First, What is Encryption?
Encryption is a process to encode data to prevent unauthorized access by all except those who know the decryption key (password). It uses an algorithm to convert plaintext (readable) into ciphertext (scrambled) form. Only the correct key will convert the data back to plaintext format. It is different than simply password-protecting a file. Use of just password-protection, without encryption, is not a strong method of safeguarding data since it can be relatively easy to break into.
When Do I Use Encryption?
Encryption is used to protect the contents of electronic documents, file folders, and e-mail. It is commonly used when restricted data needs to be shared over insecure methods, such as e-mail, postal mail, or when stored on laptops.
WARNING: Be sure to keep track of your passwords! You will not be able to extract or open any files for which you do not have the correct password. If you forget the password to open a file, you are locked out until you can remember it. Information Technology has no means to decrypt the file. Use encryption sparingly and responsibly for this reason.
Important General Considerations
The chart below describes several different recommended encryption techniques to use depending on your situation. For guidance, please contact IT Security at:
|Where is the information you would like to encrypt?|
|File system to be shared|
|File system NOT to be shared|
|Regular Mail / Common Carrier|
|Stored on laptop|
This type of encryption may be used for this purpose, but is not preferred due to limitations or complexities
This type of encryption is recommended for this purpose
The use of digital certificates can be very effective to securely communicate information. This is different than simply adding an e-mail signature. PGP (Pretty Good Privacy) uses digital certificates for signing, encrypting and decrypting e-mails and documents to increase the security of e-mail communications and files. It ensures to a recipient that it is from a trusted source and has not been altered. GNU Privacy Guard (GnuPG or GPG) is a free open source alternative to the PGP suite of cryptographic software. Sending and viewing encrypted e-mail messages requires both sender and recipient to share their public key portion of their digital id, or certificate. Once the parties have shared certificates, sending and viewing encrypted e-mail messages between them is the same as with any other e-mail messages.
Bowdoin has an internal system of deploying certificates using PGP. If you regularly exchange restricted information and would like to invoke e-mail encryption and digital id's, please contact IT Security for assistance at:
An e-mail system (e.g. Microsoft OUTLOOK, Apple Mail) may be used to digitally sign and encrypt messages by using digital certificates and S/MIME (Secure / Multipurpose Internet Mail Extensions). S/MIME is a standard for public key encryption and signing of e-mail encapsulated in MIME. S/MIME features rely on digital IDs, which associate a user's identity with a public and private key pair. The combination of a certificate and private/public key pair is called a digital ID. Sending and viewing encrypted e-mail messages requires both sender and recipient to share their public key portion of their digital id, or certificate. Once the parties have shared certificates, sending and viewing encrypted e-mail messages between them is the same as with any other e-mail messages.
Bowdoin has an internal system of deploying certificates using PGP. If you regularly exchange restricted information and would like to invoke e-mail encryption and digital id's, please contact Bowdoin IT Security for assistance at:
Warning: Strong encryption is not available on the Macintosh versions of Office.
Microsoft Office 2003/2007 for Windows provides the ability to use strong encryption on a single Word, Excel, or PowerPoint document.
Windows Microsoft Office 2007
Microsoft Office 2007 defaults to strong encryption. To encrypt a document, go to the Microsoft Office button, select Prepare, then select Encrypt Document and enter a password. Repeat the process and delete the password to remove encryption. Do not save as an Office 97-2003 document as it will not be secure.
Windows Microsoft Office 2003
The Microsoft Office 2003 default encryption method is weak and should not be used. To ensure a strong encryption, an extra step is required. Click File > Save As. Click Tools > Security Options. Enter a password to open (do not use modify password), and then click the Advanced button next to the password. A list of available Crypto Service Providers appears. Select "RC4, Microsoft Enhanced RSA & AES..." and choose 128 or greater for the key length. This is the strong method recommended by Information Security.
WinZip is an archival tool with an encryption option available to Windows users. Using WinZip 8 or newer, with strong encryption, you can encrypt files and folders for archiving on the network, sending via e-mail or copying to a CD for storage or shipping by regular mail. WinZip uses the same password to encrypt and decrypt the file. Do not send the password by e-mail - the recommended method is the phone. Warning: Encrypted zip files are blocked by some e-mail servers.
To encrypt WINZIP Files:
Open the Zip file and choose Actions > Encrypt from the menu. WinZip will ask for a password and encryption method and then encrypt all files currently in the Zip file. Do not choose ZIP 2.0 compatible - this is not strong enough. Either 128-bit AES or 248-bit AES may be used.
Note: Not every zip program is able to decrypt an AES encrypted zip archive. The receiver needs to have a recent version of WINZIP.
TrueCrypt is an open source tool for Windows Vista/XP, MAC OS X, and Linux allowing users to encrypt and decrypt data on a hard drive, portable drive, and USB drive as desired, including full disk encryption. Passwords are supplied to encrypt and decrypt devices. See www.truecrypt.org for the free download and short Beginners Tutorial. Warning: If you select TrueCrypt for a volume which has existing data, the data will be lost. Contact Bowdoin IT Security for assistance installing and setting up at:
Apple's Mac OS X Encryption Disk Utility tool
Apple's Mac OS X Encryption Disk Utility tool is used to send CD's or DVD's in encrypted form. This is comparable to the WINZIP function available to Windows users. Sender and receiver must have compatible software in order for the decryption to work. Files or folders are placed within the disk that is encrypted. Use the Secure Empty Trash command to ensure no traces of deleted files exist.
Apple's FileVault may be used to encrypt home directories or pieces thereof. It comes standard with the operating system, no additional cost or upgrades to hardware are needed.
Windows Vista - BitLocker
For Windows Vista operating system, BitLocker Drive Encryption used with additional TPM (Trusted Platform Module) microchip or a startup USB drive which are needed to unlock data stored on logical volume, may be used. Along with files containing data, the operating system and applications are secured.
Windows XP, VISTA Encrypted File Service
You may use Windows Desktop File Encryption with EFS (Encrypted File Service), available for Windows XP and Vista to encrypt specified folders and files. Choose the files or folders you wish to encrypt, right click on the item and select Properties. Go to the Advanced button (on General tab) and select Encrypt contents to secure data. Click OK twice to close the advanced tab and properties. If the Confirm Attribute Changes window appears, choose the ‘Apply changes to this folder, subfolders, and files’ button to ensure that all files in this folder are encrypted.
Full versions of Adobe Acrobat can encrypt documents, however you should not use the default settings. Use strong encryption selecting AES-128 or better. Warning: Encrypted PDFs are blocked by many e-mail servers.
Last updated April 15, 2009