Encrypting your most sensitive files and documents is a smart move, but if the encryption tools are too difficult to use, people won’t do it. Xecrets Ez Premium is incredibly easy to use, but behind its simple façade, it uses modern, high-powered encryption. This app builds on the same code base as AxCrypt Premium and now includes features that earlier versions skipped, such as generating passwords, securing entire folders, and encrypting blocks of text. With a lower price than AxCrypt and a fully functional free edition, Xecrets earns an Editors’ Choice award for encryption alongside AxCrypt.

What Is Encryption?

When Julius Caesar wanted to communicate securely with his military commands or with consuls Marcus Licinius Crassus and Pompeius Magnus, historians report that he encoded the message by replacing each letter with the letter three positions before it in the alphabet. “Pompeius Magnus” would become “Mljmbfrp Jxdkrp,” for example. Breaking that kind of cipher is a simple matter of analyzing letter frequencies, but it’s unlikely that Vercingetorix the Gaul and other enemies managed such a breakthrough.

With Caesar’s cipher, it’s easy to grasp the connection between the plaintext and the ciphertext. Caesar would have a tough time visualizing modern encryption algorithms. Their output bears no visible relationship to the data that went in, and cracking a modern encryption algorithm would take an impossibly long time (or a quantum computer from the future). The US Government's official encryption algorithm is Advanced Encryption Standard (AES). With a 448-bit key as opposed to AES's 256 bits, Bruce Schneier's Blowfish algorithm would be even tougher to crack.

Encryption systems that use the same key to encrypt and decrypt data are called symmetric; AES and Blowfish are examples. If you share a file, you must also find a secure way to share the key. Public Key Infrastructure (PKI) cryptography avoids that problem. In a PKI system, if I want to send you a file, I look up your public key and encrypt the file with it. You then use your private key to decrypt the file. Conversely, if I want to sign a document to prove that it comes from me and hasn't been modified in any way, I encrypt it with my private key. The fact that you can decrypt it with the public key proves it’s legit.

Where Did Xecrets Ez Come From?

In 2001, Swedish developer Svante Seleborg found that existing solutions for sharing confidential data over the internet were too complicated. To solve that problem, he developed his own encryption program, which he named AxCrypt. This program was wildly successful, first as an indie offering and later in a professional setting.

Twenty years later, Seleborg split from AxCrypt, citing differences in viewpoint on the company's future and the product. His current company, Axantum, offers Xecrets Ez as an open-source alternative to AxCrypt. The two programs are 100% compatible—encrypt with one, decrypt with the other.

“We're pretty proud of the architecture,” said Seleborg. “Even an average consumer will feel a little more secure knowing that there's open source code publicly available, should we for some reason cease operations… Also, the easily available open source means that the risk of major unknown vulnerabilities is less even if still not zero.”

Like AxCrypt, Xecrets relies on the government-standard AES-256 encryption algorithm. The Advanced Encryption Package lets you choose from 17 different encryption algorithms, while CryptoForge offers four, and the option to layer in more than one. For most users, these advanced choices are more baffling than beneficial.

How Much Does Xecrets Ez Premium Cost?

You can try Xecrets Ez for free. Just download the file and start using it. EncryptionSafe also offers a free edition that performs all essential encryption tasks, and Encrypto is entirely free. Decryption is always free with Xecrets Ez, so you don’t need to worry about imposing a financial burden if you send an encrypted message to a friend.

To get the full app with all premium features, you pay $15 per year. Yes, the website displays a price of 15 euros, but when you purchase it from the US, you receive the USD price. That’s substantially less than AxCrypt’s price of $3.92 per month, billed annually as $47. Once you install the free edition, you can opt for a free three-day trial of the premium edition, with no requirement to enter a credit card. Your license covers all the computers you use yourself, whether they run Windows, macOS, or Linux.

Price-wise, Xecrets is on the low end of encryption utilities that charge an annual subscription. EncryptUSB costs less, at $9.96 per year, but it’s not a general-purpose encryption tool. A NordLocker subscription costs $35.88 per year.

An annual subscription is common in the realm of antivirus or security suites, but many encryption tools come as a one-time purchase. You only pay again if you upgrade to a newer version. Prices can also vary widely. A one-time payment of $19.95 grants you five licenses for EncryptionSafe. Feature-laden Folder Lock runs $39.95. And you pay $59.95 for CryptoExpert.

Getting Started With Xecrets Ez

You can simply download Xecrets to your PC, Mac, or Linux system and start using it immediately. There’s no installer; the program is entirely self-contained. You could choose to keep it on a USB drive in your pocket and pull it out wherever you need encryption. The documentation highlights that Xecrets operates entirely on the local device, requiring no servers, an internet connection, or registration. AxCrypt has a mode called Always Offline that works in much the same way; however, some tasks, such as changing the master password, require an internet connection.

(Credit: Axantum/PCMag)

The first time you use Xecrets, you enter your email address and define a master password. This should be a strong, unique password, because it encrypts all your files. Not surprisingly, AxCrypt works similarly, although it requires you to respond to a verification email. EncryptionSafe also relies on one master password for all encrypted files.

The small, sparse main window features a simple menu and a small collection of buttons: Close all, Open, Encrypt, Decrypt, Paste, Premium, and Exit. The simple menu offers a broader range of features, though some are reserved for the Premium edition, which I’ll discuss below. The rest of the window is a drag-and-drop target for encrypting files.

Since the last time I checked this app, you can now optionally create additional user profiles. Each profile has its own master password, and files encrypted by one profile can’t be decrypted by another unless you actively share access. You might, for example, maintain one profile for your personal files and a different one for work files.

Using Xecrets couldn’t be simpler. Drop a file on the main window, and it vanishes, replaced by an encrypted version. Like AxCrypt, Xecrets uses the file extension .AXX for its encrypted files. With AxCrypt, Secure IT, Advanced Encryption Package, and CryptoForge, you can choose encryption options for a file from its right-click menu. As Xecrets doesn’t perform any installation or registration, it doesn’t automatically join the right-click menu, though the FAQs explain how you can associate .AXX files with Xecrets.

(Credit: Axantum/PCMag)

Like CryptoForge and EncryptionSafe, Xecrets overwrites the plaintext file with its encrypted equivalent rather than leaving a deleted copy subject to forensic recovery.

You have the option to securely delete any arbitrary file by choosing Delete Securely from the File menu. Old secure deletion utilities used to make a point of overwriting a file’s disk sectors multiple times. My Axantum contact explained that this doesn’t make sense with modern SSDs, so Xecrets just overwrites once with random data. Even on an old-fashioned spinning-disk hard drive, one overwrite pass is enough to foil software-based forensic recovery.

AxCrypt offers a similar secure deletion system. With Folder Lock and Secure IT, you get a more traditional multi-overwrite system. The Advanced Encryption Package allows techies to choose from a complex array of deletion algorithms, some of which are approved by various governments.

Steganos Safe and Folder Lock are among the apps that can shred a drive’s free space, effectively applying secure deletion to already deleted files.

You might expect that dragging an AXX file onto Xecrets would decrypt it, but nope. That’s a premium feature, as is pasting files into the app for decryption. And because Xecrets requires no installation, it also isn’t registered as the program in charge when you try to launch an AXX file. It’s easy enough to click the Decrypt button and select the file.

(Credit: Axantum/PCMag)

Sharing an encrypted file with another user is as simple as sharing the file and, separately, sharing the password through a different communication medium. There’s one small problem, though. All your files are encrypted using the master password by default, and you don’t want to share that. That’s where the Encrypt copy to share… feature comes in. This allows you to use a one-time password on the file you plan to share. You can also create an encrypted copy without overwriting the original. Premium users have the option to store such passwords for easy reuse.

If you receive an encrypted file from another user of Xecrets (or AxCrypt), you can either enter the associated password when you try to decrypt the file or enter it ahead of time by selecting Add decryption password… from the Edit menu. The password will remain active until you quit Xecrets or reboot. Premium users can choose to save such passwords in the app’s settings, which is handy if you regularly exchange encrypted files with someone.

Similar Products

Our Current Picks for The Best Encryption Software for 2026

AxCrypt Premium

4.5 Outstanding

Read Our Review

Xecrets Ez

4.5 Outstanding

Read Our Review

NordLocker

4.0 Excellent

Best DealSave 53%on NordLocker Premium

Buy It Now

NordLocker

Save 53%on NordLocker Premium

Read Our Review

AxCrypt offers a free edition called AxCrypt Viewer. You can decrypt files with it, but that’s all. CryptoForge and Secure IT likewise supply a free decrypt-only tool. Encrypto is completely free and allows you to encrypt and share files, each with its own password, on macOS or Windows devices. With EncryptionSafe, you get basic encryption and decryption for free, while paying customers add features like multi-factor authentication, secure sharing, and secure deletion. And, as noted, you can always encrypt and decrypt files with Xecrets Ez at no charge.

Password Changes and Wrapped Passwords

During my testing, I changed the master password. I was surprised to find that even after doing so, I could still decrypt files encrypted with the previous master. A chat with the creator of Xecrets Ez helped me understand the clever coding that goes on out of sight.

Earlier, I mentioned that all your files are encrypted with the master password, but that’s not entirely accurate. Xecrets generates a 4096-bit public/private key pair for internal use and a 256-bit random key for actual encryption. It encrypts that key using the password and also encrypts it with the public key, storing both encrypted versions right in the AXX file. This technique is called “wrapped keys.”

The upshot of this technique is that Xecrets Ez can decrypt a file using either the wrapped key based on your current password or the 4096-bit private key that you gained access to by logging in to the program. You can change that master password without losing access to existing encrypted files. In testing, I noted that the Suggest Password feature, which generates a pronounceable random password, is available within the password-change dialog even in the free edition.

(Credit: Axantum/PCMag)

AxCrypt works the same way. And just as with AxCrypt, you must be sure to either log out of Xecrets Ez or lock your desktop every time you step away from the desk. Otherwise, anyone sitting down in front of your computer could access those encrypted files. Protect your desktop with biometrics or a strong password, set Windows to log you out after a period of inactivity, and actively lock your PC by pressing the Windows+L keyboard shortcut when you step away.

New in the current version, you can lessen the possibility of snooping by setting Xecrets to exit after a specified period of inactivity. If you change from the default of no automatic exit to shutting down after five minutes of inactivity, you’ve seriously narrowed the window for a snoop to gain access.

(Credit: Axantum/PCMag)

Those using AxCrypt can go beyond the simplicity of built-in sharing by actively managing public and private keys. You can export your public key or import someone else’s private key. You can even export or import all the keys for your account. In reality, however, the average user will not typically get involved in PKI.

As noted earlier, EncryptionSafe also uses a single master password to encrypt all files. However, Xecrets allows you to change the master password while still accessing previously encrypted files. In contrast, a password change in EncryptionSafe requires it to decrypt every file and re-encrypt them with the new password.

With many other encryption utilities, each encrypted file uses its own password, and you’re responsible for remembering them all. Clearly, a password manager will be handy in that case. With Encrypto, you embed a password hint along with each file, which, you hope, will remind you of the actual password.

Premium Features

When you upgrade to a premium subscription, Xecrets Ez becomes easier to use. You can drop encrypted files onto the app to decrypt them, or use copy-and-paste instead of being forced to click 'Decrypt' and navigate to the file in question.

(Credit: Axantum/PCMag)

Editing an encrypted file with the free edition of Xecrets Ez requires several steps. First, you decrypt the file. Then, you make and save your changes. Finally, you encrypt the edited file. If you’ve paid the premium price, things get easier. Just drop the file onto Xecrets. The decrypted file opens in the appropriate editing apps, and when you save and close the file, Xecrets re-encrypts it seamlessly. This behavior is the default for AxCrypt.

The main window features a simple counter of open files, ensuring you don’t forget them. In case an editing program isn’t clear about whether it has finished, Xecrets includes a Close all button.

With the free version, you can select all files in a folder and drag them to encrypt them. However, to decrypt them, you must click "Decrypt" and navigate to that folder. A premium account lets you simply drag a folder to encrypt all its files or drag it again to decrypt them. If the folder contains a mix of encrypted and plaintext files, it toggles their status, decrypting the encrypted files and encrypting the plaintext files.

(Credit: Axantum/PCMag)

It’s all very well to encrypt a file’s contents, but if the name is “My Secret Plan for World Domination,” that may be giving away a bit too much. Choosing Rename Randomly from the File menu lets you select any AXX file and give it a random new name. It’s up to you to remember just what that name represents. But never fear—when you decrypt the file, it regains its original name. AxCrypt calls this feature Anonymous Rename.

Since my last review, you can now use Xecrets Ez to encrypt any block of text. Copy the encrypted text into an email or other message and transmit the password separately. Your recipient simply pastes the encrypted block into Xecrets Ez and uses the password to decrypt. Advanced Encryption Package and CryptoForge both offer similar text-block encryption.

(Credit: Axantum/PCMag)

Other Authentication Factors

The paid edition of Xecrets supports authentication by YubiKey, specifically YubiKey 5 or later. It relies on that version’s 2048-bit PIV (Personal Identity Verification) capability, so older YubiKeys won’t work, nor will other brands of hardware security keys.

(Credit: Axantum/PCMag)

Adding a YubiKey provides an additional method for unlocking Xecrets, but it does not constitute true multi-factor authentication (MFA). The master password will always unlock your encrypted files. In a standard MFA scenario, you’d need both the password and the security key. The Axantum website explains that in that scenario, losing your YubiKey would mean losing access to all your files.

NordLocker and Steganos Safe support MFA using Google Authenticator or a compatible authenticator app. So does EncryptionSafe, but only for paying customers. You can also use any FIDO-compatible hardware security key to authenticate with NordLocker. CryptoExpert and Advanced Encryption Package let you configure any thumb drive as a kind of authentication token.

Shamir’s Secret Sharing

Xecrets Ez works entirely on your local computer. Each time you log in, it verifies your master password, thereby unlocking the master encryption key, which is stored locally on your device. If you somehow forget that master password, you could be in trouble. One solution would be to tell the master password to a trusted partner or associate. Of course, that associate is now free to unlock and peruse all your encrypted documents.

Considering the situation from another perspective, perhaps your business has entrusted the CTO with the stewardship of encrypted documents. What happens when that CTO is abducted by aliens or suddenly quits?

Xecrets Ez now has a solution that makes recovery from a lost master password possible without making it too easy for others to gain access. It’s called Shamir’s Secret Sharing, and I’ve encountered it once before, as the recovery mechanism for email encryption winner PreVeil. Put simply, this system breaks up your decryption key (or other secret) into a fixed number of partial secrets, with a predefined, smaller number of those secrets needed to recover the original key. For example, in the CTO example, you might distribute partial secrets to five Board members and require three of them to recover a lost key.  

(Credit: Axantum/PCMag)

Using this feature is a snap. You specify the number of secret shares, from two to nine, and define how many of those are needed for recovery. The result is saved as an encrypted JSON file containing the secret shares. These can take the form of a series of words, a lengthy hexadecimal string, or a base 64 string. You now use Xecrets to securely share the partial secrets with the appropriate recipients.

In the rare event that you need to recover a master encryption key, you start by getting back those secrets from those holding them. Then you simply enter the secret shares, one at a time. Once you’ve filled in the required number of pieces, Xecrets Ez can recreate the master password (or other main secret).