AES encryption

AES encryption

Encrypt and decrypt text with AES algorithm

As you see this implementation is using openssl instead of mcrypt and the result of the encryption/decryption is not compatible with each other.The mcrypt function will be deprecated feature in PHP 7.1.x

It is a webtool to encrypt and decrypt text using AES encryption algorithm. You can chose 128, 192 or 256-bit long key size for encryption and decryption. The result of the process is downloadable in a text file.

If you want to encrypt a text put it in the white textarea above, set the key of the encryption then push the Encrypt button.The result of the encryption will appear in base64 encoded to prevent character encoding problems.If you want to decrypt a text be sure it is in base64 encoded and is encrypted with AES algorithm!Put the encrypted text in the white textarea, set the key and push the Decrypt button.

When you want to encrypt a confidential text into a decryptable format, for example when you need to send sensitive data in e-mail.The decryption of the encrypted text it is possible only if you know the right password.

AES (acronym of Advanced Encryption Standard) is a symmetric encryption algorithm.The algorithm was developed by two Belgian cryptographer Joan Daemen and Vincent Rijmen.AES was designed to be efficient in both hardware and software, and supports a block length of 128 bits and key lengths of 128, 192, and 256 bits.

AES encryption is used by U.S. for securing sensitive but unclassified material, so we can say it is enough secure.

Please fill out our survey to help us improving aesencryption.net.

We appreciate your feedback!

View post:
AES encryption

HTTPS – Wikipedia

HTTP Secure (HTTPS) is an extension of the Hypertext Transfer Protocol (HTTP) for secure communication over a computer network, and is widely used on the Internet.[1][2] In HTTPS, the communication protocol is encrypted using Transport Layer Security (TLS), or formerly, its predecessor, Secure Sockets Layer (SSL). The protocol is therefore also often referred to as HTTP over TLS,[3] or HTTP over SSL.

The principal motivation for HTTPS is authentication of the accessed website and protection of the privacy and integrity of the exchanged data while in transit. It protects against man-in-the-middle attacks. The bidirectional encryption of communications between a client and server protects against eavesdropping and tampering of the communication.[4] In practice, this provides a reasonable assurance that one is communicating without interference by attackers with the website that one intended to communicate with, as opposed to an impostor.

Historically, HTTPS connections were primarily used for payment transactions on the World Wide Web, e-mail and for sensitive transactions in corporate information systems.[citation needed] Since 2018[update][citation needed], HTTPS is used more often by webusers than the original non-secure HTTP, primarily to protect page authenticity on all types of websites; secure accounts; and keep user communications, identity, and web browsing private.

The Uniform Resource Identifier (URI) scheme HTTPS has identical usage syntax to the HTTP scheme. However, HTTPS signals the browser to use an added encryption layer of SSL/TLS to protect the traffic. SSL/TLS is especially suited for HTTP, since it can provide some protection even if only one side of the communication is authenticated. This is the case with HTTP transactions over the Internet, where typically only the server is authenticated (by the client examining the server’s certificate).

HTTPS creates a secure channel over an insecure network. This ensures reasonable protection from eavesdroppers and man-in-the-middle attacks, provided that adequate cipher suites are used and that the server certificate is verified and trusted.

Because HTTPS piggybacks HTTP entirely on top of TLS, the entirety of the underlying HTTP protocol can be encrypted. This includes the request URL (which particular web page was requested), query parameters, headers, and cookies (which often contain identity information about the user). However, because host (website) addresses and port numbers are necessarily part of the underlying TCP/IP protocols, HTTPS cannot protect their disclosure. In practice this means that even on a correctly configured web server, eavesdroppers can infer the IP address and port number of the web server (sometimes even the domain name e.g. http://www.example.org, but not the rest of the URL) that one is communicating with, as well as the amount (data transferred) and duration (length of session) of the communication, though not the content of the communication.[4]

Web browsers know how to trust HTTPS websites based on certificate authorities that come pre-installed in their software. Certificate authorities (such as Let’s Encrypt, Digicert, Comodo, GoDaddy and GlobalSign) are in this way being trusted by web browser creators to provide valid certificates. Therefore, a user should trust an HTTPS connection to a website if and only if all of the following are true:

HTTPS is especially important over insecure networks (such as public Wi-Fi access points), as anyone on the same local network can packet-sniff and discover sensitive information not protected by HTTPS. Additionally, many free to use and paid WLAN networks engage in packet injection in order to serve their own ads on webpages. However, this can be exploited maliciously in many ways, such as injecting malware onto webpages and stealing users’ private information.[5]

HTTPS is also very important for connections over the Tor anonymity network, as malicious Tor nodes can damage or alter the contents passing through them in an insecure fashion and inject malware into the connection. This is one reason why the Electronic Frontier Foundation and the Tor project started the development of HTTPS Everywhere,[4] which is included in the Tor Browser Bundle.[6]

As more information is revealed about global mass surveillance and criminals stealing personal information, the use of HTTPS security on all websites is becoming increasingly important regardless of the type of Internet connection being used.[7][8] While metadata about individual pages that a user visits is not sensitive, when combined, they can reveal a lot about the user and compromise the user’s privacy.[9][10][11]

Deploying HTTPS also allows the use of HTTP/2 (or its predecessor, the now-deprecated protocol SPDY), that are new generations of HTTP, designed to reduce page load times, size and latency.

It is recommended to use HTTP Strict Transport Security (HSTS) with HTTPS to protect users from man-in-the-middle attacks, especially SSL stripping.[11][12]

HTTPS should not be confused with the little-used Secure HTTP (S-HTTP) specified in RFC 2660.

As of April2018[update], 33.2% of Alexa top 1,000,000 websites use HTTPS as default,[13] 57.1% of the Internet’s 137,971 most popular websites have a secure implementation of HTTPS,[14] and 70% of page loads (measured by Firefox Telemetry) use HTTPS.[15]

Most browsers display a warning if they receive an invalid certificate. Older browsers, when connecting to a site with an invalid certificate, would present the user with a dialog box asking whether they wanted to continue. Newer browsers display a warning across the entire window. Newer browsers also prominently display the site’s security information in the address bar. Extended validation certificates turn the address bar green in newer browsers. Most browsers also display a warning to the user when visiting a site that contains a mixture of encrypted and unencrypted content.

Most web browsers alert the user when visiting sites that have invalid security certificates.

The Electronic Frontier Foundation, opining that “In an ideal world, every web request could be defaulted to HTTPS”, has provided an add-on called HTTPS Everywhere for Mozilla Firefox that enables HTTPS by default for hundreds of frequently used websites. A beta version of this plugin is also available for Google Chrome and Chromium.[16][17]

The security of HTTPS is that of the underlying TLS, which typically uses long-term public and private keys to generate a short-term session key, which is then used to encrypt the data flow between client and server. X.509 certificates are used to authenticate the server (and sometimes the client as well). As a consequence, certificate authorities and public key certificates are necessary to verify the relation between the certificate and its owner, as well as to generate, sign, and administer the validity of certificates. While this can be more beneficial than verifying the identities via a web of trust, the 2013 mass surveillance disclosures drew attention to certificate authorities as a potential weak point allowing man-in-the-middle attacks.[18][19] An important property in this context is forward secrecy, which ensures that encrypted communications recorded in the past cannot be retrieved and decrypted should long-term secret keys or passwords be compromised in the future. Not all web servers provide forward secrecy.[20][needs update]

A site must be completely hosted over HTTPS, without having part of its contents loaded over HTTPfor example, having scripts loaded insecurelyor the user will be vulnerable to some attacks and surveillance. Also having only a certain page that contains sensitive information (such as a log-in page) of a website loaded over HTTPS, while having the rest of the website loaded over plain HTTP, will expose the user to attacks. On a site that has sensitive information somewhere on it, every time that site is accessed with HTTP instead of HTTPS, the user and the session will get exposed. Similarly, cookies on a site served through HTTPS have to have the secure attribute enabled.[11]

HTTPS URLs begin with “https://” and use port 443 by default, whereas HTTP URLs begin with “http://” and use port 80 by default.

HTTP is not encrypted and is vulnerable to man-in-the-middle and eavesdropping attacks, which can let attackers gain access to website accounts and sensitive information, and modify webpages to inject malware or advertisements. HTTPS is designed to withstand such attacks and is considered secure against them (with the exception of older, deprecated versions of SSL).

HTTP operates at the highest layer of the TCP/IP model, the Application layer; as does the TLS security protocol (operating as a lower sublayer of the same layer), which encrypts an HTTP message prior to transmission and decrypts a message upon arrival. Strictly speaking, HTTPS is not a separate protocol, but refers to use of ordinary HTTP over an encrypted SSL/TLS connection.

Everything in the HTTPS message is encrypted, including the headers, and the request/response load. With the exception of the possible CCA cryptographic attack described in the limitations section below, the attacker can only know that a connection is taking place between the two parties and their domain names and IP addresses.

To prepare a web server to accept HTTPS connections, the administrator must create a public key certificate for the web server. This certificate must be signed by a trusted certificate authority for the web browser to accept it without warning. The authority certifies that the certificate holder is the operator of the web server that presents it. Web browsers are generally distributed with a list of signing certificates of major certificate authorities so that they can verify certificates signed by them.

Let’s Encrypt, launched in April 2016,[21] provides free and automated SSL/TLS certificates to websites.[22] According to the Electronic Frontier Foundation, “Let’s Encrypt” will make switching from HTTP to HTTPS “as easy as issuing one command, or clicking one button.”[23]. The majority of web hosts and cloud providers already leverage Let’s Encrypt, providing free certificates to their customers.

The system can also be used for client authentication in order to limit access to a web server to authorized users. To do this, the site administrator typically creates a certificate for each user, a certificate that is loaded into their browser. Normally, that contains the name and e-mail address of the authorized user and is automatically checked by the server on each reconnect to verify the user’s identity, potentially without even entering a password.

An important property in this context is perfect forward secrecy (PFS). Possessing one of the long-term asymmetric secret keys used to establish an HTTPS session should not make it easier to derive the short-term session key to then decrypt the conversation, even at a later time. DiffieHellman key exchange (DHE) and Elliptic curve DiffieHellman key exchange (ECDHE) are in 2013 the only ones known to have that property. Only 30% of Firefox, Opera, and Chromium Browser sessions use it, and nearly 0% of Apple’s Safari and Microsoft Internet Explorer sessions.[20] Among the larger internet providers, only Google supports PFS since 2011[update] (State of September 2013).[citation needed]

A certificate may be revoked before it expires, for example because the secrecy of the private key has been compromised. Newer versions of popular browsers such as Firefox,[24] Opera,[25] and Internet Explorer on Windows Vista[26] implement the Online Certificate Status Protocol (OCSP) to verify that this is not the case. The browser sends the certificate’s serial number to the certificate authority or its delegate via OCSP and the authority responds, telling the browser whether the certificate is still valid.[27]

SSL and TLS encryption can be configured in two modes: simple and mutual. In simple mode, authentication is only performed by the server. The mutual version requires the user to install a personal client certificate in the web browser for user authentication.[28] In either case, the level of protection depends on the correctness of the implementation of software and the cryptographic algorithms in use.

SSL/TLS does not prevent the indexing of the site by a web crawler, and in some cases the URI of the encrypted resource can be inferred by knowing only the intercepted request/response size.[29] This allows an attacker to have access to the plaintext (the publicly available static content), and the encrypted text (the encrypted version of the static content), permitting a cryptographic attack.

Because TLS operates at a protocol level below that of HTTP, and has no knowledge of the higher-level protocols, TLS servers can only strictly present one certificate for a particular address and port combination.[30] In the past, this meant that it was not feasible to use name-based virtual hosting with HTTPS. A solution called Server Name Indication (SNI) exists, which sends the hostname to the server before encrypting the connection, although many old browsers do not support this extension. Support for SNI is available since Firefox 2, Opera 8, Safari 2.1, Google Chrome 6, and Internet Explorer 7 on Windows Vista.[31][32][33]

From an architectural point of view:

A sophisticated type of man-in-the-middle attack called SSL stripping was presented at the Blackhat Conference 2009. This type of attack defeats the security provided by HTTPS by changing the https: link into an http: link, taking advantage of the fact that few Internet users actually type “https” into their browser interface: they get to a secure site by clicking on a link, and thus are fooled into thinking that they are using HTTPS when in fact they are using HTTP. The attacker then communicates in clear with the client.[34] This prompted the development of a countermeasure in HTTP called HTTP Strict Transport Security.

HTTPS has been shown vulnerable to a range of traffic analysis attacks. Traffic analysis attacks are a type of side-channel attack that relies on variations in the timing and size of traffic in order to infer properties about the encrypted traffic itself. Traffic analysis is possible because SSL/TLS encryption changes the contents of traffic, but has minimal impact on the size and timing of traffic. In May 2010, a research paper by researchers from Microsoft Research and Indiana University discovered that detailed sensitive user data can be inferred from side channels such as packet sizes. More specifically, the researchers found that an eavesdropper can infer the illnesses/medications/surgeries of the user, his/her family income and investment secrets, despite HTTPS protection in several high-profile, top-of-the-line web applications in healthcare, taxation, investment and web search.[35] Although this work demonstrated vulnerability of HTTPS to traffic analysis, the approach presented by the authors required manual analysis and focused specifically on web applications protected by HTTPS.

The fact that most modern websites, including Google, Yahoo!, and Amazon, use HTTPS causes problems for many users trying to access public Wi-Fi hot spots, because a Wi-Fi hot spot login page fails to load if the user tries to open an HTTPS resource.[36][37] Several websites, such as neverssl.com or nonhttps.com, guarantee that they will always remain accessible by HTTP.

Netscape Communications created HTTPS in 1994 for its Netscape Navigator web browser.[38] Originally, HTTPS was used with the SSL protocol. As SSL evolved into Transport Layer Security (TLS), HTTPS was formally specified by RFC 2818 in May 2000.

See the original post:
HTTPS – Wikipedia

Download KaKa File Encryption 1.3 – softpedia.com

KaKa File Encryption is a tiny and portable piece of kit that password-protects files on your computer, in order to prevent unauthorized users from accessing them. It can be effortlessly handled, even by users with little or no experience in this kind of apps.

As installation is not a prerequisite, you can just drop the executable file anywhere on the hard drive and run it directly.

Alternatively, you can store KaKa File Encryption on a removable device (like a USB flash drive) and run it on any computer. Therefore, you can keep the utility with you whenever you’re on the go.

What’s more important is that the Windows Registry section does not receive entry updates and files are not left behind on the hard drive after program removal.

The interface of the program is formed from a small, regular window with a simple-to-use layout. The “what you see is what you get” concept clearly applies to the app, since there are no other options available, aside from the ones visible in the main frame.

Loading files into the working environment is done with the help of the file browser or “drag and drop” function. It is possible to encrypt multiple items in a single session with the same password. The main application window reveals the name, path and status for each file. Basically, all you have to do is write a password, confirm it and click a button to initialize the encryption operation.

KaKa File Encryption locks the original files without creating new ones. In order to decrypt them, you must have the program stored somewhere on the hard drive or flash drive. Once you decrypt a file, the restriction is automatically removed by the tool, so you have to redo the entire task.

The application barely uses CPU and system memory, hence it shouldn’t affect the computer’s overall performance. It has a good response time, applies the protection status rapidly and is pretty stable. We haven’t come across any issues in our tests. To conclude, KaKa File Encryption comes packed with the necessary and suffice elements for protecting files against unauthorized use.

File encryption Encrypt file Secure file Encrypt Encryption Encrypting Protect

More here:
Download KaKa File Encryption 1.3 – softpedia.com

Encrypt email messages – Outlook

When you need to protect the privacy of an email message, encrypt it. Encrypting an email message in Outlook means it’s converted from readable plain text into scrambled cipher text. Only the recipient who has the private key that matches the public key used to encrypt the message can decipher the message for reading. Any recipient without the corresponding private key, however, sees indecipherable text.

This article is specifically about encrypting and digitally signing a message with S/MIME. To understand the full list of email encryption options go to the article on Email Encryption in Office 365.

What happens if the recipient doesn’t have the corresponding private key? The recipient will see this message:

“This item cannot be displayed in the Reading Pane. Open the item to read its contents.”

And if the recipient tries to open the item, a dialog box opens with this message:

“Sorry, we’re having trouble opening this item. This could be temporary, but if you see it again you might want to restart Outlook. Your Digital ID name cannot be found by the underlying security system.”

Sending and viewing encrypted email messages requires both sender and recipient to share their digital ID, or public key certificate. This means that you and the recipient each must send the other a digitally signed message, which enables you to add the other person’s certificate to your Contacts. You cant encrypt email messages without a digital ID.

If you send an encrypted message to a recipient whose email setup doesnt support encryption, you’re offered the option of sending the message in an unencrypted format.

Any attachments sent with encrypted messages also are encrypted.

In message that you are composing, click File > Properties.

Click Security Settings, and then select the Encrypt message contents and attachments check box.

Compose your message, and then click Send.

When you choose to encrypt all outgoing messages by default, you can write and send messages the same as with any other messages, but all potential recipients must have your digital ID to decode or view your messages.

On the File tab. choose Options >Trust Center > Trust Center Settings.

On the Email Security tab, under Encrypted email, select the Encrypt contents and attachments for outgoing messages check box.

To change additional settings, such as choosing a specific certificate to use, click Settings.

In the message that you’re composing, on the Options tab, in the More Options group, click the dialog box launcher in the lower-right corner.

Click Security Settings, and then select the Encrypt message contents and attachments check box.

Compose your message, and then click Send.

When you choose to encrypt all outgoing messages by default, you can write and send messages the same as you do with any other messages. All potential recipients, however, must have your digital ID to decode or view those messages.

On the File tab, click Options > Trust Center > Trust Center Settings.

On the E-mail Security tab, under Encrypted e-mail, select the Encrypt contents and attachments for outgoing messages check box.

To change additional settings, such as choosing a specific certificate to use, click Settings.

In the message, on the Message tab, in the Options group on the ribbon, click the Encrypt Message Contents and Attachments button .

Note:If you don’t see this button, click the Options Dialog Box Launcher in the lower-right corner of the group to open the Message Options dialog box. Click the Security Settings button, and in the Security Properties dialog box, select Encrypt message contents and attachments. Click OK, and then close the Message Options dialog box.

Compose your message and send it.

Choosing to encrypt all outgoing messages means, in effect, your e-mail is encrypted by default. You can write and send messages the same as with any other e-mail messages, but all potential recipients must have your digital ID to decode your messages.

On the Tools menu, click Trust Center, and then click E-mail Security.

Under Encrypted e-mail, select the Encrypt contents and attachments for outgoing messages check box.

To change additional settings, such as choosing a specific certificate to use, click Settings.

Click OK twice.

View post:
Encrypt email messages – Outlook

Top 5 best encryption software tools of 2018 | TechRadar

If you’re looking for the best encryption software for your needs in 2018, then you’ve come to the right place, as we’ve listed the top software that will keep your important files and documents safe from malicious users.

The sad fact is that as hackers are become ever more adept at stealing private information, we must be ever more vigilant when it comes to protecting our files, regardless of if we are a business or home user, and this is where our list of the best encryption software of 2018 comes in.

Encryption tools encode data so that it can only be unlocked with a certain key, making it harder for third-parties to gain access. This means that only people who have access to that key can also access the data, making encryption software an essential tool for keeping data safe.

These encryption tools can be used to protect data such as email addresses, customer transactions and passwords, and other crucial information which you really cant afford to potentially expose. Many companies are also using encryption software to ensure internal online conversations and emails are kept private.

So which are the best encryption tools? Read on for our pick of the very best tools for keeping your data safe.

Free encryption for everyone

Platforms: Windows, macOS, Linux | Resources covered: Encryption and brute-force attack protection | Cloud-based: No | Integrations: No | Free trial: N/A

Basic version is completely free

Provides effective encryption

Selective approach

Initial download is a bit confusing

VeraCrypt is one of the most popular security tools, providing you with enterprise-grade encryption for important data.

The system is quite easy to use, and all it really does is add encrypted passwords to your data and partitions. All you have to do is give the tool a few details about your data, such as volume size, location and specified hashing algorithms and then the program does its thing.

Whats also nifty about VeraCrypt is that its immune to brute-force attacks, so you never have to worry about hackers decrypting your passwords and other sensitive data. The basic version of the software is completely free, as well.

Encryption for small teams and individuals

Platforms: Windows, macOS | Resources covered: Encryption, password protection, mobile apps | Cloud-based: Yes | Integrations: Google Docs, Dropbox | Free trial: 30 days (fully free version also available)

Strong encryption for personal use

Free version available

Mainly mobile-oriented

While free software can be convenient for some, its not always as powerful as premium offerings, and AxCrypt is a good bet if you want something reliable. The software has been designed specifically for individuals and small teams within businesses.

It provides strong security, with files protected by either 128-bit or 256-bit AES encryption, which should thwart any intruders. There are also cloud storage capabilities thrown into the mix the software will automatically protect files saved on services such as Google Drive and Dropbox.

AxCrypt is fully multilingual, and it can work with languages such as Dutch, French, German, Italian, Korean, Spanish, Swedish, Russian and Portuguese with more support planned for the future. As well as this, theres passport management, and you can access your encrypted files through a smartphone app.

The Premium package is $27 per year (roughly 20, AU$34), while there is a free version which has much fewer options.

Effective encryption for individuals

Platforms: Windows, Android, iOS | Resources covered: Encryption, password protection, brute-force attack prevention | Cloud-based: Yes | Integrations: No | Free trial: N/A

Free to download basic version

Effective personal encryption

Mainly mobile oriented

Although its important to protect assets on company computers, its also crucial to add protection to any device that stores critical data. For instance, most employees have access to their company emails and other accounts on their smartphones, and they need to be protected.

Folder Lock is a good option when it comes to adding encryption to your mobile devices. The app can protect your personal files, photos, videos, contacts, wallet cards, notes and audio recordings stored in your handset.

There are some other hidden security features, too. Not only is there encryption, but you can also set a decoy password, hacker deterrents, log unauthorised login attempts, back up all your passwords and get notified on potential brute-force attacks. The basic app is free to download, with a pro version available if you want more.

Powerful protection indeed

Platforms: Windows | Resources covered: Encryption, password protection, brute-force attack prevention | Cloud-based: No | Integrations: No | Free trial: 30 days

Uses multiple encryption methods

Powerful encryption

It may be too complicated for some

Windows-only

CryptoExpert is Windows desktop software which offers secure data vaults for all your data, ensuring its always protected from potential breaches.

It provides more powerful encryption than some of the other tools and apps listed in this article, boasting fast on-the-fly operation. The system can back up a range of different files, including certificates, Word, Excel and PowerPoint files, multimedia files and email databases.

The best thing about CryptoExpert 8 is that it can secure vaults of unlimited size, and it uses Blowfish, Cast, 3DES and AES-256 encryption algorithms. The latter are highly effective and industry-acclaimed. Itll work with 32-bit and 64-bit versions of Windows 7, 8 and 10.

A quality cloud-based solution

Platforms: Desktop | Resources covered: Encryption, password protection, brute-force attack prevention, secure file storage | Cloud-based: Yes | Integrations: No | Free trial: 30 days

Completely cloud-based

Affordable monthly plan

Not everyone wants cloud-based security

CertainSafe is highly effective cloud-based encryption software which attempts to mitigate all aspects of risk and is compliant with industry regulations.

With the platform, you can store and share documents, private messages, photos, videos and other files without exposing them to third-party sources. You can even collaborate and communicate with colleagues through the system, with all correspondence encrypted.

CertainSafe also adds automated security for business databases and applications, meaning you dont always have to do things manually. You can subscribe for a monthly plan, but before making any decisions, theres the option to get a free trial and try things out that way.

Here is the original post:
Top 5 best encryption software tools of 2018 | TechRadar

Download Sophos Free Encryption 2.40.1.11 – softpedia.com

IMPORTANT NOTICE

Sophos Free Encryption is an intuitive application that you can use to protect your sensitive data from unauthorized viewing. It can be handled by all types of users.

The interface of the program is based on a standard window with an intuitive layout, where you can add files into the secured environment using either the file browser, folder view or “drag and drop” method. You can add as many items as you want.

In order to encrypt data, you have to specify a target for the archive with the Sophos Free Encryption format (UTI), and assign a password to it. Alternatively, you can apply a key file as a dependency.

A few options are available for the encryption process. Therefore, you can create self-extracting executable files, securely delete the original items after encryption, compress data and save passwords in a history list.

Furthermore, you can use the default email client to send the encrypted archives via email after the process is done, as well as change the default file path to the passwords history list.

Sophos Free Encryption carries out a task rapidly and without errors, while using a low-to-moderate quantity of CPU and system memory, thus it does not affect the computer’s overall performance. We haven’t come across any difficulties in our tests, since the tool did not hang or crash.

Although it has not been updated for a pretty long time, Sophos Free Encryption offers users a simple alternative to secure their files, by turning them into encrypted archives.

File Encryption File Encrypter Encrypt Folder Encryption Encrypt Encrypter Decrypt

Read more here:
Download Sophos Free Encryption 2.40.1.11 – softpedia.com

Device encryption settings not available (Windows 10 home …

Hi all, I recently upgraded from Windows 8.1 to Windows 10 Home, and read about device encryption. Apparently this was already available in Windows 8.1 but now that I discovered it, I would like to enable it. So I switched to logging in with a Microsoft account, and hoped that the setting would become available.

When I search for “device encryption” in the Start menu, it finds two options:

– Device Encryption (Control panel)

– Change device encryption settings (Settings)

But if I click them, I get: Search results:

– No results for device encryption

Does this mean something about my system is not compatible with, or configured correctly for device encryption? If I’m not mistaking, my system, a Mac Mini, is the 2013 model, and reading about it, it seems to have TPM. I am using BootCamp (using Mac OS X only as fallback and for playing).

Am I looking for this setting in the wrong places?

To show precisely what I am seeing, below are the screenshots:

Original post:
Device encryption settings not available (Windows 10 home …

Office 365 Message Encryption FAQ – Office Support

Have a question about how the new message protection capabilities in Office 365 work? Check for an answer here. Also, take a look at Frequently asked questions about data protection in Azure Information Protection for answers to questions about the data protection service, Azure Rights Management, in Azure Information Protection.

OME combines email encryption and rights management capabilities. Rights management capabilities are powered by Azure Information Protection.

You can use the new capabilities for OME under the following conditions:

If you have never set up OME or IRM for Exchange Online in Office 365.

If you have set up OME and IRM, you can use these steps if you are using the Azure Rights Management service from Azure Information Protection.

If you are using Exchange Online with Active Directory Rights Management service (AD RMS), you can’t enable these new capabilities right away. Instead, you need to migrate AD RMS to Azure Information Protection first. When you’ve finished the migration, you can successfully set up OME.

If you choose to continue to use on-premises AD RMS with Exchange Online instead of migrating to Azure Information Protection, you will not be able to use these new capabilities.

To use the new OME capabilities, you need one of the following plans:

Office365 Message Encryption is offered as part of Office 365 E3 and E5, Microsoft E3 and E5, Office 365 A1, A3, and A5, and Office 365 G3 and G5. Customers do not need additional licenses to receive the new protection capabilities powered by Azure Information Protection.

You can also add Azure Information Protection Plan1tothe followingplans to receive the new Office 365 Message Encryption capabilities: Exchange Online Plan 1, Exchange Online Plan 2, Office 365 F1,Office 365 Business Essentials, Office 365 Business Premium, or Office 365 Enterprise E1.

Each user benefiting from Office 365 Message Encryption needs to be licensed to be covered by thefeature.

For the full list see the Exchange Online service descriptions for Office 365 Message Encryption.

Yes! Microsoft recommends that you complete the steps to set up BYOK before you set up OME.

For more information about BYOK, see Planning and implementing your Azure Information Protection tenant key.

No. OME and the option to provide and control your own encryption keys, called BYOK, from Azure Information Protection were not designed to respond to law enforcement subpoenas. OME, with BYOK for Azure Information Protection, was designed for compliance-focused customers. Microsoft takes third-party requests for customer data very seriously. As a cloud service provider, we always advocate for the privacy of customer data. In the event we get a subpoena, we always attempt to redirect the third party to the customer to obtain the information. (Please read Brad Smiths blog: Protecting customer data from government snooping). We periodically publish detailed information of the request we receive. For more information regarding third-party data requests, see Responding to government and law enforcement requests to access customer data on the Microsoft Trust Center. Also, see Disclosure of Customer Data in the Online Services Terms (OST).

The new capabilities for Office 365 Message Encryption are an evolution of the existing IRM and legacy OME solutions. The following table provides more details.

Capability

Previous versions of OME

IRM

New OME capabilities

Sending an encrypted email

Only through Exchange mail flow rules

End-user initiated from Outlook for PC, Outlook for Mac, or Outlook on the web; or through Exchange mail flow rules

End-user initiated from Outlook for PC, Outlook for Mac, or Outlook on the web; or through mail flow rules

Rights management

Do Not Forward option and custom templates

Do Not Forward option, encrypt-only option, default and custom templates

Supported recipient type

External recipients only

Internal recipients only

Internal and external recipients

Experience for recipient

External recipients received an HTML message which they downloaded and opened in browser or downloaded mobile app.

Internal recipients only received encrypted email in Outlook for PC, Outlook for mac, and Outlook on the web.

Internal and external recipients receive email in Outlook for PC, Outlook for Mac, Outlook on the web, Outlook for Android, and Outlook for iOS, or through a web portal regardless of whether or not they are in the same Office 365 organization or any Office 365 organization. The OME portal requires no separate download.

Bring Your Own Key support

Not available

Not available

BYOK supported

See Set up new Office 365 Message Encryption capabilities.

You can still use the previous version of OME, it will not be deprecated at this time. However, we highly encourage organizations to use the new and improved OME solution. Customers that have not already deployed OME cannot set up a new deployment of the previous version of OME.

No. If you are using Exchange Online with Active Directory Rights Management service (AD RMS), you can’t enable these new capabilities right away. Instead,you need to migrate AD RMS to Azure Information Protection first.

Today, the sender needs to be in Exchange Online. We plan to support other topologies in the coming months.

You can create protected messages from Outlook 2016, and Outlook 2013 for PC and Mac, and from Outlook on the web.

You can read and respond from Outlook for PC and Mac (2013 and 2016), Outlook on the web, and Outlook mobile (Android and iOS) if you are an Office 365 user. You can also use the iOS native mail client if your organization allows it. If you are a non-Office 365 user, you can read and reply to encrypted messages on the web through your web browser.

You can attach any file type to a protected mail, however protection policies are applied only on the file formats mentioned here.

If a file format is supported, such as a Word, Excel, or PowerPoint file, the file is always protected, even after the attachment has been downloaded by the recipient. For example, if an attachment is protected by Do Not Forward, and the original recipient downloads and forwards the attachment to a new recipient, the new recipient will not be able to open the protected file.

If you attach a PDF file to a protected message, the message itself will be protected, but no additional protection will be applied to the PDF file after the recipient has received it. This means that the recipient can Save As, Forward, Copy, and Print the PDF file.

Not yet. OneDrive for Business attachments are not supported and end-users can’t encrypt a mail that contains a cloud OneDrive for Business attachment.

Yes. Use mail flow rules in Exchange Online to automatically encrypt a message based on certain conditions. For example, you can create policies that are based on recipient ID, recipient domain, or on the content in the body or subject of the message. See Define mail flow rules to encrypt email messages in Office 365.

Currently you can only set up mail flow rules in Exchange Online. Encryption is currently not supported in DLP through the Security & Compliance Center.

Yes! For information on customizing email messages and the OME portal, see Add your organization’s brand to your encrypted messages. See Add your organization’s brand to your encrypted messages.

Not at this time but coming soon.

Yes. All encrypted email messages are discoverable by Office 365 compliance features.

Read more:
Office 365 Message Encryption FAQ – Office Support

Encryption- Computer & Information Security – Information …

There are instructions at encrypt.stanford.edu that will walk you through the steps necessary to fulfill University security requirements for each of your devices. Before you begin, however, being prepared ahead of time for the following steps may help you streamline the encryption process.

In case something goes wrong during the encryption process, you should back up your computer before running the SWDE installer.

The School of Medicine recommends using CrashPlan: it’s asecure, monitored, convenient backup system and it’s free for School of Medicine affiliates. Additionally, the SoM can assist you in restoring your information from CrashPlan, in the event of a hard drive crash or lost computer. While it is not currently required, it is strongly recommended.

For instructions and help with installation, visit the School of Medicine’sCrashPlan Guide.

For desktop and laptop computers, Stanford Whole Disk Encryption (SWDE) installer makes certain that your computer has all the necessary requirements, and then guides you through the activation of your computer’s native encryption software (FileVault for Mac, and BitLocker for Windows).

(For mobile device encryption instructions, select your operating system:Apple/iOSorAndroid.)

Each time you access your system (on startup, after sleep/hibernation, etc), you use a “key” (password) to unlock your data. IF YOU CANNOT REMEMBER YOUR KEY, YOU WILL NOT BE ABLE TO ACCESS YOUR ENCRYPTED DATA.

In case of a forgotten key, it is likely that someone at ITS will be able to help you recover your data. However, we still recommend the following:

Once you have selected your login password and backup method, you are ready to move on to theencryption process.

View post:
Encryption- Computer & Information Security – Information …

Enable BitLocker on USB Flash Drives to Protect Data

Encrypting USB flash drives protects the data stored on the volume. Any USB flash drive formatted with FAT, FAT32, or NTFS can be encrypted with BitLocker. The length of time it takes to encrypt a drive depends on the size of the drive, the processing power of the computer, and the level of activity on the computer.

Before you enable BitLocker, you should configure the appropriate Removable Data Drive policies and settings in Group Policy and then wait for Group Policy to be refreshed. If you dont do this and you enable BitLocker, you might need to turn BitLocker off and then turn BitLocker back on because certain state and management flags are set when you turn on BitLocker.

To be sure that you can recover an encrypted volume, you should allow data-recovery agents and store recovery information in Active Directory. If you use a flash drive with earlier versions of Windows, the Allow Access To BitLocker-Protected Removable Data Drives From Earlier Versions Of Windows policy can ensure that you have access to the USB flash drive on other operating systems and computers. Unlocked drives are read-only.

To enable BitLocker encryption on a USB flash drive, do the following: 1. Insert the USB flash drive, click Start, and then click Computer. 2. Right-click the USB flash drive, and then click Turn On BitLocker. BitLocker initializes the drive. 3. On the Choose How You Want To Unlock This Drive page, choose one or more for the following options, and then click Next:

4. On the How Do You Want To Store Your Recovery Key page, click Save The Recovery Key To A File. 5. In the Save BitLocker Recovery Key As dialog box, choose a save location, and then click Save. 6. You can now print the recovery key if you want to. When you have finished, click Next. 7. On the Are You Ready To Encrypt This Drive page, click Start Encrypting. Do not remove the USB flash drive until the encryption process is complete. How long the encryption process takes depends on the size of the drive and other factors.

The encryption process does the following: 1. Adds an Autorun.inf file, the BitLocker To Go reader, and a Read Me.txt file to the USB flash drive. 2. Creates a virtual volume with the full contents of the drive in the remaining drive space. 3. Encrypts the virtual volume to protect it.USB flash drive encryption takes approximately 6 to 10 minutes per gigabyte to complete. The encryption process can be paused and resumed provided that you dont remove the drive.

As a result, when AutoPlay is enabled and you insert the encrypted drive into a USB slot on a computer running Windows 7, Windows 7 runs the BitLocker To Go reader, which in turn displays a dialog box. When you are prompted, enter the password, smart card PIN, or both to unlock the drive. Optionally, select Automatically Unlock On This Computer From Now On to save the password in an encrypted file on the computers system volume. Finally, click Unlock to unlock the volume so that you can use it.

See original here:
Enable BitLocker on USB Flash Drives to Protect Data