My Data

Cryptography

The use of cryptography is important when confidential orsensitive data must be sent over an unsecured medium (ie: via email) as encrypted data is unreadable by anyone without the proper decryption code.

What is cryptography? (data encryption/decryption)

Cryptography is the process of using mathematical concepts to transform messages in ways that are very hard to decipher.  Cryptography includes both encryption and decryption.  Encryption is a process that takes plain text and converts it into ciphertext, which is unreadable without a decryption code.  Decryption takes the ciphertext and converts it back into the original plain text.

What to encrypt?

See Data Classification Standards for more information.

Before enabling encryption

  1. Back up all your data files to an external storage medium and store it securely.
  2. Create a strong login password for your computer.
  3. Enable a password-protected screen saver (to start after 10 or 15 minutes of inactivity).

What encryption method is best for you?

In order to choose a method of encryption, you need to decide what you want to encrypt. For example:

  1. Full Disk - encrypt your entire hard disk (including all your operating system, user profile data and all documents)
  2. Volume - create a virtual data volume (partition or device) and encrypt only the files stored there, or encrypt only selected files and folders.

Full Disk Encryption

This method offers the highest level of security and privacy and is recommended for users who store and work with sensitive files on a regular basis, especially on portable devices such as laptops or tablets.  It includes the encryption of all files, including system files, work data, temp files, web browsing history, etc.

Recommended software:

  1. BitLocker Drive Encryption - comes integrated with Windows 7 SP 1 Enterprise and Ultimate, Windows 8/8.1 Pro and Enterprise, and Windows 10 Pro and Enterprise.  Bitlocker can be used to encrypt whole hard drives as well USB drives using Bitlocker To Go.  NOTE:  Be sure to have a backup of the Bitlocker recovery key in the event that the system requires it.
  2. VeraCrypt - Free, open-source disk encryption software providing on-the-fly encryption.  It is a fork of TrueCrypt, which ceased developoment in 2014.  VeraCrypt was first released in June of 2013.  It can be used for whole disk encryption, as well as creating encrypted volumes on the disk, or encrypting a partition.  VeraCrypt is supported on Windows, iOS and Linux.  For more information, see https://www.veracrypt.fr/en/Home.html

Volume Encryption

TrueCrypt allows you to create a virtual container/ partition/ device that contains your data files, separate from your installed operating system and applications.

Useful links:

Cryptography Tools

The following lists the different tools available for various operating systems and portable devices sorted by encryption type:

  • Whole Disk Encryption
    • Linux: GnuPG, LoopAES, dm-crypt+LUKS, VeraCrypt
    • Mac OS: Disk Utility
    • Windows: BitLocker
    • Android: Built-in
    • IOS: Built-in
  • Email Encryption 
    • Linux: GnuPG+Enigmail
    • Mac OS: GPG Tools
    • Windows: GPG4win
    • Android: K-9 Mail+APG
    • IOS: openPGP Lite Mail Encryptor
  • Network Share Encryption 
    • Linux: Native Tools
    • Mac OS: Native Tools
    • Windows: N/A
    • Android: N/A
    • IOS: N/A
  • USB and other Removable Media 
    • Linux: eCryptfs, EncFS
    • Mac OS: VeraCrypt, EncFS
    • Windows: BitLocker, VeraCrypt
    • Android: Built-in
    • IOS: Built-in

 


Published on  and maintained in Cascade.