Crypt4 goes beyond the "part-time" protection provided by HTTPS/SSL. When data is "at rest" (in storage on servers, waiting for requests) and HTTPS/SSL is not protecting it, crypt4 is still effective. Crypt4 provides security in the face of several attacks where HTTPS/SSL can fail, such as temporary server write access (trojaning), DNS spoofing, and any Man-in-the-middle attacks with proxies or forged SSL certificates. Even in the case that an attacker manages to thwart access control at a server (i.e. a data breach), the crypt4 encrypted data remains private, safely out of the reach of anyone who does not have the decryption key.
Crypt4's strong security rests on the secrecy and length of keys, not the secrecy of the underlying algorithms (which are PBKDF1, HMAC-SHA1, and ARC4.) Redistribution of crypt4 is controlled by the Export Administration Regulations (EAR) of the U.S.A.
Crypt4 will encrypt any file (binary or text) adding a descriptive, human-readable header to the base64, arc-4 encrypted body. The plain text header contains your copyright notice and anti-circumvention warnings, and the text format enables easy inspection and confirmation that the data was encrypted and digitally signed with crypt4. Other cryptographic formats do not provide these benefits. With proper use, crypt4 is a "technological protection measure" against unauthorized access and copying as defined by Digital Millennium Copyright Act of the U.S.A.
Crypt4 is fast and efficient on the web and on the desktop. On the desktop, a helper application handles data transfer and security. It contacts a publishing server over HTTPs, verifies SSL credentials, and uses digitally signed file manifests to compare against existing files. It conserves bandwidth and downloads only what has changed, and maintains files on disk in crypt4 format, decrypting only for trusted applications.