Privacy Blog

"Friends don’t let friends get spied on.' – Richard Stallman, President of the Free Software Foundation and longtime advocate of privacy in technology.

Hands On with the Aegis Secure Key 3z, a 100% Hardware-Based Flash Drive

Do you have some information, pictures, maps, databases, or other digital items that you would like to keep secret? Maybe it is your state lottery numbers that you play every week. Perhaps it is last year’s income tax return. Then again, you might have secret plans for your company’s new product that is under development. Perhaps it is the contact information for your bookie. Maybe you want to keep something secret when passing through Customs and Immigration at some country’s port of entry. How about the Christmas gifts you might purchase for your spouse?

Whatever the information, you can store it in encrypted files or folders on your computer’s hard drive. If you want the information to be portable so that you can access it from a computer at the office, a different computer at home, and from your laptop computer when traveling, storing the information on an encrypted flash drive might be a better solution.

Creating encrypted flash drives is not difficult. In fact, there are many different ways of doing that on Linux, Windows, or Macintosh computers. See for a list of articles describing encryption methods. The difficulty involved and the security of the encryption varies widely, depending upon which encryption product you use to create the encrypted files or folders.

Another method is to purchase a 100% hardware-based flash drive that has encryption capabilities already built-in. The phrase “100% hardware-based” means that the device is not dependent upon encryption software. Instead, the encryption method is built into the hardware of the device. These 100% hardware-based devices usually have built-in keypads or some similar method for entering encryption codes. The result is that they cannot be “cracked” by software alone in the method that most software-encrypted flash drives can be decoded. Most of the commercially-built, 100% hardware-based encrypted flash drives have very heavy-duty encryption that has passed high-level security audits.

In short, I trust the commercially-produced, special-purpose encrypted flash drives much more than I do a standard flash drive that has been encrypted by some off-the-shelf, general-purpose encryption software. A super-cautious person could even encrypt the secret files by using encryption software, then storing the encrypted files in a 100% hardware-based encrypted flash drive. The result is “suspenders and belt” encryption: everything is doubly encrypted for extreme security.

This week I purchased and started using an Aegis Secure Key 3z 100% hardware-based flash drive. I have only used it a few times so far, but I am very impressed with it.

The Aegis Secure Key 3z looks like a normal flash drive with two exceptions: (1.) it is longer than most other flash drives, and (2.) it has a keypad built into the device for entering various keys or passwords to obtain access (For simplicity, I will refer to these access keys/passwords as PIN codes.). Of course, it is as important as ever to create a complex PIN code that would be difficult for unauthorized people to guess. In short, once the flash drive has been set up with a PIN code and information has been stored within the Aegis Secure Key 3z, the user must enter the PIN code to unlock the flash drive BEFORE PLUGGING IT INTO THE COMPUTER. If the correct key is not entered first, the Aegis Secure Key 3z remains dead: the computer won’t even see the flash drive in Windows Explorer or Macintosh Finder or any other program. In other words, it will be useless unless someone enters the correct PIN code before inserting it into the computer’s USB connector.

The first PIN code created is the Administrator’s code. Then he or she may make individual PIN codes for anyone else who will be using the Aegis Secure Key 3z. The individual users can only see or access their own files; they cannot see the files of other users that are stored on the device. However, the Administrator can see everyone’s files.

Once the Aegis Secure Key 3z has a valid PIN code entered manually on its keypad, it can be inserted into almost any Windows or Macintosh computer and used like any other flash drive. Files can be saved, read, deleted, or modified in exactly the same manner as is done with other flash drives. Once the Aegis Secure Key 3z is removed from the computer’s USB connector and power is lost, the flash drive becomes locked. It cannot be used again until someone enters a valid PIN code on the device’s keypad. As always, users should never leave the drive in an unattended computer, just as they should remove the flash drive as soon as they’re done with it.

This solves a problem with lost flash drives. In the past, I have had flash drives mysteriously disappear. I swear they fall out of my pocket! If recovered by someone else, that person has full access to all the information on an unencrypted flash drive. By using an encrypted flash drive, such as the Aegis Secure Key 3z, the finder of the flash drive is still unable to read the data.

With a conventional flash drive, the person who finds the flash drive could at least erase the drive and re-use it for his or her own purposes. With the Aegis Secure Key 3z, even erasing the drive is impossible without first entering the required PIN code.

Another option is that multiple user PIN codes can be defined. This is useful when one flash drive is to be shared amongst several users, such as everyone in a department at the office. Another use might be to have different access keys for different projects. For instance, a PIN code of 78176287 might be needed to access the secret business plans of your employer.

You probably can think of other reasons for using multiple PIN codes.

When configuring the Aegis Secure Key 3z for the first time, a master Administrator’s PIN code needs to be created. The Administrator’s PIN code allows access to all files stored on the flash drive and also allows for creation and deletion of user PIN codes.

For more information about the Aegis Secure Key 3z, look at the device’s Quick Start Guide at:

The Aegis Secure Key 3z is available in different storage sizes: 8 gigabytes, 16 gigabytes, 32 gigabytes, 64 gigabytes, or 128 gigabytes. Prices vary from $79 US for the 8 gigabyte encrypted flash drive up to $199 US for the 128 gigabyte version, if purchased directly from the manufacturer. I found prices were a bit cheaper on Amazon at

It is also a USB 3.0/3.1 device, meaning it can copy data to and from the flash drive at very high speeds if it is connector to a USB 3.0/3.1 connector on the computer. It is also backward-compatible with the older USB 2.0 connections but obviously will operate at USB 2.0 speeds in that case.

The Aegis Secure Key 3z is reportedly vey secure. According to the manufacturer’s web site:

“FIPS 140-2 Level 3

“Meets the U.S. government standards for information technology and computer security. NIST FIPS 140 is the cryptography standard program required by the US federal government for protection of sensitive data. The Aegis Secure Key’s FIPS 140-2 validation covers 11 areas of its cryptographic security system, including physical security, cryptographic key management and design integrity. Available in four levels, the Aegis Secure Key’s FIPS 140-2 Level 3 validation encompasses both the Aegis Secure Key’s physical tamper-resistant features as well as its identity-based authentication. Tested and validated by the National Institute of Standards and Technology (NIST) for use by the Federal governments of the USA, Canada and others, the Aegis Secure Key 3z is based on Apricorn’s FIPS 140-2 Level 3 validated encryption module as indicated by certificate #2824. The Secure Key’s security policy is located on the NIST site at the following link. The epoxy coated boundary includes all encryption functions and all Critical Security Parameters (CSPs) such as PIN storage, encryption key generation and storage, random number and seed generators, all firmware storage, and device storage. The FIPS module is a complete encryption system, and all CSPs never leave the boundary and are never shared with a host system.”

I was able to set up the needed Administrator’s PIN number within a minute or so by using the built-in keypad. However, if a corporation or some other organization needs to configure many different devices, a $99 (US) Aegis Configurator will configure up to 10 Aegis Secure Key 3z devices at a time, a great time-saver for mass deployments. Unfortunately, the Aegis Configurator only works with Windows 7, 8, or 10. There is no Macintosh version of the Aegis Configurator. However, once configured, either manually or with the Aegis Configurator, the flash drives will work on either Windows or Macintosh systems.

Once unlocked with a PIN code and then inserted into a computer’s USB connector, the Aegis Secure Key 3z works like any other flash drive. The one big difference that I like is that a lost or stolen Aegis Secure Key 3z flash drive cannot have its information read by anyone who does not possess a valid PIN code for the device.

The Aegis Secure Key 3z is sold by Apricon. The same company sells a number of highly-secure flash drives and external disk drives. You can learn more about the company’s security products at:

I purchased my Aegis Secure Key 3z device from Amazon at and, as an Amazon Prime customer, I received two-day shipping.

How important is your private information?

Categories: Hardware

4 replies

  1. I assume it has a battery. What if the battery is dead?


  2. I assume that you can replace the battery if it fails completely due to being broken or something in a few years. I mean dead as in not accepting a charge from the USB port. Also is this device protected from high voltage spikes that would kill it otherwise?? Might be wise to have.


    • The battery is rechargeable and gets recharged every time it is plugged into a usb socket. Even if the battery is completely discharged, plugging it in will bring it back to life within a minute or two. However, it should be left in for a few hours to charge completely.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.