Cryptography

What is Cryptography (data encryption/decryption)

Encryption is a mechanism that protects your valuable information, such as your documents, pictures, or online transactions, from unwanted people accessing or changing it. With all encryption tools, you need to provide an encryption password (or key), which will be used by the tool to scramble the data so that no one can read it. The only way to "unscramble" the data is to use the same tool and provide the same key you used when you encrypted it. In some cases you can choose a password that is meaningful to you. You must safely guard the encryption key; without this exact key, you will not be able to read your encrypted files. No technical support will be able to recover encrypted data. Ensure a backup of this key has been copied and stored in a safe and protected area.

What to encrypt

See Information Governance for more information.

Before enabling encryption

  1. Back up all your data files to an external storage medium and store it securely.
  2. Create a strong login password for your computer.
  3. Enable a password-protected screen saver (to start after 10 or 15 minutes of inactivity).

What encryption method is best for you?

In order to choose a method of encryption, you need to decide what you want to encrypt. For example:

  1. Full Disk - encrypt your entire hard disk (including all your operating system, user profile data and all documents)
  2. Volume - create a virtual data volume (partition or device) and encrypt only the files stored there, or encrypt only selected files and folders.

Full disk encryption

This method offers the highest level of security and privacy and is recommended for users who store and work with sensitive files on a regular basis, especially on portable devices such as laptops or tablets.  It includes the encryption of all files, including system files, work data, temp files, web browsing history, etc.

Recommended software:

  1. BitLocker Drive Encryption - comes integrated with Windows 7 SP 1 Enterprise and Ultimate, Windows 8/8.1 Pro and Enterprise, and Windows 10 Pro and Enterprise.  Bitlocker can be used to encrypt whole hard drives as well USB drives using Bitlocker To Go.  NOTE:  Be sure to have a backup of the Bitlocker recovery key in the event that the system requires it.
  2. VeraCrypt - Free, open-source disk encryption software providing on-the-fly encryption.  It is a fork of TrueCrypt, which ceased developoment in 2014.  VeraCrypt was first released in June of 2013.  It can be used for whole disk encryption, as well as creating encrypted volumes on the disk, or encrypting a partition.  VeraCrypt is supported on Windows, iOS and Linux.  For more information, see https://www.veracrypt.fr/en/Home.html

Volume encryption

TrueCrypt allows you to create a virtual container/ partition/ device that contains your data files, separate from your installed operating system and applications.

Useful links:

Cryptography Tools

The following lists the different tools available for various operating systems and portable devices sorted by encryption type:

  • Whole Disk Encryption
    • Linux:Symantec PGP, GnuPG, LoopAES, dm-crypt+LUKS, VeraCrypt
    • Mac OS: Symantec PGP, Disk Utility
    • Windows: Symantec PGP - WDE, BitLocker
    • Android: Built-in
    • IOS: Built-in
  • Email Encryption 
    • Linux: GnuPG+Enigmail
    • Mac OS: Symantec PGP, GPG Tools
    • Windows: Symantec PGP - Email Proxy, GPG4win
    • Android: K-9 Mail+APG
    • IOS: openPGP Lite Mail Encryptor
  • Network Share Encryption 
    • Linux: Native Tools
    • Mac OS: Native Tools
    • Windows: Symantec PGP - NetShare
    • Android: N/A
    • IOS: N/A
  • USB and other Removable Media 
    • Linux: eCryptfs, EncFS
    • Mac OS: Symantec PGP, VeraCrypt, EncFS
    • Windows: Symantec PGP - PGPZip, VeraCrypt
    • Android: Built-in
    • IOS: Built-in

Published on  and maintained in Cascade CMS.