likely receive the following error when you try to start the software.

This occurs when a restart of your device is required to correctly complete the installation. Once you restart your device, SmartEncrypt should relaunch without error on startup.

Log files capture all internal events while SmartEncrypt is running. Technical support may ask you to send log files to help us troubleshoot issues such as unexpected behaviour, bugs and incompatibilities with other software.

The SmartEncrypt clients have an option in the user interface for bundling the log files in one compressed archive file and sending the packaged files to technical support. This option makes it easy to supply us with the latest log files.

Sending logs via the SmartEncrypt client for Windows

1. Locate the SmartEncrypt icon in the system tray and right-click to reveal the context menu. How this menu appears will depend on your user type and whether or not you are logged into the client.
2. Choose the SmartEncrypt Support menu option
   
3. If you are logged in, click the Send logs button. If you are not logged in, first enter the email address associated with your SmartEncrypt user account and then click Send Logs button
   
4. The logs may take some time to compile and send, depending on the size of the logs and the speed of your internet connection, however you can leave this window open to continue uploading in the background.

Good to know...

1. You do not need to change the logging level unless instructed by support. In most cases, the default Warning level is sufficient
2. If tech support does ask you to change the logging level, remember to change it back again once you've provided your logs.

Sending logs manually

If you are unable to send the logs via the client interface, it is possible to send the compressed log file either via email or our custom upload page. To do this:

1. Navigate to your Documents folder in File Explorer
2. Locate the log archive - it will be of a format similar to the following. If you have more than one file, choose the latest one unless instructed otherwise.
3. In your web browser, go to https://console.smartencrypt.com/send/logs
4. Enter your email address and attach the log archive you located in step 2.
   
5. Click SUBMIT to start the upload. You can move to another browser tab while the file is uploading. It will depend on your internet connection speed and the size of the log archive as to how long the upload takes.
6. If you are still unable to upload the file successfully, please contact technical support for further assistance.

Why have I been logged out of SmartEncrypt?

In order to protect your encrypted files, the SmartEncrypt software regularly verifies whether or not you are authorised to access your files against the remote server. If you are disconnected from the internet for an extended period, the software is no longer able to complete the re-verification process and the current session is terminated.

This precaution ensures encrypted files are protected in the event a device is left unattended for any reason. When you are logged out of the software, local copies of encryption keys are removed, so files cannot be accessed until you are logged in again.

Manual login

If you use your email address and a password to log in, simply click on the Close button to dismiss the SmartEncrypt Login Expired notification dialog and enter your username (email address) and password as you usually would.

SSO login

For SSO users, click on the Login button to automatically log in using your previously configured company credentials

Good to know...

1. When you leave your device so that it goes into sleep mode, it loses connection to the internet, which will cause your session to time out.
2. Reauthenticating refreshes your access to any encryption keys assigned to you

Even if you have the correct encryption key, it is not possible to use web browsers such as Google Chrome and Microsoft Edge to view encrypted files. This is because the built-in PDF viewer in web browsers are not able to view protected PDF files.

The way around this is to download the file and configure your browser to open PDF files with different PDF viewer software, such as Adobe Acrobat Reader.

Microsoft Edge

When trying to open an encrypted PDF file with the Microsoft Edge PDF reader, you will likely encounter an error similar to that shown below.

Good to know

1. In Windows 10, Microsoft Edge is the default PDF reader app and handles PDF associations.
2. You might also want to stop Microsoft Edge from being your default PDF viewer in order to switch to an external application like Adobe Reader more permanently.

To disable Microsoft Edge from being the default PDF viewer app:

1. Open Settings
2. Click on Apps
3. Click on Default apps
4. Click the Choose default app by file type option as shown
5. Click the current default app for the .pdf file format and select the app you want to make the new default

Good to know

1. You can also change the default app to open PDF documents by using the:
   1. Set the default by app option in settings, or
   2. Choose another app option from the Windows File Explorer content menu

Google Chrome

When trying to open an encrypted PDF file in Google Chrome with the built-in Chrome PDF viewer, you will encounter a "Failed to load PDF document" error as shown.

The easiest way to do configure Google Chrome to use an alternative PDF viewer is as follows.After downloading the PDF document:

1. Click on the arrow next to the file in the download bar to get additional options
2. Select "Always open with system viewer"

PDF files will now open immediately after downloading in the PDF viewer software you have installed.

Only certain types of users have access to the SmartEncrypt Management Console, these being:

1. System Administrators;
2. General Administrators; and
3. Helpdesk Users (Read-only)

Standard Users have SmartEncrypt client access only and will encounter an Unauthorized Access error when trying to log into the Management Console.

MYOB PDF Manager uses a licence file on a network to track instances of the software used in real-time. Due to the way in which SmartEncrypt third-party libraries work, SmartEncrypt installation on Windows machines causes a slight change in behaviour, which prevents PDF Manager from launching.To resolve this issue, there are a number of registry updates that need to be applied to the SmartEncrypt

To add MYOB PDF Manager support:

1. Ensure the device is running the latest version of the SmartEncrypt desktop client for Windows
2. Download the zip file attached to this article and extract
3. Exit the SmartEncrypt software
4. Run the extracted registry file on affected machines to apply the required registry updates
5. Restart the SmartEncrypt software

Good to know...

1. Version 1.7.1212 or later of the SmartEncrypt desktop client for Windows is required
2. For best results, ensure that the SmartEncrypt software is not running applying registry updates

If you try to encrypt files or folder in some locations, you may encounter the following error

This occurs when the user does not have permission to encrypt files for the given location because:

1. there is an existing encryption rule active for the location; or
2. the location is shared (such as a network share, or SharePoint location synced to OneDrive, etc)

Shared locations may only be encrypted by an Administrator by:

1. Creating an encryption rule for the location in the Management Console; or
2. Using the desktop client and choosing the "Set as Company Encryption Rule" option

In SharePoint Online, encrypted files are depicted by the key name in additional column. In some cases, you may notice that the same location has files encrypted with different keys. There are reason why this may occur.

1. The encryption key was renamed in the Management Console after the encryption rule was created.

   When this happens, existing files will display the original key name until such time that they are updated. New or modiled files will display the key with its new name. This has no impact on encryption rule functionality, or who can access the file as the key remains unchanged, it is only the name that chanes whic servers as a descriptor only.

   

2. The location does not have an encryption rule in place, so no forced re-encryption of files

   When an encrytion rule is deleted via the Management Console, files in the location that are already encrypted remain encrypted until they are decrypted manually. When there is no encryption rule in place, any encrypted files added to the location will remain encrypted with their original key rather than re-encrypted to align with encryption rules.

   

3. The encryption key does not exist in the system so the file cannot be re-encrypted with the correct key

   When a file iencrypted with key A, is uploaded to a location governed by an encryption rule using key B, the default behaviour is to re-encrypt the file with key B in accordance with the encryption rule. However, if the encryption key A no longer exists, this process cannot occur as the file cannot be decrypted with key A before being re-encrypted with key B per the encryption rule.

Transport Layer Security (TLS) 1.0 and 1.1 are security protocols for establishing encryption channels over computer networks. Due to the deprecation and disablement of TLS1.0 and 1.1 across Microsoft's entire product stack, SmartEncryp's SSO login may no longer work if your environment is configured to continue relying on these protocols due to its reliance on the TLS 1.2 security protocol.

Because SmartEncrypt relies on TLS1.2, the SchUseStrongCrypto property needs to be enabled in the Windows registry to include TLS 1.2 as one of the default security protocols for the .NET Framework .

To do this:

1. In Registry Editor, browse to the following registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319
2. Highlight "v4.0.30319"
3. Right click > New > DWORD (32-bit) Value
4. Name it "SchUseStrongCrypto"
5. Assign a Hexadecimal value of 1

You should end up with this (you may need to restart for changes to take effect): [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319] "SchUseStrongCrypto" = dword:00000001