When comparing Email an encrypted .EXE file (AxCrypt) vs Email + PGP, the Slant community recommends Email + PGP for most people. In the question“What are the best ways to transmit sensitive information over the Internet?” Email + PGP is ranked 1st while Email an encrypted .EXE file (AxCrypt) is ranked 13th. The most important reason people chose Email + PGP is:
The original version of PGP is no longer freeware since it was aquired by Symantec, but the source code can still be [downloaded](http://www.symantec.com/connect/downloads/symantec-pgp-desktop-peer-review-source-code) for peer review.
Ranked in these QuestionsQuestion Ranking
Pro Free and open source
AxCrypt is free and open source. This is beneficial because anyone can examine the source code and check for errors.
Pro No recipient software needed if emailed as .EXE.TXT
After selecting "Encrypt copy to .EXE," rename the file to ".EXE.TXT" in order to bypass email provider restrictions on sending .EXE files. Windows will then warn you that the file will become unusable but ignore it and continue to email the file. All the recipient needs to do upon arrival is rename the file back to .EXE and ignore the Windows warning message. Then simply open the self extracting file and type in the agreed upon password between the sender and recipient. This is a great advantage of AxCrypt because it does not force your recipient to download any software.
Pro Available at right click
AxCrypt is an extremely convenient encryption program because it is always available at a single right click.
Pro Password protected and optional key-file
AxCrypt encrypts each file with a passphrase and an optional key-file. Transferring a key-file (that AxCrypt can generate for you) on a separate medium and the password on another medium to your recipient is the most secure option. Although a strong password alone will do. The only caveat is that the password and key file must be transferred to your recipient and the most secure way to transfer it is physically.
Pro Once created, does not depend on other software
As long as you have the password or keyfile to your encrypted file then you can still access it. This is beneficial if the software ever becomes unsupported.
Pro Code available for audit
The original version of PGP is no longer freeware since it was aquired by Symantec, but the source code can still be downloaded for peer review.
Pro Many implementations available
PGP is a protocol and not an application per se. It offers a standard on which applications can implement to offer full encryption.
Pro No need to exchange private keys
PGP uses asymmetric encryption. One user generates 2 keys - private and public. Another user uses the public key to encrypt the message that can then be decrypted only using first users's private key.
Pro Can be integrated with multiple email clients
The receiver has to be running Microsoft Windows (or a binary compatible system, like Wine).
Con Opening an .EXE file may worry some recipients
Some recipients will be cautious of opening an .EXE and may end up ignoring it. It is a good idea to inform them in advance that you will be sending an .EXE and it is safe. Another precaution is to sign the email so the recipient knows that is you.
Con Anti-virus will likely block it
Most anti-virus block or strongly warn again executable in emails. You'll likely have to rename the file and so will the end user.
Con Untrusted / not signed
Unless it's signed (i.e., you can somehow validate the signature of the attached EXE file via another method) the EXE may actually be compromized (e.g., man in the middle) and do anything on your machine as your run it.
Con AES-128 encryption
AES-128 encryption is still extremely secure but it is a lower and more outdated level of protection than what other encryption programs such as 7-Zip offer.
Con Can be daunting to set up
If your email client doesn't support PGP encryption, decrypting e-mails ca be dauting, especially if you want to stay away from command line.
Con Your contacts also need PGP
It's difficult to make all your contacts use PGP. Not everyone is 'privacy focused' and willing to learn/implement PGP.