ESET Online Help

Select the category
Select the topic


3DES (Triple DES)

3DES is a variant form of the DES (Data Encryption Standard) algorithm, originally developed by IBM in 1974. It uses 2 x 56-bit keys, giving an effective key length of 112 bits, and performs DES encryption three times using these keys.


The Advanced Encryption Standard (AES) algorithm was developed under the name Rijndael by Joan Daemen and Vincent Rijmen, Belgian Ph.D. cryptographers from the computer security and industrial cryptography labs at Universiteit Leuvenas. Rijndael was accepted in October 2000 as the AES, which replaces the Data Encryption Standard (DES) algorithm. ESET Endpoint Encryption supports AES with a key length of up to 256 bits.


Blowfish was developed in 1993 by Bruce Schneier, a cryptographer, computer security specialist and author of several books on general security topics, computer security and cryptography. Blowfish is a 64-bit block cipher with a single 128-bit encryption key.

Complete security

ESET Endpoint Encryption Full Disk Encryption (FDE) provides security for unintended and unexpected events, such as theft or loss of a computer, laptop or USB flash drive.

When used on your computer, your hard drive, including the free space, is protected while the system is shut down. You must first enter pre-boot security before starting from this state.

All data remains encrypted if the drive is removed and read from another system.

ESET Endpoint Encryption for removable media also provides FDE for USB drives.

Data in transit versus Data at rest

Data in transit is information shared from one user to another via a trusted (private) network or an untrusted (public) network, such as the internet, that can be protected with some form of granular encryption.

Data at rest is the information stored on your hard drive, backup drive or removable media when not in use.

ESET Endpoint Encryption Reader

The ESET Endpoint Encryption Reader is a free utility you can download. ESET Endpoint Encryption Reader allows anyone, regardless of whether or not they are a ESET Endpoint Encryption customer, to decrypt any email, file or text that has been encrypted with ESET Endpoint Encryption using a password.

The ESET Endpoint Encryption Reader utility is generally used on machines where ESET Endpoint Encryption is not installed.

To decrypt an encrypted message, copy/paste the encrypted email body or text into the Reader and click the Decrypt button. Then, provide the password used to encrypt the text as decryption authentication.

To decrypt an encrypted file, save the encrypted file to your machine. When saved, drag the encrypted file into the reader window, and you will be prompted for the password to decrypt it.

The ESET Endpoint Encryption Reader is only for standalone files, and does not support archives.

Files encrypted using a Key-File are not supported. Only files encrypted using the password are supported.

See detailed information on how to Encrypt or decrypt a document or email using the ESET Endpoint Encryption Reader.

Full Disk Encryption (FDE)

When using FDE to encrypt a computer disk, ESET Endpoint Encryption uses the Advanced Encryption Standard (AES) algorithm with a 256-bit key. This encryption is generated when FDE is started.

Granular encryption

Granular encryption refers to the protection of individual items like files, folders and emails.

File and email encryption allows users to share data and collaborate securely when data is in transit.

ESET Endpoint Encryption can encrypt folders on your hard drive or removable media. ESET Endpoint Encryption can also create encrypted virtual disks and compressed archives.

When you are logged in to ESET Endpoint Encryption, you can transparently access the files within encrypted folders and virtual disks.

Only encrypted data is protected if your computer hard drive is removed or removable media is read from another system.

Managed users

If you are a managed user, you can only view encryption keys that have been made available to you by your ESET Endpoint Encryption Server Administrator. Administrator can create new keys and allocate them via ESET Endpoint Encryption Server.

Password encryption

Password encryption uses a 192-bit AES key, not to be confused with Removable Media Encryption (RME).

Removable Media Encryption (RME)

All data on removable media is encrypted by the AES algorithm with a 256-bit key, whether using Full Disk Encryption or File and Folder RME.

When you encrypt removable media, you select an encryption key from key-file using either AES, 3DES or Blowfish algorithms. An AES 256-bit key that will encrypt the data is then derived from the key you select. We recommend to use an encryption key to generate the AES 256-bit key. This method is more secure than a password or a pass-phrase as it and enables ESET Endpoint Encryption to provide seamless access to data on encrypted removable media when the end-use is logged into the key file.