What is Cryptography (data encryption/decryption)

Encryption is a mechanism that protects your valuable information, such as your documents, pictures, or online transactions, from unwanted people accessing or changing it. With all encryption tools, you need to provide an encryption password (or key), which will be used by the tool to scramble the data so that no one can read it. The only way to "unscramble" the data is to use the same tool and provide the same key you used when you encrypted it. In some cases you can choose a password that is meaningful to you. You must safely guard the encryption key; without this exact key, you will not be able to read your encrypted files. No technical support will be able to recover encrypted data. Ensure a backup of this key has been copied and stored in a safe and protected area.

What to encrypt

See Information Governance for more information.

Before enabling encryption

  1. Back up all your data files to an external storage medium and store it securely.
  2. Create a strong login password for your computer.
  3. Enable a password-protected screen saver (to start after 10 or 15 minutes of inactivity).

What encryption method is best for you?

In order to choose a method of encryption, you need to decide what you want to encrypt. For example:

  1. Full Disk - encrypt your entire hard disk (including all your operating system, user profile data and all documents)
  2. Volume - create a virtual data volume (partition or device) and encrypt only the files stored there, or encrypt only selected files and folders.

Full disk encryption

This method offers the highest level of security and privacy and is recommended for users who store and work with sensitive files on a regular basis. It includes the encryption of temp files and your web browsing history, which may contain sensitive information. The only drawback to full disk encryption is that you are also encrypting all the programs and OS files, which are not really in need of protecting.

Recommended software:

  1. BitLocker Drive Encryption - comes integrated with Windows 7 Enterprise and Ultimate, Windows 8 and 8.1 Pro and Enterprise, and Windows Server 2008 and later.
  2. TrueCrypt - Free, open-source disk encryption software. The original Developers of TrueCrypt announced last year that they would stop developing this cross-platform program leading some to believe TrueCrypt's should not longer be used. However, immediately TrueCrypt was 'forked' and its code picked up by new developers in Switzerland.Here's a how to link: Set up TrueCrypt

Volume encryption

TrueCrypt allows you to create a virtual container/ partition/ device that contains your data files, separate from your installed operating system and applications.

Useful links:

Cryptography Tools

The following lists the different tools available for various operating systems and portable devices sorted by encryption type:

  • Whole Disk Encryption
    • Linux:Symantec PGP, GnuPG, LoopAES, dm-crypt+LUKS, TrueCrypt
    • Mac OS: Symantec PGP, Disk Utility
    • Windows: Symantec PGP - WDE, BitLocker
    • Android: Built-in
    • Blackberry: Built-in
    • IOS: Built-in
  • Email Encryption 
    • Linux: GnuPG+Enigmail
    • Mac OS: Symantec PGP, GPG Tools
    • Windows: Symantec PGP - Email Proxy, GPG4win
    • Android: K-9 Mail+APG
    • Blackberry: Built-in
    • IOS: openPGP Lite Mail Encryptor
  • Network Share Encryption 
    • Linux: Native Tools
    • Mac OS: Native Tools
    • Windows: Symantec PGP - NetShare
    • Android: N/A
    • Blackberry: N/A
    • IOS: N/A
  • USB and other Removable Media 
    • Linux: eCryptfs, EncFS
    • Mac OS: Symantec PGP, TrueCrypt, EncFS
    • Windows: Symantec PGP - PGPZip, Truecrypt, VeraCrypt
    • Android: Built-in
    • Blackberry: Built-in
    • IOS: Built-in

Published on  and maintained in Cascade CMS.